Merge branch 'master' into snyk-upgrade-938e739a096186b3896edce01bfc998a

Author: dplewis

.github/workflows/ci.yml

@@ -0,0 +1,110 @@
+name: ci
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - '**'
+env:
+  COVERAGE_OPTION: ./node_modules/.bin/nyc
+  NODE_VERSION: 10
+  PARSE_SERVER_TEST_TIMEOUT: 20000
+jobs:
+  check-mongo:
+    strategy:
+      matrix:
+        include:
+          - name: Mongo 4.0.4, ReplicaSet, WiredTiger
+            MONGODB_VERSION: 4.0.4
+            MONGODB_TOPOLOGY: replicaset
+            MONGODB_STORAGE_ENGINE: wiredTiger
+            NODE_VERSION: 10
+          - name: Mongo 3.6.21
+            MONGODB_VERSION: 3.6.21
+            NODE_VERSION: 10
+          - name: Redis Cache
+            PARSE_SERVER_TEST_CACHE: redis
+            NODE_VERSION: 10
+          - name: Node 12.12.0
+            NODE_VERSION: 12.12.0
+    name: ${{ matrix.name }}
+    timeout-minutes: 30
+    runs-on: ubuntu-18.04
+    services:
+      redis:
+        image: redis
+        ports:
+            - 6379:6379
+    env:      
+      MONGODB_VERSION: ${{ matrix.MONGODB_VERSION }}
+      MONGODB_TOPOLOGY: ${{ matrix.MONGODB_TOPOLOGY }}
+      MONGODB_STORAGE_ENGINE: ${{ matrix.MONGODB_STORAGE_ENGINE }}
+      PARSE_SERVER_TEST_CACHE: ${{ matrix.PARSE_SERVER_TEST_CACHE }}
+      NODE_VERSION: ${{ matrix.NODE_VERSION }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js ${{ matrix.NODE_VERSION }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.NODE_VERSION }}
+      - name: Cache Node.js modules
+        uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-
+      - name: Install dependencies
+        run: npm ci
+      - if: ${{ matrix.name == 'Mongo 3.6.21' }}
+        run: npm run lint
+      - run: npm run pretest
+      - run: npm run coverage
+        env:
+          CI: true
+      - run: bash <(curl -s https://codecov.io/bash)
+  check-postgres:
+    name: Postgresql
+    timeout-minutes: 30
+    runs-on: ubuntu-18.04
+    services:
+      redis:
+        image: redis
+        ports:
+          - 6379:6379
+      postgres:
+        image: postgis/postgis:11-3.0
+        env:
+          POSTGRES_PASSWORD: postgres
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    env:
+      PARSE_SERVER_TEST_DB: postgres
+      POSTGRES_MAJOR_VERSION: 11
+      PARSE_SERVER_TEST_DATABASE_URI: postgres://postgres:postgres@localhost:5432/parse_server_postgres_adapter_test_database
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js 10
+        uses: actions/setup-node@v1
+        with:
+          node-version: 10
+      - name: Cache Node.js modules
+        uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-
+      - name: Install dependencies
+        run: npm ci
+      - run: bash scripts/before_script_postgres.sh
+      - run: npm run coverage
+        env:
+          CI: true
+      - run: bash <(curl -s https://codecov.io/bash)

.travis.yml

@@ -10,7 +10,9 @@
 
 <p align="center">
     <a href="https://twitter.com/intent/follow?screen_name=parseplatform"><img alt="Follow on Twitter" src="https://img.shields.io/twitter/follow/parseplatform?style=social&label=Follow"></a>
-  <a href="https://travis-ci.org/parse-community/parse-server"><img alt="Build status" src="https://img.shields.io/travis/parse-community/parse-server/master.svg?style=flat"></a>
+    <a href="https://github.com/parse-community/parse-server/actions?query=workflow%3Aci+branch%3Amaster">
+      <img alt="Build status" src="https://github.com/parse-community/parse-server/workflows/ci/badge.svg?branch=master">
+    </a>
     <a href="https://codecov.io/github/parse-community/parse-server?branch=master"><img alt="Coverage status" src="https://img.shields.io/codecov/c/github/parse-community/parse-server/master.svg"></a>
     <a href="https://www.npmjs.com/package/parse-server"><img alt="npm version" src="https://img.shields.io/npm/v/parse-server.svg?style=flat"></a>
     <a href="https://community.parseplatform.org/"><img alt="Join the conversation" src="https://img.shields.io/discourse/https/community.parseplatform.org/topics.svg"></a>

README.md

@@ -4,10 +4,7 @@ set -e
 
 echo "[SCRIPT] Before Script :: Setup Parse DB for Postgres ${POSTGRES_MAJOR_VERSION}"
 
-node -e 'require("./lib/index.js")'
-greenkeeper-lockfile-update
-
-psql -v ON_ERROR_STOP=1 -p 5433 --username "postgres" --dbname "${POSTGRES_DB}" <<-EOSQL
+PGPASSWORD=postgres psql -v ON_ERROR_STOP=1 -h localhost -U postgres <<-EOSQL
     CREATE DATABASE parse_server_postgres_adapter_test_database;
     \c parse_server_postgres_adapter_test_database;
     CREATE EXTENSION postgis;

scripts/before_install_postgres.sh

@@ -1633,9 +1633,8 @@ describe('Cloud Code', () => {
 
     it('should set the message / success on the job', done => {
       Parse.Cloud.job('myJob', req => {
-        req.message('hello');
         const promise = req
-          .message()
+          .message('hello')
           .then(() => {
             return getJobStatus(req.jobId);
           })
@@ -1716,9 +1715,15 @@ describe('Cloud Code', () => {
         throw new Parse.Error(101, 'Something went wrong');
       });
       const job = await Parse.Cloud.startJob('myJobError');
-      const jobStatus = await Parse.Cloud.getJobStatus(job);
+      let jobStatus, status;
+      while (status !== 'failed') {
+        if (jobStatus) {
+          await new Promise(resolve => setTimeout(resolve, 10));
+        }
+        jobStatus = await Parse.Cloud.getJobStatus(job);
+        status = jobStatus.get('status');
+      }
       expect(jobStatus.get('message')).toEqual('Something went wrong');
-      expect(jobStatus.get('status')).toEqual('failed');
     });
 
     function getJobStatus(jobId) {

scripts/before_script_postgres.sh

@@ -211,3 +211,49 @@ it('Should fail if the LDAP server encounters an error while searching', done =>
       .finally(() => server.close());
   });
 });
+
+it('Should delete the password from authData after validation', done => {
+  mockLdapServer(port, 'uid=testuser, o=example', true).then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldap://localhost:${port}`,
+      dn: 'uid={{id}}, o=example'
+    };
+
+    const authData = { id: 'testuser', password: 'secret' };
+
+    ldap
+      .validateAuthData(authData, options)
+      .then(() => {
+        expect(authData).toEqual({ id: 'testuser' });
+        done();
+      })
+      .catch(done.fail)
+      .finally(() => server.close());
+  });
+});
+
+it('Should not save the password in the user record after authentication', done => {
+  mockLdapServer(port, 'uid=testuser, o=example', true).then(server => {
+    const options = {
+      suffix: 'o=example',
+      url: `ldap://localhost:${port}`,
+      dn: 'uid={{id}}, o=example'
+    };
+    reconfigureServer({ auth: { ldap: options } }).then(() => {
+      const authData = { authData: { id: 'testuser', password: 'secret' } };
+      Parse.User.logInWith('ldap', authData).then((returnedUser) => {
+        const query = new Parse.Query("User");
+        query
+          .equalTo('objectId', returnedUser.id).first({ useMasterKey: true })
+          .then((user) => {
+            expect(user.get('authData')).toEqual({ ldap:{ id: 'testuser' }});
+            expect(user.get('authData').ldap.password).toBeUndefined();
+            done();
+          })
+          .catch(done.fail)
+          .finally(() => server.close())
+      })
+    });
+  });
+});

spec/CloudCode.spec.js

@@ -23,6 +23,7 @@ function validateAuthData(authData, options) {
 
   return new Promise((resolve, reject) => {
     client.bind(userCn, authData.password, ldapError => {
+      delete(authData.password);
       if (ldapError) {
         let error;
         switch (ldapError.code) {