parse-community
diff --git a/‎README.md
+44-58 b/‎README.md
+44-58
diff --git a/‎src/Options/Definitions.js
+34-16 b/‎src/Options/Definitions.js
+34-16
@@ -58,6 +58,7 @@ The full documentation for Parse Server is available in the [wiki](https://githu
   - [Basic Options](#basic-options)
   - [Client Key Options](#client-key-options)
   - [Email Verification and Password Reset](#email-verification-and-password-reset)
+  - [Password and Account Policy](#password-and-account-policy)
   - [Custom Routes](#custom-routes)
     - [Example](#example)
     - [Reserved Paths](#reserved-paths)
@@ -313,76 +314,32 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo
 
 ## Email Verification and Password Reset
 
-Verifying user email addresses and enabling password reset via email requires an email adapter. As part of the `parse-server` package we provide an adapter for sending email through Mailgun. To use it, sign up for Mailgun, and add this to your initialization code:
+Verifying user email addresses and enabling password reset via email requires an email adapter. There are many email adapters provided and maintained by the community. The following is an example configuration with an example email adapter. See the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) for more details and a full list of available options.
 
 ```js
-var server = ParseServer({
+const server = ParseServer({
   ...otherOptions,
+
   // Enable email verification
   verifyUserEmails: true,
 
-  // if `verifyUserEmails` is `true` and
-  //     if `emailVerifyTokenValidityDuration` is `undefined` then
-  //        email verify token never expires
-  //     else
-  //        email verify token expires after `emailVerifyTokenValidityDuration`
-  //
-  // `emailVerifyTokenValidityDuration` defaults to `undefined`
-  //
-  // email verify token below expires in 2 hours (= 2 * 60 * 60 == 7200 seconds)
-  emailVerifyTokenValidityDuration: 2 * 60 * 60, // in seconds (2 hours = 7200 seconds)
-
-  // set preventLoginWithUnverifiedEmail to false to allow user to login without verifying their email
-  // set preventLoginWithUnverifiedEmail to true to prevent user from login if their email is not verified
-  preventLoginWithUnverifiedEmail: false, // defaults to false
-
-  // The public URL of your app.
-  // This will appear in the link that is used to verify email addresses and reset passwords.
-  // Set the mount path as it is in serverURL
-  publicServerURL: 'https://example.com/parse',
-  // Your apps name. This will appear in the subject and body of the emails that are sent.
-  appName: 'Parse App',
-  // The email adapter
+  // Set email verification token validity to 2 hours
+  emailVerifyTokenValidityDuration: 2 * 60 * 60,
+
+  // Set email adapter
   emailAdapter: {
-    module: '@parse/simple-mailgun-adapter',
+    module: 'example-mail-adapter',
     options: {
-      // The address that your emails come from
-      fromAddress: '[email protected]',
-      // Your domain from mailgun.com
-      domain: 'example.com',
-      // Your API key from mailgun.com
-      apiKey: 'key-mykey',
+      // Additional adapter options
+      ...mailAdapterOptions
     }
   },
-
-  // account lockout policy setting (OPTIONAL) - defaults to undefined
-  // if the account lockout policy is set and there are more than `threshold` number of failed login attempts then the `login` api call returns error code `Parse.Error.OBJECT_NOT_FOUND` with error message `Your account is locked due to multiple failed login attempts. Please try again after <duration> minute(s)`. After `duration` minutes of no login attempts, the application will allow the user to try login again.
-  accountLockout: {
-    duration: 5, // duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. Set it to a value greater than 0 and less than 100000.
-    threshold: 3, // threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. Set it to an integer value greater than 0 and less than 1000.
-    unlockOnPasswordReset: true, // Is true if the account lock should be removed after a successful password reset. Default: false.
-}
-  },
-  // optional settings to enforce password policies
-  passwordPolicy: {
-    // Two optional settings to enforce strong passwords. Either one or both can be specified.
-    // If both are specified, both checks must pass to accept the password
-    // 1. a RegExp object or a regex string representing the pattern to enforce
-    validatorPattern: /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})/, // enforce password with at least 8 char with at least 1 lower case, 1 upper case and 1 digit
-    // 2. a callback function to be invoked to validate the password
-    validatorCallback: (password) => { return validatePassword(password) },
-    validationError: 'Password must contain at least 1 digit.' // optional error message to be sent instead of the default "Password does not meet the Password Policy requirements." message.
-    doNotAllowUsername: true, // optional setting to disallow username in passwords
-    maxPasswordAge: 90, // optional setting in days for password expiry. Login fails if user does not reset the password within this period after signup/last reset.
-    maxPasswordHistory: 5, // optional setting to prevent reuse of previous n passwords. Maximum value that can be specified is 20. Not specifying it or specifying 0 will not enforce history.
-    //optional setting to set a validity duration for password reset links (in seconds)
-    resetTokenValidityDuration: 24*60*60, // expire after 24 hours
-  }
 });
 ```
 
-You can also use other email adapters contributed by the community such as:
-- [parse-smtp-template (Multi Language and Multi Template)](https://www.npmjs.com/package/parse-smtp-template)
+Email adapters contributed by the community:
+- [parse-server-api-mail-adapter](https://www.npmjs.com/package/parse-server-api-mail-adapter) (localization, templates, universally supports any email provider)
+- [parse-smtp-template](https://www.npmjs.com/package/parse-smtp-template) (localization, templates)
 - [parse-server-postmark-adapter](https://www.npmjs.com/package/parse-server-postmark-adapter)
 - [parse-server-sendgrid-adapter](https://www.npmjs.com/package/parse-server-sendgrid-adapter)
 - [parse-server-mandrill-adapter](https://www.npmjs.com/package/parse-server-mandrill-adapter)
@@ -392,7 +349,36 @@ You can also use other email adapters contributed by the community such as:
 - [parse-server-mailjet-adapter](https://www.npmjs.com/package/parse-server-mailjet-adapter)
 - [simple-parse-smtp-adapter](https://www.npmjs.com/package/simple-parse-smtp-adapter)
 - [parse-server-generic-email-adapter](https://www.npmjs.com/package/parse-server-generic-email-adapter)
-- [parse-server-api-mail-adapter](https://www.npmjs.com/package/parse-server-api-mail-adapter)
+
+## Password and Account Policy
+
+Set a password and account policy that meets your security requirements. The following is an example configuration. See the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) for more details and a full list of available options.
+
+```js
+const server = ParseServer({
+  ...otherOptions,
+
+  // The account lock policy
+  accountLockout: {
+    // Lock the account for 5 minutes.
+    duration: 5,
+    // Lock an account after 3 failed log-in attempts
+    threshold: 3,
+    // Unlock the account after a successful password reset
+    unlockOnPasswordReset: true,
+  },
+
+  // The password policy
+  passwordPolicy: {    
+    // Enforce a password of at least 8 characters which contain at least 1 lower case, 1 upper case and 1 digit
+    validatorPattern: /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})/,
+    // Do not allow the username as part of the password
+    doNotAllowUsername: true,
+    // Do not allow to re-use the last 5 passwords when setting a new password
+    maxPasswordHistory: 5,
+  },
+});
+```
 
 ## Custom Routes
 **Caution, this is an experimental feature that may not be appropriate for production.**
 
@@ -8,7 +8,7 @@ var parsers = require('./parsers');
 module.exports.ParseServerOptions = {
   accountLockout: {
     env: 'PARSE_SERVER_ACCOUNT_LOCKOUT',
-    help: 'account lockout policy for failed login attempts',
+    help: 'The account lockout policy for failed login attempts.',
     action: parsers.objectParser,
   },
   allowClientClassCreation: {
@@ -128,13 +128,14 @@ module.exports.ParseServerOptions = {
   emailVerifyTokenReuseIfValid: {
     env: 'PARSE_SERVER_EMAIL_VERIFY_TOKEN_REUSE_IF_VALID',
     help:
-      'an existing email verify token should be reused when resend verification email is requested',
+      'Set to `true` if a email verification token should be reused in case another token is requested but there is a token that is still valid, i.e. has not expired. This avoids the often observed issue that a user requests multiple emails and does not know which link contains a valid token because each newly generated token would invalidate the previous token.<br><br>Default is `false`.<br>Requires option `verifyUserEmails: true`.',
     action: parsers.booleanParser,
     default: false,
   },
   emailVerifyTokenValidityDuration: {
     env: 'PARSE_SERVER_EMAIL_VERIFY_TOKEN_VALIDITY_DURATION',
-    help: 'Email verification token validity duration, in seconds',
+    help:
+      'Set the validity duration of the email verification token in seconds after which the token expires. The token is used in the link that is set in the email. After the token expires, the link becomes invalid and a new link has to be sent. If the option is not set or set to `undefined`, then the token never expires.<br><br>For example, to expire the token after 2 hours, set a value of 7200 seconds (= 60 seconds * 60 minutes * 2 hours).<br><br>Default is `undefined`.<br>Requires option `verifyUserEmails: true`.',
     action: parsers.numberParser('emailVerifyTokenValidityDuration'),
   },
   enableAnonymousUsers: {
@@ -291,7 +292,7 @@ module.exports.ParseServerOptions = {
   },
   passwordPolicy: {
     env: 'PARSE_SERVER_PASSWORD_POLICY',
-    help: 'Password policy for enforcing password related rules',
+    help: 'The password policy for enforcing password related rules.',
     action: parsers.objectParser,
   },
   playgroundPath: {
@@ -314,7 +315,7 @@ module.exports.ParseServerOptions = {
   preventLoginWithUnverifiedEmail: {
     env: 'PARSE_SERVER_PREVENT_LOGIN_WITH_UNVERIFIED_EMAIL',
     help:
-      'Prevent user from login if email is not verified and PARSE_SERVER_VERIFY_USER_EMAILS is true, defaults to false',
+      'Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required.<br><br>Default is `false`.<br>Requires option `verifyUserEmails: true`.',
     action: parsers.booleanParser,
     default: false,
   },
@@ -407,7 +408,8 @@ module.exports.ParseServerOptions = {
   },
   verifyUserEmails: {
     env: 'PARSE_SERVER_VERIFY_USER_EMAILS',
-    help: 'Enable (or disable) user email validation, defaults to false',
+    help:
+      'Set to `true` to require users to verify their email address to complete the sign-up process.<br><br>Default is `false`.',
     action: parsers.booleanParser,
     default: false,
   },
@@ -704,54 +706,70 @@ module.exports.AccountLockoutOptions = {
   duration: {
     env: 'PARSE_SERVER_ACCOUNT_LOCKOUT_DURATION',
     help:
-      'number of minutes that a locked-out account remains locked out before automatically becoming unlocked.',
+      'Set the duration in minutes that a locked-out account remains locked out before automatically becoming unlocked.<br><br>Valid values are greater than `0` and less than `100000`.',
     action: parsers.numberParser('duration'),
   },
   threshold: {
     env: 'PARSE_SERVER_ACCOUNT_LOCKOUT_THRESHOLD',
-    help: 'number of failed sign-in attempts that will cause a user account to be locked',
+    help:
+      'Set the number of failed sign-in attempts that will cause a user account to be locked. If the account is locked. The account will unlock after the duration set in the `duration` option has passed and no further login attempts have been made.<br><br>Valid values are greater than `0` and less than `1000`.',
     action: parsers.numberParser('threshold'),
   },
   unlockOnPasswordReset: {
     env: 'PARSE_SERVER_ACCOUNT_LOCKOUT_UNLOCK_ON_PASSWORD_RESET',
-    help: 'Is true if the account lock should be removed after a successful password reset.',
+    help:
+      'Set to `true`  if the account should be unlocked after a successful password reset.<br><br>Default is `false`.<br>Requires options `duration` and `threshold` to be set.',
     action: parsers.booleanParser,
     default: false,
   },
 };
 module.exports.PasswordPolicyOptions = {
   doNotAllowUsername: {
     env: 'PARSE_SERVER_PASSWORD_POLICY_DO_NOT_ALLOW_USERNAME',
-    help: 'disallow username in passwords',
+    help:
+      'Set to `true` to disallow the username as part of the password.<br><br>Default is `false`.',
     action: parsers.booleanParser,
+    default: false,
   },
   maxPasswordAge: {
     env: 'PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_AGE',
-    help: 'days for password expiry',
+    help:
+      'Set the number of days after which a password expires. Login attempts fail if the user does not reset the password before expiration.',
     action: parsers.numberParser('maxPasswordAge'),
   },
   maxPasswordHistory: {
     env: 'PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_HISTORY',
-    help: 'setting to prevent reuse of previous n passwords',
+    help:
+      'Set the number of previous password that will not be allowed to be set as new password. If the option is not set or set to `0`, no previous passwords will be considered.<br><br>Valid values are >= `0` and <= `20`.<br>Default is `0`.',
     action: parsers.numberParser('maxPasswordHistory'),
   },
   resetTokenReuseIfValid: {
     env: 'PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_REUSE_IF_VALID',
-    help: "resend token if it's still valid",
+    help:
+      'Set to `true` if a password reset token should be reused in case another token is requested but there is a token that is still valid, i.e. has not expired. This avoids the often observed issue that a user requests multiple emails and does not know which link contains a valid token because each newly generated token would invalidate the previous token.<br><br>Default is `false`.',
     action: parsers.booleanParser,
+    default: false,
   },
   resetTokenValidityDuration: {
     env: 'PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_VALIDITY_DURATION',
-    help: 'time for token to expire',
+    help:
+      'Set the validity duration of the password reset token in seconds after which the token expires. The token is used in the link that is set in the email. After the token expires, the link becomes invalid and a new link has to be sent. If the option is not set or set to `undefined`, then the token never expires.<br><br>For example, to expire the token after 2 hours, set a value of 7200 seconds (= 60 seconds * 60 minutes * 2 hours).<br><br>Default is `undefined`.',
     action: parsers.numberParser('resetTokenValidityDuration'),
   },
+  validationError: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_VALIDATION_ERROR',
+    help:
+      'Set the error message to be sent.<br><br>Default is `Password does not meet the Password Policy requirements.`',
+  },
   validatorCallback: {
     env: 'PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_CALLBACK',
-    help: 'a callback function to be invoked to validate the password',
+    help:
+      'Set a callback function to validate a password to be accepted.<br><br>If used in combination with `validatorPattern`, the password must pass both to be accepted.',
   },
   validatorPattern: {
     env: 'PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_PATTERN',
-    help: 'a RegExp object or a regex string representing the pattern to enforce',
+    help:
+      'Set the regular expression validation pattern a password must match to be accepted.<br><br>If used in combination with `validatorCallback`, the password must pass both to be accepted.',
   },
 };
 module.exports.FileUploadOptions = {