From 2f454d024608c96626e0543378e487addf6e818f Mon Sep 17 00:00:00 2001 From: dblythy Date: Thu, 25 Mar 2021 04:04:41 +1100 Subject: [PATCH 01/20] fix: properly pass req.user to liveQuery triggers --- spec/ParseLiveQuery.spec.js | 56 +++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index 43e91e03bb..75d133ad3c 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -645,6 +645,62 @@ describe('ParseLiveQuery', function () { await object.save(); }); + it('LiveQuery with ACL', async done => { + await reconfigureServer({ + liveQuery: { + classNames: ['Chat'], + }, + startLiveQueryServer: true, + verbose: false, + silent: true, + }); + const user = new Parse.User(); + user.setUsername('username'); + user.setPassword('password'); + await user.signUp(); + + let calls = 0; + + Parse.Cloud.beforeConnect(req => { + expect(req.event).toBe('connect'); + expect(req.clients).toBe(0); + expect(req.subscriptions).toBe(0); + expect(req.useMasterKey).toBe(false); + expect(req.installationId).toBeDefined(); + expect(req.user).toBeDefined(); + expect(req.client).toBeDefined(); + calls++; + }); + + Parse.Cloud.beforeSubscribe('Chat', req => { + expect(req.op).toBe('subscribe'); + expect(req.requestId).toBe(1); + expect(req.query).toBeDefined(); + expect(req.user).toBeDefined(); + calls++; + }); + + Parse.Cloud.afterLiveQueryEvent('Chat', req => { + expect(req.event).toBe('create'); + expect(req.user).toBeDefined(); + expect(req.object.get('foo')).toBe('bar'); + calls++; + }); + + const chatQuery = new Parse.Query('Chat'); + const subscription = await chatQuery.subscribe(); + subscription.on('create', object => { + expect(object.get('foo')).toBe('bar'); + expect(calls).toEqual(3); + done(); + }); + const object = new Parse.Object('Chat'); + const acl = new Parse.ACL(user); + object.setACL(acl); + object.set({ foo: 'bar' }); + await object.save(); + }); + it('handle invalid websocket payload length', async done => { await reconfigureServer({ liveQuery: { From 2d8e75b9f20e09fbaa94ca58db7544699b4a36f7 Mon Sep 17 00:00:00 2001 From: dblythy Date: Thu, 25 Mar 2021 04:08:17 +1100 Subject: [PATCH 02/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index d60615d5b5..d4adb88a05 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -170,7 +170,7 @@ class ParseLiveQueryServer { }; const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { - const auth = await this.getAuthForSessionToken(res.sessionToken); + const { auth } = await this.getAuthForSessionToken(res.sessionToken); res.user = auth.user; if (res.object) { res.object = Parse.Object.fromJSON(res.object); @@ -317,7 +317,7 @@ class ParseLiveQueryServer { if (res.original) { res.original = Parse.Object.fromJSON(res.original); } - const auth = await this.getAuthForSessionToken(res.sessionToken); + const { auth } = await this.getAuthForSessionToken(res.sessionToken); res.user = auth.user; await runTrigger(trigger, `afterEvent.${className}`, res, auth); } @@ -631,7 +631,7 @@ class ParseLiveQueryServer { }; const trigger = getTrigger('@Connect', 'beforeConnect', Parse.applicationId); if (trigger) { - const auth = await this.getAuthForSessionToken(req.sessionToken); + const { auth } = await this.getAuthForSessionToken(req.sessionToken); req.user = auth.user; await runTrigger(trigger, `beforeConnect.@Connect`, req, auth); } @@ -690,7 +690,7 @@ class ParseLiveQueryServer { try { const trigger = getTrigger(className, 'beforeSubscribe', Parse.applicationId); if (trigger) { - const auth = await this.getAuthForSessionToken(request.sessionToken); + const { auth } = await this.getAuthForSessionToken(request.sessionToken); request.user = auth.user; const parseQuery = new Parse.Query(className); From fb17e47b9d167750d24af2552d53f1d898d3cf3b Mon Sep 17 00:00:00 2001 From: dblythy Date: Thu, 25 Mar 2021 04:13:08 +1100 Subject: [PATCH 03/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index d4adb88a05..c091dc8df4 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -171,7 +171,9 @@ class ParseLiveQueryServer { const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { const { auth } = await this.getAuthForSessionToken(res.sessionToken); - res.user = auth.user; + if (auth && auth.user) { + res.user = auth.user; + } if (res.object) { res.object = Parse.Object.fromJSON(res.object); } @@ -318,7 +320,9 @@ class ParseLiveQueryServer { res.original = Parse.Object.fromJSON(res.original); } const { auth } = await this.getAuthForSessionToken(res.sessionToken); - res.user = auth.user; + if (auth && auth.user) { + res.user = auth.user; + } await runTrigger(trigger, `afterEvent.${className}`, res, auth); } if (!res.sendEvent) { @@ -632,7 +636,9 @@ class ParseLiveQueryServer { const trigger = getTrigger('@Connect', 'beforeConnect', Parse.applicationId); if (trigger) { const { auth } = await this.getAuthForSessionToken(req.sessionToken); - req.user = auth.user; + if (auth && auth.user) { + req.user = auth.user; + } await runTrigger(trigger, `beforeConnect.@Connect`, req, auth); } parseWebsocket.clientId = clientId; @@ -691,7 +697,9 @@ class ParseLiveQueryServer { const trigger = getTrigger(className, 'beforeSubscribe', Parse.applicationId); if (trigger) { const { auth } = await this.getAuthForSessionToken(request.sessionToken); - request.user = auth.user; + if (auth && auth.user) { + request.user = auth.user; + } const parseQuery = new Parse.Query(className); parseQuery.withJSON(request.query); From 2bd21061c2dded25d8d4bffcff302bff02ac0c10 Mon Sep 17 00:00:00 2001 From: dblythy Date: Thu, 25 Mar 2021 05:41:52 +1100 Subject: [PATCH 04/20] fix failing tests --- spec/ParseLiveQuery.spec.js | 1 - src/LiveQuery/ParseLiveQueryServer.js | 20 +++++++++++++++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index 75d133ad3c..5a8654c6f0 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -667,7 +667,6 @@ describe('ParseLiveQuery', function () { expect(req.subscriptions).toBe(0); expect(req.useMasterKey).toBe(false); expect(req.installationId).toBeDefined(); - expect(req.user).toBeDefined(); expect(req.client).toBeDefined(); calls++; }); diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index c091dc8df4..7d145eb3bd 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -170,7 +170,8 @@ class ParseLiveQueryServer { }; const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { - const { auth } = await this.getAuthForSessionToken(res.sessionToken); + const sessionToken = this.getSessionFromClient(client, requestId); + const { auth } = await this.getAuthForSessionToken(sessionToken); if (auth && auth.user) { res.user = auth.user; } @@ -319,7 +320,8 @@ class ParseLiveQueryServer { if (res.original) { res.original = Parse.Object.fromJSON(res.original); } - const { auth } = await this.getAuthForSessionToken(res.sessionToken); + const sessionToken = this.getSessionFromClient(client, requestId); + const { auth } = await this.getAuthForSessionToken(sessionToken); if (auth && auth.user) { res.user = auth.user; } @@ -582,7 +584,19 @@ class ParseLiveQueryServer { return false; }); } - + getSessionFromClient(client: any, requestId: number): String { + if (!client) { + return; + } + if (client.sessionToken) { + return client.sessionToken; + } + const subscriptionInfo = client.getSubscriptionInfo(requestId); + if (typeof subscriptionInfo === 'undefined') { + return; + } + return subscriptionInfo.sessionToken; + } async _matchesACL(acl: any, client: any, requestId: number): Promise { // Return true directly if ACL isn't present, ACL is public read, or client has master key if (!acl || acl.getPublicReadAccess() || client.hasMasterKey) { From 642c7b536d994af3e9ff76bfadb7785633ddba3c Mon Sep 17 00:00:00 2001 From: dblythy Date: Sun, 4 Apr 2021 21:41:52 +1000 Subject: [PATCH 05/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index 7d145eb3bd..90d9a06c7a 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -588,14 +588,11 @@ class ParseLiveQueryServer { if (!client) { return; } - if (client.sessionToken) { - return client.sessionToken; - } const subscriptionInfo = client.getSubscriptionInfo(requestId); if (typeof subscriptionInfo === 'undefined') { - return; + return client.sessionToken; } - return subscriptionInfo.sessionToken; + return subscriptionInfo.sessionToken || client.sessionToken; } async _matchesACL(acl: any, client: any, requestId: number): Promise { // Return true directly if ACL isn't present, ACL is public read, or client has master key From dada3c0b07621aff9ead5aef0f97b0038901ac57 Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 00:01:21 +1000 Subject: [PATCH 06/20] increase coverage --- spec/ParseLiveQuery.spec.js | 6 +++++- src/LiveQuery/ParseLiveQueryServer.js | 3 --- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index 5a8654c6f0..76020b77e3 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -680,7 +680,6 @@ describe('ParseLiveQuery', function () { }); Parse.Cloud.afterLiveQueryEvent('Chat', req => { - expect(req.event).toBe('create'); expect(req.user).toBeDefined(); expect(req.object.get('foo')).toBe('bar'); calls++; @@ -691,6 +690,10 @@ describe('ParseLiveQuery', function () { subscription.on('create', object => { expect(object.get('foo')).toBe('bar'); expect(calls).toEqual(3); + }); + subscription.on('delete', object => { + expect(object.get('foo')).toBe('bar'); + expect(calls).toEqual(4); done(); }); const object = new Parse.Object('Chat'); @@ -698,6 +701,7 @@ describe('ParseLiveQuery', function () { object.setACL(acl); object.set({ foo: 'bar' }); await object.save(); + await object.destroy(); }); it('handle invalid websocket payload length', async done => { diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index 90d9a06c7a..8e1632d09d 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -585,9 +585,6 @@ class ParseLiveQueryServer { }); } getSessionFromClient(client: any, requestId: number): String { - if (!client) { - return; - } const subscriptionInfo = client.getSubscriptionInfo(requestId); if (typeof subscriptionInfo === 'undefined') { return client.sessionToken; From 6ba6a8e56be8be7be2123d4b940b8bf46206e4b4 Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 01:14:04 +1000 Subject: [PATCH 07/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 32 +++++++++++++-------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index 8e1632d09d..af998d2c8d 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -170,11 +170,7 @@ class ParseLiveQueryServer { }; const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { - const sessionToken = this.getSessionFromClient(client, requestId); - const { auth } = await this.getAuthForSessionToken(sessionToken); - if (auth && auth.user) { - res.user = auth.user; - } + const auth = this.getAuthFromClient(client, res, requestId); if (res.object) { res.object = Parse.Object.fromJSON(res.object); } @@ -320,11 +316,7 @@ class ParseLiveQueryServer { if (res.original) { res.original = Parse.Object.fromJSON(res.original); } - const sessionToken = this.getSessionFromClient(client, requestId); - const { auth } = await this.getAuthForSessionToken(sessionToken); - if (auth && auth.user) { - res.user = auth.user; - } + const auth = this.getAuthFromClient(client, res, requestId); await runTrigger(trigger, `afterEvent.${className}`, res, auth); } if (!res.sendEvent) { @@ -584,12 +576,20 @@ class ParseLiveQueryServer { return false; }); } - getSessionFromClient(client: any, requestId: number): String { - const subscriptionInfo = client.getSubscriptionInfo(requestId); - if (typeof subscriptionInfo === 'undefined') { - return client.sessionToken; - } - return subscriptionInfo.sessionToken || client.sessionToken; + async getAuthFromClient(client: any, res: any, requestId: number) { + const getSessionFromClient = () => { + const subscriptionInfo = client.getSubscriptionInfo(requestId); + if (typeof subscriptionInfo === 'undefined') { + return client.sessionToken; + } + return subscriptionInfo.sessionToken || client.sessionToken; + }; + const sessionToken = getSessionFromClient(); + const { auth } = await this.getAuthForSessionToken(sessionToken); + if (auth && auth.user) { + res.user = auth.user; + } + return auth; } async _matchesACL(acl: any, client: any, requestId: number): Promise { // Return true directly if ACL isn't present, ACL is public read, or client has master key From 93aefda0bee791a6f16514daab2c04ca87e4cc19 Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 02:31:31 +1000 Subject: [PATCH 08/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index af998d2c8d..1f9680e172 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -577,6 +577,7 @@ class ParseLiveQueryServer { }); } async getAuthFromClient(client: any, res: any, requestId: number) { + console.log('client', client); const getSessionFromClient = () => { const subscriptionInfo = client.getSubscriptionInfo(requestId); if (typeof subscriptionInfo === 'undefined') { @@ -586,6 +587,7 @@ class ParseLiveQueryServer { }; const sessionToken = getSessionFromClient(); const { auth } = await this.getAuthForSessionToken(sessionToken); + console.log('auth', auth); if (auth && auth.user) { res.user = auth.user; } From 595192a928d10975f9dc16be9bbb5a4d22527a3d Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 02:44:44 +1000 Subject: [PATCH 09/20] find failing test error --- spec/ParseLiveQuery.spec.js | 2 +- src/LiveQuery/ParseLiveQueryServer.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index 76020b77e3..f654060a1e 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -645,7 +645,7 @@ describe('ParseLiveQuery', function () { await object.save(); }); - it('LiveQuery with ACL', async done => { + fit('LiveQuery with ACL', async done => { await reconfigureServer({ liveQuery: { classNames: ['Chat'], diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index 1f9680e172..2cd85b86a2 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -317,6 +317,8 @@ class ParseLiveQueryServer { res.original = Parse.Object.fromJSON(res.original); } const auth = this.getAuthFromClient(client, res, requestId); + console.log('auth', auth); + console.log('user', res.user); await runTrigger(trigger, `afterEvent.${className}`, res, auth); } if (!res.sendEvent) { @@ -577,7 +579,6 @@ class ParseLiveQueryServer { }); } async getAuthFromClient(client: any, res: any, requestId: number) { - console.log('client', client); const getSessionFromClient = () => { const subscriptionInfo = client.getSubscriptionInfo(requestId); if (typeof subscriptionInfo === 'undefined') { @@ -587,7 +588,6 @@ class ParseLiveQueryServer { }; const sessionToken = getSessionFromClient(); const { auth } = await this.getAuthForSessionToken(sessionToken); - console.log('auth', auth); if (auth && auth.user) { res.user = auth.user; } From 45f5ef6e7b9d2b02d0a5f1818d67f2621833fa3e Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 02:47:27 +1000 Subject: [PATCH 10/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index 2cd85b86a2..0a386a4a64 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -170,7 +170,7 @@ class ParseLiveQueryServer { }; const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { - const auth = this.getAuthFromClient(client, res, requestId); + const auth = await this.getAuthFromClient(client, res, requestId); if (res.object) { res.object = Parse.Object.fromJSON(res.object); } @@ -316,9 +316,7 @@ class ParseLiveQueryServer { if (res.original) { res.original = Parse.Object.fromJSON(res.original); } - const auth = this.getAuthFromClient(client, res, requestId); - console.log('auth', auth); - console.log('user', res.user); + const auth = await this.getAuthFromClient(client, res, requestId); await runTrigger(trigger, `afterEvent.${className}`, res, auth); } if (!res.sendEvent) { From 5781e922cf5afd1e0d4a7adc403f42070055524b Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 02:49:30 +1000 Subject: [PATCH 11/20] Update ParseLiveQuery.spec.js --- spec/ParseLiveQuery.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index f654060a1e..76020b77e3 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -645,7 +645,7 @@ describe('ParseLiveQuery', function () { await object.save(); }); - fit('LiveQuery with ACL', async done => { + it('LiveQuery with ACL', async done => { await reconfigureServer({ liveQuery: { classNames: ['Chat'], From 0dd2c5452ba029e5f50e08cacdcadc4ddb1d0dd2 Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 11:04:30 +1000 Subject: [PATCH 12/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index 0a386a4a64..622ac3717b 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -576,7 +576,7 @@ class ParseLiveQueryServer { return false; }); } - async getAuthFromClient(client: any, res: any, requestId: number) { + async getAuthFromClient(client: any, res: any, requestId: number, sessionToken: string) { const getSessionFromClient = () => { const subscriptionInfo = client.getSubscriptionInfo(requestId); if (typeof subscriptionInfo === 'undefined') { @@ -584,7 +584,9 @@ class ParseLiveQueryServer { } return subscriptionInfo.sessionToken || client.sessionToken; }; - const sessionToken = getSessionFromClient(); + if (!sessionToken) { + sessionToken = getSessionFromClient(); + } const { auth } = await this.getAuthForSessionToken(sessionToken); if (auth && auth.user) { res.user = auth.user; @@ -643,10 +645,7 @@ class ParseLiveQueryServer { }; const trigger = getTrigger('@Connect', 'beforeConnect', Parse.applicationId); if (trigger) { - const { auth } = await this.getAuthForSessionToken(req.sessionToken); - if (auth && auth.user) { - req.user = auth.user; - } + const auth = await this.getAuthFromClient(client, req, request.requestId, req.sessionToken); await runTrigger(trigger, `beforeConnect.@Connect`, req, auth); } parseWebsocket.clientId = clientId; @@ -704,10 +703,12 @@ class ParseLiveQueryServer { try { const trigger = getTrigger(className, 'beforeSubscribe', Parse.applicationId); if (trigger) { - const { auth } = await this.getAuthForSessionToken(request.sessionToken); - if (auth && auth.user) { - request.user = auth.user; - } + const auth = await this.getAuthFromClient( + client, + request, + request.requestId, + request.sessionToken + ); const parseQuery = new Parse.Query(className); parseQuery.withJSON(request.query); From 8b6763ce5f07cf71b329dac54ecebf29c0e5b0a3 Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 11:05:37 +1000 Subject: [PATCH 13/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index 622ac3717b..e944d09c2f 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -576,6 +576,7 @@ class ParseLiveQueryServer { return false; }); } + async getAuthFromClient(client: any, res: any, requestId: number, sessionToken: string) { const getSessionFromClient = () => { const subscriptionInfo = client.getSubscriptionInfo(requestId); @@ -593,6 +594,7 @@ class ParseLiveQueryServer { } return auth; } + async _matchesACL(acl: any, client: any, requestId: number): Promise { // Return true directly if ACL isn't present, ACL is public read, or client has master key if (!acl || acl.getPublicReadAccess() || client.hasMasterKey) { From 2ca9c66cb63e020dd4257c6561520b3cd498392f Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 11:50:25 +1000 Subject: [PATCH 14/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 30 +++++++++++++++------------ 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index e944d09c2f..867db4961b 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -170,7 +170,10 @@ class ParseLiveQueryServer { }; const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { - const auth = await this.getAuthFromClient(client, res, requestId); + const auth = await this.getAuthFromClient(client, requestId); + if (auth && auth.user) { + res.user = auth.user; + } if (res.object) { res.object = Parse.Object.fromJSON(res.object); } @@ -316,7 +319,10 @@ class ParseLiveQueryServer { if (res.original) { res.original = Parse.Object.fromJSON(res.original); } - const auth = await this.getAuthFromClient(client, res, requestId); + const auth = await this.getAuthFromClient(client, requestId); + if (auth && auth.user) { + res.user = auth.user; + } await runTrigger(trigger, `afterEvent.${className}`, res, auth); } if (!res.sendEvent) { @@ -577,7 +583,7 @@ class ParseLiveQueryServer { }); } - async getAuthFromClient(client: any, res: any, requestId: number, sessionToken: string) { + async getAuthFromClient(client: any, requestId: number, sessionToken: string) { const getSessionFromClient = () => { const subscriptionInfo = client.getSubscriptionInfo(requestId); if (typeof subscriptionInfo === 'undefined') { @@ -589,9 +595,6 @@ class ParseLiveQueryServer { sessionToken = getSessionFromClient(); } const { auth } = await this.getAuthForSessionToken(sessionToken); - if (auth && auth.user) { - res.user = auth.user; - } return auth; } @@ -647,7 +650,10 @@ class ParseLiveQueryServer { }; const trigger = getTrigger('@Connect', 'beforeConnect', Parse.applicationId); if (trigger) { - const auth = await this.getAuthFromClient(client, req, request.requestId, req.sessionToken); + const auth = await this.getAuthFromClient(client, request.requestId, req.sessionToken); + if (auth && auth.user) { + req.user = auth.user; + } await runTrigger(trigger, `beforeConnect.@Connect`, req, auth); } parseWebsocket.clientId = clientId; @@ -705,12 +711,10 @@ class ParseLiveQueryServer { try { const trigger = getTrigger(className, 'beforeSubscribe', Parse.applicationId); if (trigger) { - const auth = await this.getAuthFromClient( - client, - request, - request.requestId, - request.sessionToken - ); + const auth = await this.getAuthFromClient(client, request.requestId, request.sessionToken); + if (auth && auth.user) { + request.user = auth.user; + } const parseQuery = new Parse.Query(className); parseQuery.withJSON(request.query); From e5a2f828c3451035a8d442ad1e7f44e0aa0176cb Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 5 Apr 2021 11:53:13 +1000 Subject: [PATCH 15/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index 867db4961b..d242362c69 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -171,9 +171,7 @@ class ParseLiveQueryServer { const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { const auth = await this.getAuthFromClient(client, requestId); - if (auth && auth.user) { - res.user = auth.user; - } + res.user = auth.user; if (res.object) { res.object = Parse.Object.fromJSON(res.object); } @@ -320,9 +318,7 @@ class ParseLiveQueryServer { res.original = Parse.Object.fromJSON(res.original); } const auth = await this.getAuthFromClient(client, requestId); - if (auth && auth.user) { - res.user = auth.user; - } + res.user = auth.user; await runTrigger(trigger, `afterEvent.${className}`, res, auth); } if (!res.sendEvent) { @@ -595,7 +591,7 @@ class ParseLiveQueryServer { sessionToken = getSessionFromClient(); } const { auth } = await this.getAuthForSessionToken(sessionToken); - return auth; + return auth || {}; } async _matchesACL(acl: any, client: any, requestId: number): Promise { @@ -651,9 +647,7 @@ class ParseLiveQueryServer { const trigger = getTrigger('@Connect', 'beforeConnect', Parse.applicationId); if (trigger) { const auth = await this.getAuthFromClient(client, request.requestId, req.sessionToken); - if (auth && auth.user) { - req.user = auth.user; - } + req.user = auth.user; await runTrigger(trigger, `beforeConnect.@Connect`, req, auth); } parseWebsocket.clientId = clientId; @@ -712,9 +706,7 @@ class ParseLiveQueryServer { const trigger = getTrigger(className, 'beforeSubscribe', Parse.applicationId); if (trigger) { const auth = await this.getAuthFromClient(client, request.requestId, request.sessionToken); - if (auth && auth.user) { - request.user = auth.user; - } + request.user = auth.user; const parseQuery = new Parse.Query(className); parseQuery.withJSON(request.query); From 67a39c7520aace62300ab64518f069675563f64d Mon Sep 17 00:00:00 2001 From: dblythy Date: Tue, 13 Apr 2021 20:46:52 +1000 Subject: [PATCH 16/20] Update ParseLiveQueryServer.js --- src/LiveQuery/ParseLiveQueryServer.js | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index d242362c69..5a44ae5c8b 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -171,7 +171,9 @@ class ParseLiveQueryServer { const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { const auth = await this.getAuthFromClient(client, requestId); - res.user = auth.user; + if (auth && auth.user) { + res.user = auth.user; + } if (res.object) { res.object = Parse.Object.fromJSON(res.object); } @@ -318,7 +320,9 @@ class ParseLiveQueryServer { res.original = Parse.Object.fromJSON(res.original); } const auth = await this.getAuthFromClient(client, requestId); - res.user = auth.user; + if (auth && auth.user) { + res.user = auth.user; + } await runTrigger(trigger, `afterEvent.${className}`, res, auth); } if (!res.sendEvent) { @@ -590,8 +594,11 @@ class ParseLiveQueryServer { if (!sessionToken) { sessionToken = getSessionFromClient(); } + if (!sessionToken) { + return; + } const { auth } = await this.getAuthForSessionToken(sessionToken); - return auth || {}; + return auth; } async _matchesACL(acl: any, client: any, requestId: number): Promise { @@ -647,7 +654,9 @@ class ParseLiveQueryServer { const trigger = getTrigger('@Connect', 'beforeConnect', Parse.applicationId); if (trigger) { const auth = await this.getAuthFromClient(client, request.requestId, req.sessionToken); - req.user = auth.user; + if (auth && auth.user) { + req.user = auth.user; + } await runTrigger(trigger, `beforeConnect.@Connect`, req, auth); } parseWebsocket.clientId = clientId; @@ -706,7 +715,9 @@ class ParseLiveQueryServer { const trigger = getTrigger(className, 'beforeSubscribe', Parse.applicationId); if (trigger) { const auth = await this.getAuthFromClient(client, request.requestId, request.sessionToken); - request.user = auth.user; + if (auth && auth.user) { + request.user = auth.user; + } const parseQuery = new Parse.Query(className); parseQuery.withJSON(request.query); From 89345ada58df5f3dbef80b6fa1cbf539f633c781 Mon Sep 17 00:00:00 2001 From: dblythy Date: Fri, 23 Apr 2021 20:11:54 +1000 Subject: [PATCH 17/20] Update ParseLiveQuery.spec.js --- spec/ParseLiveQuery.spec.js | 75 ++++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index 76020b77e3..6f7d4b73cb 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -645,7 +645,7 @@ describe('ParseLiveQuery', function () { await object.save(); }); - it('LiveQuery with ACL', async done => { + it('LiveQuery with ACL', async () => { await reconfigureServer({ liveQuery: { classNames: ['Chat'], @@ -659,49 +659,54 @@ describe('ParseLiveQuery', function () { user.setPassword('password'); await user.signUp(); - let calls = 0; - - Parse.Cloud.beforeConnect(req => { - expect(req.event).toBe('connect'); - expect(req.clients).toBe(0); - expect(req.subscriptions).toBe(0); - expect(req.useMasterKey).toBe(false); - expect(req.installationId).toBeDefined(); - expect(req.client).toBeDefined(); - calls++; - }); - - Parse.Cloud.beforeSubscribe('Chat', req => { - expect(req.op).toBe('subscribe'); - expect(req.requestId).toBe(1); - expect(req.query).toBeDefined(); - expect(req.user).toBeDefined(); - calls++; - }); - - Parse.Cloud.afterLiveQueryEvent('Chat', req => { - expect(req.user).toBeDefined(); - expect(req.object.get('foo')).toBe('bar'); - calls++; - }); + const calls = { + beforeConnect(req) { + expect(req.event).toBe('connect'); + expect(req.clients).toBe(0); + expect(req.subscriptions).toBe(0); + expect(req.useMasterKey).toBe(false); + expect(req.installationId).toBeDefined(); + expect(req.client).toBeDefined(); + }, + beforeSubscribe(req) { + expect(req.op).toBe('subscribe'); + expect(req.requestId).toBe(1); + expect(req.query).toBeDefined(); + expect(req.user).toBeDefined(); + }, + afterLiveQueryEvent(req) { + expect(req.user).toBeDefined(); + expect(req.object.get('foo')).toBe('bar'); + }, + create(object) { + expect(object.get('foo')).toBe('bar'); + }, + delete(object) { + expect(object.get('foo')).toBe('bar'); + }, + }; + for (const key in calls) { + console.log(key); + spyOn(calls, key).and.callThrough(); + } + Parse.Cloud.beforeConnect(calls.beforeConnect); + Parse.Cloud.beforeSubscribe('Chat', calls.beforeSubscribe); + Parse.Cloud.afterLiveQueryEvent('Chat', calls.afterLiveQueryEvent); const chatQuery = new Parse.Query('Chat'); const subscription = await chatQuery.subscribe(); - subscription.on('create', object => { - expect(object.get('foo')).toBe('bar'); - expect(calls).toEqual(3); - }); - subscription.on('delete', object => { - expect(object.get('foo')).toBe('bar'); - expect(calls).toEqual(4); - done(); - }); + subscription.on('create', calls.create); + subscription.on('delete', calls.delete); const object = new Parse.Object('Chat'); const acl = new Parse.ACL(user); object.setACL(acl); object.set({ foo: 'bar' }); await object.save(); await object.destroy(); + await new Promise(resolve => setTimeout(resolve, 200)); + for (const key in calls) { + expect(calls[key]).toHaveBeenCalled(); + } }); it('handle invalid websocket payload length', async done => { From a4fe237736aaf91dae2dbaf3d234f6d3c3331ac4 Mon Sep 17 00:00:00 2001 From: dblythy Date: Sat, 24 Apr 2021 10:48:49 +1000 Subject: [PATCH 18/20] Update OAuth1.spec.js --- spec/OAuth1.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/OAuth1.spec.js b/spec/OAuth1.spec.js index 3234394c09..04d2619ce3 100644 --- a/spec/OAuth1.spec.js +++ b/spec/OAuth1.spec.js @@ -93,7 +93,7 @@ describe('OAuth', function () { consumer_key: 'XXXXXXXXXXXXXXXXXXXXXXXXX', consumer_secret: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', }; - const path = '/1.1/help/configuration.json'; + const path = '/1.1/oauth/request_token'; const params = { lang: 'en' }; const oauthClient = new OAuth(options); oauthClient.get(path, params).then(function (data) { From 837ff4df4e4b2cd6883802037c75e178e1658cb6 Mon Sep 17 00:00:00 2001 From: dblythy Date: Sat, 24 Apr 2021 10:59:12 +1000 Subject: [PATCH 19/20] Update ParseLiveQuery.spec.js --- spec/ParseLiveQuery.spec.js | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index 6f7d4b73cb..65d1836c5f 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -686,7 +686,6 @@ describe('ParseLiveQuery', function () { }, }; for (const key in calls) { - console.log(key); spyOn(calls, key).and.callThrough(); } Parse.Cloud.beforeConnect(calls.beforeConnect); From eddfcb554432fdcccfa662a79d99a84d1e275878 Mon Sep 17 00:00:00 2001 From: dblythy Date: Sat, 24 Apr 2021 11:13:16 +1000 Subject: [PATCH 20/20] Update OAuth1.spec.js --- spec/OAuth1.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/OAuth1.spec.js b/spec/OAuth1.spec.js index 04d2619ce3..3234394c09 100644 --- a/spec/OAuth1.spec.js +++ b/spec/OAuth1.spec.js @@ -93,7 +93,7 @@ describe('OAuth', function () { consumer_key: 'XXXXXXXXXXXXXXXXXXXXXXXXX', consumer_secret: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', }; - const path = '/1.1/oauth/request_token'; + const path = '/1.1/help/configuration.json'; const params = { lang: 'en' }; const oauthClient = new OAuth(options); oauthClient.get(path, params).then(function (data) {