Merge branch 'alpha' into remove-mongo-4

Author: mtrezza

.babelrc

@@ -6,7 +6,7 @@
     "presets": [
         ["@babel/preset-env", {
             "targets": {
-                "node": "12"
+                "node": "14"
             }
         }]
     ],

.github/workflows/ci.yml

@@ -142,10 +142,6 @@ jobs:
             MONGODB_VERSION: 4.4.13
             MONGODB_TOPOLOGY: standalone
             NODE_VERSION: 18.1.0
-          - name: Node 12
-            MONGODB_VERSION: 4.4.13
-            MONGODB_TOPOLOGY: standalone
-            NODE_VERSION: 12.22.11
           - name: Node 14
             MONGODB_VERSION: 4.4.13
             MONGODB_TOPOLOGY: standalone
@@ -154,10 +150,6 @@ jobs:
             MONGODB_VERSION: 4.4.13
             MONGODB_TOPOLOGY: standalone
             NODE_VERSION: 16.14.2
-          - name: Node 17
-            MONGODB_VERSION: 4.4.13
-            MONGODB_TOPOLOGY: standalone
-            NODE_VERSION: 17.9.0
       fail-fast: false
     name: ${{ matrix.name }}
     timeout-minutes: 15

.github/workflows/release-automated.yml

@@ -17,7 +17,7 @@ jobs:
           persist-credentials: false
       - uses: actions/setup-node@v2
         with:
-          node-version: 14
+          node-version: 18.1.0
           registry-url: https://registry.npmjs.org/
       - name: Cache Node.js modules
         uses: actions/cache@v2
@@ -93,7 +93,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v1
         with:
-          node-version: 14
+          node-version: 18.1.0
       - name: Cache Node.js modules
         uses: actions/cache@v2
         with:

DEPRECATIONS.md

@@ -5,12 +5,13 @@ The following is a list of deprecations, according to the [Deprecation Policy](h
 | ID     | Change                                          | Issue                                                                | Deprecation [ℹ️][i_deprecation] | Planned Removal [ℹ️][i_removal] | Status [ℹ️][i_status] | Notes |
 |--------|-------------------------------------------------|----------------------------------------------------------------------|---------------------------------|---------------------------------|-----------------------|-------|
 | DEPPS1 | Native MongoDB syntax in aggregation pipeline   | [#7338](https://github.com/parse-community/parse-server/issues/7338) | 5.0.0 (2022)                    | 6.0.0 (2023)                    | deprecated            | -     |
-| DEPPS2 | Config option `directAccess` defaults to `true` | [#6636](https://github.com/parse-community/parse-server/pull/6636)   | 5.0.0 (2022)                    | 6.0.0 (2023)                    | deprecated            | -     |
+| DEPPS2 | Config option `directAccess` defaults to `true` | [#6636](https://github.com/parse-community/parse-server/pull/6636)   | 5.0.0 (2022)                    | 6.0.0 (2023)                    | removed            | -     |
 | DEPPS3 | Config option `enforcePrivateUsers` defaults to `true` | [#7319](https://github.com/parse-community/parse-server/pull/7319)   | 5.0.0 (2022)                    | 6.0.0 (2023)                    | deprecated            | -     |
-| DEPPS4 | Remove convenience method for http request `Parse.Cloud.httpRequest` | [#7589](https://github.com/parse-community/parse-server/pull/7589)   | 5.0.0 (2022)                    | 6.0.0 (2023)                    | deprecated            | -     |
+| DEPPS4 | Remove convenience method for http request `Parse.Cloud.httpRequest` | [#7589](https://github.com/parse-community/parse-server/pull/7589)   | 5.0.0 (2022)                    | 6.0.0 (2023)                    | removed            | -     |
 | DEPPS5 | Config option `allowClientClassCreation` defaults to `false` | [#7925](https://github.com/parse-community/parse-server/pull/7925)   | 5.3.0 (2022)                    | 7.0.0 (2024)                    | deprecated            | -     |
 | DEPPS6 | Auth providers disabled by default | [#7953](https://github.com/parse-community/parse-server/pull/7953)   | 5.3.0 (2022)                    | 7.0.0 (2024)                    | deprecated            | -     |
 | DEPPS7 | Remove file trigger syntax `Parse.Cloud.beforeSaveFile((request) => {})` | [#7966](https://github.com/parse-community/parse-server/pull/7966)   | 5.3.0 (2022)                    | 7.0.0 (2024)                    | deprecated            | -     |
+| DEPPS8 | Login with expired 3rd party authentication token defaults to `false` | [#7079](https://github.com/parse-community/parse-server/pull/7079)   | 5.3.0 (2022)                    | 7.0.0 (2024)                    | deprecated            | -     |
 
 [i_deprecation]: ## "The version and date of the deprecation."
 [i_removal]: ## "The version and date of the planned removal."

README.md

@@ -1,13 +1,15 @@
 ![parse-repository-header-server](https://user-images.githubusercontent.com/5673677/138278489-7d0cebc5-1e31-4d3c-8ffb-53efcda6f29d.png)
 
 ---
-    
+
 [![Build Status](https://github.com/parse-community/parse-server/workflows/ci/badge.svg?branch=alpha)](https://github.com/parse-community/parse-server/actions?query=workflow%3Aci+branch%3Aalpha)
+[![Build Status](https://github.com/parse-community/parse-server/workflows/ci/badge.svg?branch=beta)](https://github.com/parse-community/parse-server/actions?query=workflow%3Aci+branch%3Abeta)
+[![Build Status](https://github.com/parse-community/parse-server/workflows/ci/badge.svg?branch=release)](https://github.com/parse-community/parse-server/actions?query=workflow%3Aci+branch%3Arelease)
 [![Snyk Badge](https://snyk.io/test/github/parse-community/parse-server/badge.svg)](https://snyk.io/test/github/parse-community/parse-server)
 [![Coverage](https://img.shields.io/codecov/c/github/parse-community/parse-server/alpha.svg)](https://codecov.io/github/parse-community/parse-server?branch=alpha)
 [![auto-release](https://img.shields.io/badge/%F0%9F%9A%80-auto--release-9e34eb.svg)](https://github.com/parse-community/parse-dashboard/releases)
 
-[![Node Version](https://img.shields.io/badge/nodejs-12,_14,_16,_17,_18-green.svg?logo=node.js&style=flat)](https://nodejs.org)
+[![Node Version](https://img.shields.io/badge/nodejs-14,_16,_18-green.svg?logo=node.js&style=flat)](https://nodejs.org)
 [![MongoDB Version](https://img.shields.io/badge/mongodb-4.0,_4.2,_4.4,_5,_6-green.svg?logo=mongodb&style=flat)](https://www.mongodb.com)
 [![Postgres Version](https://img.shields.io/badge/postgresql-11,_12,_13,_14,_15-green.svg?logo=postgresql&style=flat)](https://www.postgresql.org)
 
@@ -126,10 +128,8 @@ Parse Server is continuously tested with the most recent releases of Node.js to
 
 | Version    | Latest Version | End-of-Life | Compatible |
 |------------|----------------|-------------|------------|
-| Node.js 12 | 12.22.11       | April 2022  | ✅ Yes      |
 | Node.js 14 | 14.19.1        | April 2023  | ✅ Yes      |
 | Node.js 16 | 16.14.2        | April 2024  | ✅ Yes      |
-| Node.js 17 | 17.9.0         | June 2022   | ✅ Yes      |
 | Node.js 18 | 18.1.0         | April 2025  | ✅ Yes      |
 
 #### MongoDB
@@ -389,7 +389,7 @@ const server = ParseServer({
   },
 
   // The password policy
-  passwordPolicy: {    
+  passwordPolicy: {
     // Enforce a password of at least 8 characters which contain at least 1 lower case, 1 upper case and 1 digit
     validatorPattern: /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})/,
     // Do not allow the username as part of the password
@@ -430,7 +430,7 @@ const api = new ParseServer({
 
 The above route can be invoked by sending a `GET` request to:
 `https://[parseServerPublicUrl]/[parseMount]/[pagesEndpoint]/[appId]/[customRoute]`
- 
+
 The `handler` receives the `request` and returns a `custom_page.html` webpage from the `pages.pagesPath` directory as response. The advantage of building a custom route this way is that it automatically makes use of Parse Server's built-in capabilities, such as [page localization](#pages) and [dynamic placeholders](#dynamic-placeholders).
 
 ### Reserved Paths
@@ -518,7 +518,7 @@ Parse Server allows developers to choose from several options when hosting files
 `GridFSBucketAdapter` is used by default and requires no setup, but if you're interested in using Amazon S3, Google Cloud Storage, or local file storage, additional configuration information is available in the [Parse Server guide](http://docs.parseplatform.org/parse-server/guide/#configuring-file-adapters).
 
 ## Idempotency Enforcement
- 
+
 **Caution, this is an experimental feature that may not be appropriate for production.**
 
 This feature deduplicates identical requests that are received by Parse Server multiple times, typically due to network issues or network adapter access restrictions on mobile operating systems.

changelogs/CHANGELOG_alpha.md

@@ -1,3 +1,58 @@
+# [6.0.0-alpha.5](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.4...6.0.0-alpha.5) (2022-11-10)
+
+
+### Bug Fixes
+
+* Throwing error in Cloud Code Triggers `afterLogin`, `afterLogout` crashes server ([#8280](https://github.com/parse-community/parse-server/issues/8280)) ([130d290](https://github.com/parse-community/parse-server/commit/130d29074e3f763460e5685d0b9059e5a333caff))
+
+
+### BREAKING CHANGES
+
+* Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)` ([130d290](130d290))
+
+# [6.0.0-alpha.4](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.3...6.0.0-alpha.4) (2022-11-10)
+
+
+### Features
+
+* Remove deprecation `DEPPS2`: Config option `directAccess` defaults to true ([#8284](https://github.com/parse-community/parse-server/issues/8284)) ([f535ee6](https://github.com/parse-community/parse-server/commit/f535ee6ec2abba63f702127258ca49fa5b4e08c9))
+
+
+### BREAKING CHANGES
+
+* Config option `directAccess` defaults to true; set this to `false` in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`. ([f535ee6](f535ee6))
+
+# [6.0.0-alpha.3](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.2...6.0.0-alpha.3) (2022-11-10)
+
+
+### Features
+
+* Remove deprecation `DEPPS4`: Remove convenience method for http request `Parse.Cloud.httpRequest`  ([#8287](https://github.com/parse-community/parse-server/issues/8287)) ([2d79c08](https://github.com/parse-community/parse-server/commit/2d79c0835b6a9acaf20d5c943d9b4619bb96831c))
+
+
+### BREAKING CHANGES
+
+* The convenience method for HTTP requests `Parse.Cloud.httpRequest` is removed; use your preferred 3rd party library for making HTTP requests ([2d79c08](2d79c08))
+
+# [6.0.0-alpha.2](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.1...6.0.0-alpha.2) (2022-11-10)
+
+
+### Features
+
+* Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters ([#8156](https://github.com/parse-community/parse-server/issues/8156)) ([5bbf9ca](https://github.com/parse-community/parse-server/commit/5bbf9cade9a527787fd1002072d4013ab5d8db2b))
+
+# [6.0.0-alpha.1](https://github.com/parse-community/parse-server/compare/5.4.0-alpha.1...6.0.0-alpha.1) (2022-11-10)
+
+
+### Bug Fixes
+
+* Remove Node 12 and Node 17 support ([#8279](https://github.com/parse-community/parse-server/issues/8279)) ([2546cc8](https://github.com/parse-community/parse-server/commit/2546cc8572bea6610cb9b3c7401d9afac0e3c1d6))
+
+
+### BREAKING CHANGES
+
+* This release removes Node 12 and Node 17 support ([2546cc8](2546cc8))
+
 # [5.4.0-alpha.1](https://github.com/parse-community/parse-server/compare/5.3.0...5.4.0-alpha.1) (2022-10-31)
 
 

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.4.0-alpha.1",
+  "version": "6.0.0-alpha.5",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {
@@ -133,7 +133,7 @@
     "madge:circular": "node_modules/.bin/madge ./src --circular"
   },
   "engines": {
-    "node": ">=12.22.10 <19"
+    "node": ">=14.21.0 <17 || >=18 <19"
   },
   "bin": {
     "parse-server": "bin/parse-server"

package.json

@@ -5,7 +5,7 @@
     "presets": [
         ["env", {
             "targets": {
-                "node": "8"
+                "node": "14"
             }
         }]
     ],

spec/.babelrc

@@ -256,6 +256,49 @@ describe('AuthenticationProviders', function () {
       .catch(done.fail);
   });
 
+  it('should support loginWith with session token and with/without mutated authData', async () => {
+    const fakeAuthProvider = {
+      validateAppId: () => Promise.resolve(),
+      validateAuthData: () => Promise.resolve(),
+    };
+    const payload = { authData: { id: 'user1', token: 'fakeToken' } };
+    const payload2 = { authData: { id: 'user1', token: 'fakeToken2' } };
+    await reconfigureServer({ auth: { fakeAuthProvider } });
+    const user = await Parse.User.logInWith('fakeAuthProvider', payload);
+    const user2 = await Parse.User.logInWith('fakeAuthProvider', payload, {
+      sessionToken: user.getSessionToken(),
+    });
+    const user3 = await Parse.User.logInWith('fakeAuthProvider', payload2, {
+      sessionToken: user2.getSessionToken(),
+    });
+    expect(user.id).toEqual(user2.id);
+    expect(user.id).toEqual(user3.id);
+  });
+
+  it('should support sync/async validateAppId', async () => {
+    const syncProvider = {
+      validateAppId: () => true,
+      appIds: 'test',
+      validateAuthData: () => Promise.resolve(),
+    };
+    const asyncProvider = {
+      appIds: 'test',
+      validateAppId: () => Promise.resolve(true),
+      validateAuthData: () => Promise.resolve(),
+    };
+    const payload = { authData: { id: 'user1', token: 'fakeToken' } };
+    const syncSpy = spyOn(syncProvider, 'validateAppId');
+    const asyncSpy = spyOn(asyncProvider, 'validateAppId');
+
+    await reconfigureServer({ auth: { asyncProvider, syncProvider } });
+    const user = await Parse.User.logInWith('asyncProvider', payload);
+    const user2 = await Parse.User.logInWith('syncProvider', payload);
+    expect(user.getSessionToken()).toBeDefined();
+    expect(user2.getSessionToken()).toBeDefined();
+    expect(syncSpy).toHaveBeenCalledTimes(1);
+    expect(asyncSpy).toHaveBeenCalledTimes(1);
+  });
+
   it('unlink and link with custom provider', async () => {
     const provider = getMockMyOauthProvider();
     Parse.User._registerAuthenticationProvider(provider);
@@ -339,10 +382,10 @@ describe('AuthenticationProviders', function () {
     });
 
     validateAuthenticationHandler(authenticationHandler);
-    const validator = authenticationHandler.getValidatorForProvider('customAuthentication');
+    const { validator } = authenticationHandler.getValidatorForProvider('customAuthentication');
     validateValidator(validator);
 
-    validator(validAuthData).then(
+    validator(validAuthData, {}, {}).then(
       () => {
         expect(authDataSpy).toHaveBeenCalled();
         // AppIds are not provided in the adapter, should not be called
@@ -362,12 +405,15 @@ describe('AuthenticationProviders', function () {
     });
 
     validateAuthenticationHandler(authenticationHandler);
-    const validator = authenticationHandler.getValidatorForProvider('customAuthentication');
+    const { validator } = authenticationHandler.getValidatorForProvider('customAuthentication');
     validateValidator(validator);
-
-    validator({
-      token: 'my-token',
-    }).then(
+    validator(
+      {
+        token: 'my-token',
+      },
+      {},
+      {}
+    ).then(
       () => {
         done();
       },
@@ -387,12 +433,16 @@ describe('AuthenticationProviders', function () {
     });
 
     validateAuthenticationHandler(authenticationHandler);
-    const validator = authenticationHandler.getValidatorForProvider('customAuthentication');
+    const { validator } = authenticationHandler.getValidatorForProvider('customAuthentication');
     validateValidator(validator);
 
-    validator({
-      token: 'valid-token',
-    }).then(
+    validator(
+      {
+        token: 'valid-token',
+      },
+      {},
+      {}
+    ).then(
       () => {
         done();
       },
@@ -541,6 +591,7 @@ describe('AuthenticationProviders', function () {
   });
 
   it('can depreciate', async () => {
+    await reconfigureServer();
     const Deprecator = require('../lib/Deprecator/Deprecator');
     const spy = spyOn(Deprecator, 'logRuntimeDeprecation').and.callFake(() => {});
     const provider = getMockMyOauthProvider();