From df8be616272d66d7a7604743431f253a66c6898d Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 14 Dec 2020 22:09:38 +1100 Subject: [PATCH 01/15] New: fileUpload options to restrict file uploads --- resources/buildConfigDefinitions.js | 13 +-- spec/ParseFile.spec.js | 121 ++++++++++++++++++++++++++++ spec/helper.js | 3 + src/Options/Definitions.js | 26 ++++++ src/Options/docs.js | 8 ++ src/Options/index.js | 15 ++++ src/Routers/FilesRouter.js | 23 ++++++ 7 files changed, 200 insertions(+), 9 deletions(-) diff --git a/resources/buildConfigDefinitions.js b/resources/buildConfigDefinitions.js index 99b57b1379..aee5403613 100644 --- a/resources/buildConfigDefinitions.js +++ b/resources/buildConfigDefinitions.js @@ -47,7 +47,8 @@ function getENVPrefix(iface) { 'LiveQueryOptions' : 'PARSE_SERVER_LIVEQUERY_', 'IdempotencyOptions' : 'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_', 'AccountLockoutOptions' : 'PARSE_SERVER_ACCOUNT_LOCKOUT_', - 'PasswordPolicyOptions' : 'PARSE_SERVER_PASSWORD_POLICY_' + 'PasswordPolicyOptions' : 'PARSE_SERVER_PASSWORD_POLICY_', + 'FileUploadOptions' : 'PARSE_SERVER_FILE_UPLOAD_' } if (options[iface.id.name]) { return options[iface.id.name] @@ -163,14 +164,8 @@ function parseDefaultValue(elt, value, t) { if (type == 'NumberOrBoolean') { literalValue = t.numericLiteral(parsers.numberOrBoolParser('')(value)); } - if (type == 'CustomPagesOptions') { - const object = parsers.objectParser(value); - const props = Object.keys(object).map((key) => { - return t.objectProperty(key, object[value]); - }); - literalValue = t.objectExpression(props); - } - if (type == 'IdempotencyOptions') { + const literalTypes = ['IdempotencyOptions','FileUploadOptions','CustomPagesOptions']; + if (literalTypes.includes(type)) { const object = parsers.objectParser(value); const props = Object.keys(object).map((key) => { return t.objectProperty(key, object[value]); diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js index 410d15c81b..e6b7a8eba5 100644 --- a/spec/ParseFile.spec.js +++ b/spec/ParseFile.spec.js @@ -860,4 +860,125 @@ describe('Parse.File testing', () => { }); }); }); + describe('file upload restrictions', () => { + it('can reject file upload with unspecified', async () => { + await reconfigureServer({ + fileUpload: {}, + }); + try { + const file = new Parse.File('hello.txt', data, 'text/plain'); + await file.save(); + fail('should not have been able to save file.'); + } catch (e) { + expect(e.code).toBe(130); + expect(e.message).toBe('Public file upload is not enabled.'); + } + }); + it('disable file upload', async () => { + await reconfigureServer({ + fileUpload: { + enabledForPublic: false, + enabledForAnonymousUser: false, + enabledForAuthenticatedUser: false, + }, + }); + try { + const file = new Parse.File('hello.txt', data, 'text/plain'); + await file.save(); + fail('should not have been able to save file.'); + } catch (e) { + expect(e.code).toBe(130); + expect(e.message).toBe('Public file upload is not enabled.'); + } + }); + it('disable for public', async () => { + await reconfigureServer({ + fileUpload: { + enabledForPublic: false, + }, + }); + try { + const file = new Parse.File('hello.txt', data, 'text/plain'); + await file.save(); + fail('should not have been able to save file.'); + } catch (e) { + expect(e.code).toBe(130); + expect(e.message).toBe('Public file upload is not enabled.'); + } + }); + + it('disable for public allow user', async () => { + await reconfigureServer({ + fileUpload: { + enabledForPublic: false, + }, + }); + try { + const user = await Parse.User.signUp('myUser', 'password'); + const file = new Parse.File('hello.txt', data, 'text/plain'); + await file.save({ sessionToken: user.getSessionToken() }); + } catch (e) { + fail('should have allowed file to save.'); + } + }); + + it('disable for anonymous', async () => { + await reconfigureServer({ + fileUpload: { + enabledForAnonymousUser: false, + }, + }); + try { + const user = await Parse.AnonymousUtils.logIn(); + const file = new Parse.File('hello.txt', data, 'text/plain'); + await file.save({ sessionToken: user.getSessionToken() }); + fail('should not have been able to save file.'); + } catch (e) { + expect(e.code).toBe(130); + expect(e.message).toBe('Anonymous file upload is not enabled.'); + } + }); + + it('enable for anonymous', async () => { + await reconfigureServer({ + fileUpload: { + enabledForPublic: false, + enabledForAnonymousUser: true, + }, + }); + try { + const user = await Parse.AnonymousUtils.logIn(); + const file = new Parse.File('hello.txt', data, 'text/plain'); + await file.save({ sessionToken: user.getSessionToken() }); + } catch (e) { + fail('should have allowed file to save.'); + } + }); + + it('enable for anonymous but not authenticated', async () => { + await reconfigureServer({ + fileUpload: { + enabledForPublic: false, + enabledForAnonymousUser: true, + enabledForAuthenticatedUser: false, + }, + }); + try { + const user = await Parse.AnonymousUtils.logIn(); + const file = new Parse.File('hello.txt', data, 'text/plain'); + await file.save({ sessionToken: user.getSessionToken() }); + } catch (e) { + fail('should have allowed file to save.'); + } + try { + const user = await Parse.User.signUp('myUser', 'password'); + const file = new Parse.File('hello.txt', data, 'text/plain'); + await file.save({ sessionToken: user.getSessionToken() }); + fail('should have not allowed file to save.'); + } catch (e) { + expect(e.code).toBe(130); + expect(e.message).toBe('Authenticated file upload is not enabled.'); + } + }); + }); }); diff --git a/spec/helper.js b/spec/helper.js index a7f6cf2280..385b0aa51b 100644 --- a/spec/helper.js +++ b/spec/helper.js @@ -88,6 +88,9 @@ const defaultConfiguration = { fileKey: 'test', silent, logLevel, + fileUpload: { + enabledForPublic: true, + }, push: { android: { senderId: 'yolo', diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js index bce3756360..7b3863e2f2 100644 --- a/src/Options/Definitions.js +++ b/src/Options/Definitions.js @@ -175,6 +175,11 @@ module.exports.ParseServerOptions = { help: 'Adapter module for the files sub-system', action: parsers.moduleOrObjectParser, }, + fileUpload: { + env: 'PARSE_SERVER_FILE_UPLOAD_OPTIONS', + help: 'Options for file uploads', + action: parsers.objectParser, + }, graphQLPath: { env: 'PARSE_SERVER_GRAPHQL_PATH', help: 'Mount path for the GraphQL endpoint, defaults to /graphql', @@ -600,3 +605,24 @@ module.exports.PasswordPolicyOptions = { help: 'a RegExp object or a regex string representing the pattern to enforce', }, }; +module.exports.FileUploadOptions = { + enabledForAnonymousUser: { + env: 'PARSE_SERVER_FILE_UPLOAD_ENABLED_FOR_ANONYMOUS_USER', + help: 'File upload is enabled for Anonymous Users.', + action: parsers.booleanParser, + default: false, + }, + enabledForAuthenticatedUser: { + env: 'PARSE_SERVER_FILE_UPLOAD_ENABLED_FOR_AUTHENTICATED_USER', + help: 'File upload is enabled for authenticated users.', + action: parsers.booleanParser, + default: true, + }, + enabledForPublic: { + env: 'PARSE_SERVER_FILE_UPLOAD_ENABLED_FOR_PUBLIC', + help: + 'File upload is enabled for anyone with access to the Parse Server file upload endpoint, regardless of user authentication.', + action: parsers.booleanParser, + default: false, + }, +}; diff --git a/src/Options/docs.js b/src/Options/docs.js index 576ff60a14..47f934e8c8 100644 --- a/src/Options/docs.js +++ b/src/Options/docs.js @@ -32,6 +32,7 @@ * @property {Boolean} expireInactiveSessions Sets wether we should expire the inactive sessions, defaults to true * @property {String} fileKey Key for your files * @property {Adapter} filesAdapter Adapter module for the files sub-system + * @property {FileUploadOptions} fileUpload Options for file uploads * @property {String} graphQLPath Mount path for the GraphQL endpoint, defaults to /graphql * @property {String} graphQLSchema Full path to your GraphQL custom schema.graphql file * @property {String} host The host to serve ParseServer on, defaults to 0.0.0.0 @@ -137,3 +138,10 @@ * @property {Function} validatorCallback a callback function to be invoked to validate the password * @property {String} validatorPattern a RegExp object or a regex string representing the pattern to enforce */ + +/** + * @interface FileUploadOptions + * @property {Boolean} enabledForAnonymousUser File upload is enabled for Anonymous Users. + * @property {Boolean} enabledForAuthenticatedUser File upload is enabled for authenticated users. + * @property {Boolean} enabledForPublic File upload is enabled for anyone with access to the Parse Server file upload endpoint, regardless of user authentication. + */ diff --git a/src/Options/index.js b/src/Options/index.js index d2237e08a8..a8df0e098b 100644 --- a/src/Options/index.js +++ b/src/Options/index.js @@ -198,6 +198,9 @@ export interface ParseServerOptions { :ENV: PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_OPTIONS :DEFAULT: false */ idempotencyOptions: ?IdempotencyOptions; + /* Options for file uploads + :ENV: PARSE_SERVER_FILE_UPLOAD_OPTIONS */ + fileUpload: ?FileUploadOptions; /* Full path to your GraphQL custom schema.graphql file */ graphQLSchema: ?string; /* Mounts the GraphQL endpoint @@ -315,3 +318,15 @@ export interface PasswordPolicyOptions { /* resend token if it's still valid */ resetTokenReuseIfValid: ?boolean; } + +export interface FileUploadOptions { + /* File upload is enabled for Anonymous Users. + :DEFAULT: false */ + enabledForAnonymousUser: ?boolean; + /* File upload is enabled for anyone with access to the Parse Server file upload endpoint, regardless of user authentication. + :DEFAULT: false */ + enabledForPublic: ?boolean; + /* File upload is enabled for authenticated users. + :DEFAULT: true */ + enabledForAuthenticatedUser: ?boolean; +} diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js index 2b0140fe7d..bb333a8c4f 100644 --- a/src/Routers/FilesRouter.js +++ b/src/Routers/FilesRouter.js @@ -94,6 +94,29 @@ export class FilesRouter { async createHandler(req, res, next) { const config = req.config; + if ( + !req.config.fileUpload.enabledForAnonymousUser && + req.auth.user && + Parse.AnonymousUtils.isLinked(req.auth.user) + ) { + next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Anonymous file upload is not enabled.')); + return; + } + if ( + !req.config.fileUpload.enabledForAuthenticatedUser && + req.config.fileUpload.enabledForAuthenticatedUser != null && + req.auth.user && + !Parse.AnonymousUtils.isLinked(req.auth.user) + ) { + next( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Authenticated file upload is not enabled.') + ); + return; + } + if (!req.config.fileUpload.enabledForPublic && !req.auth.user) { + next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Public file upload is not enabled.')); + return; + } const filesController = config.filesController; const { filename } = req.params; const contentType = req.get('Content-type'); From 25dfce3a7a40a9742f9f4a4ee1fc3f122c64d74b Mon Sep 17 00:00:00 2001 From: dblythy Date: Tue, 15 Dec 2020 12:35:28 +1100 Subject: [PATCH 02/15] review changes --- spec/ParseFile.spec.js | 83 +++++++++++++++++++++++++++----------- spec/helper.js | 2 +- src/Config.js | 21 ++++++++++ src/Options/Definitions.js | 21 +++++----- src/Options/docs.js | 6 +-- src/Options/index.js | 14 +++---- src/Routers/FilesRouter.js | 31 +++++++------- 7 files changed, 118 insertions(+), 60 deletions(-) diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js index e6b7a8eba5..c809b183ec 100644 --- a/spec/ParseFile.spec.js +++ b/spec/ParseFile.spec.js @@ -860,7 +860,8 @@ describe('Parse.File testing', () => { }); }); }); - describe('file upload restrictions', () => { + + describe('disable file upload', () => { it('can reject file upload with unspecified', async () => { await reconfigureServer({ fileUpload: {}, @@ -871,15 +872,16 @@ describe('Parse.File testing', () => { fail('should not have been able to save file.'); } catch (e) { expect(e.code).toBe(130); - expect(e.message).toBe('Public file upload is not enabled.'); + expect(e.message).toBe('File upload by public is not enabled.'); } }); - it('disable file upload', async () => { + + it('disable all file upload', async () => { await reconfigureServer({ fileUpload: { - enabledForPublic: false, - enabledForAnonymousUser: false, - enabledForAuthenticatedUser: false, + enableForPublic: false, + enableForAnonymousUser: false, + enableForAuthenticatedUser: false, }, }); try { @@ -888,13 +890,14 @@ describe('Parse.File testing', () => { fail('should not have been able to save file.'); } catch (e) { expect(e.code).toBe(130); - expect(e.message).toBe('Public file upload is not enabled.'); + expect(e.message).toBe('File upload by public is not enabled.'); } }); - it('disable for public', async () => { + + it('disable public file upload', async () => { await reconfigureServer({ fileUpload: { - enabledForPublic: false, + enableForPublic: false, }, }); try { @@ -903,14 +906,15 @@ describe('Parse.File testing', () => { fail('should not have been able to save file.'); } catch (e) { expect(e.code).toBe(130); - expect(e.message).toBe('Public file upload is not enabled.'); + expect(e.message).toBe('File upload by public is not enabled.'); } }); - it('disable for public allow user', async () => { + it('disable file upload for public but allow for user', async () => { await reconfigureServer({ fileUpload: { - enabledForPublic: false, + enableForPublic: false, + enableForAuthenticatedUser: true, }, }); try { @@ -922,10 +926,10 @@ describe('Parse.File testing', () => { } }); - it('disable for anonymous', async () => { + it('disable file upload for anonymous', async () => { await reconfigureServer({ fileUpload: { - enabledForAnonymousUser: false, + enableForAnonymousUser: false, }, }); try { @@ -935,15 +939,15 @@ describe('Parse.File testing', () => { fail('should not have been able to save file.'); } catch (e) { expect(e.code).toBe(130); - expect(e.message).toBe('Anonymous file upload is not enabled.'); + expect(e.message).toBe('File upload by anonymous user is not allowed.'); } }); - it('enable for anonymous', async () => { + it('enable file upload for anonymous', async () => { await reconfigureServer({ fileUpload: { - enabledForPublic: false, - enabledForAnonymousUser: true, + enableForPublic: false, + enableForAnonymousUser: true, }, }); try { @@ -955,12 +959,12 @@ describe('Parse.File testing', () => { } }); - it('enable for anonymous but not authenticated', async () => { + it('enable file upload for anonymous but not authenticated users', async () => { await reconfigureServer({ fileUpload: { - enabledForPublic: false, - enabledForAnonymousUser: true, - enabledForAuthenticatedUser: false, + enableForPublic: false, + enableForAnonymousUser: true, + enableForAuthenticatedUser: false, }, }); try { @@ -977,8 +981,41 @@ describe('Parse.File testing', () => { fail('should have not allowed file to save.'); } catch (e) { expect(e.code).toBe(130); - expect(e.message).toBe('Authenticated file upload is not enabled.'); + expect(e.message).toBe('File upload by authenticated users is not enabled.'); } }); }); + + it('setup with invalid configuration', async () => { + try { + await reconfigureServer({ + fileUpload: { + enableForPublic: [], + }, + }); + fail('should not allow invalid configuration'); + } catch (e) { + expect(e).toBe('enableForPublic must be a boolean value'); + } + try { + await reconfigureServer({ + fileUpload: { + enableForAnonymousUser: [], + }, + }); + fail('should not allow invalid configuration'); + } catch (e) { + expect(e).toBe('enableForAnonymousUser must be a boolean value'); + } + try { + await reconfigureServer({ + fileUpload: { + enableForAuthenticatedUser: [], + }, + }); + fail('should not allow invalid configuration'); + } catch (e) { + expect(e).toBe('enableForAuthenticatedUser must be a boolean value'); + } + }); }); diff --git a/spec/helper.js b/spec/helper.js index 385b0aa51b..135a8ecb34 100644 --- a/spec/helper.js +++ b/spec/helper.js @@ -89,7 +89,7 @@ const defaultConfiguration = { silent, logLevel, fileUpload: { - enabledForPublic: true, + enableForPublic: true, }, push: { android: { diff --git a/src/Config.js b/src/Config.js index 5c64df180a..fd06e20bd8 100644 --- a/src/Config.js +++ b/src/Config.js @@ -71,6 +71,7 @@ export class Config { allowHeaders, idempotencyOptions, emailVerifyTokenReuseIfValid, + fileUpload, }) { if (masterKey === readOnlyMasterKey) { throw new Error('masterKey and readOnlyMasterKey should be different'); @@ -91,6 +92,8 @@ export class Config { this.validatePasswordPolicy(passwordPolicy); + this.validateFileUploadOptions(fileUpload); + if (typeof revokeSessionOnPasswordReset !== 'boolean') { throw 'revokeSessionOnPasswordReset must be a boolean value'; } @@ -244,7 +247,25 @@ export class Config { throw 'You cannot use emailVerifyTokenReuseIfValid without emailVerifyTokenValidityDuration'; } } + static validateFileUploadOptions(fileUpload) { + if ( + fileUpload.enableForAnonymousUser && + typeof fileUpload.enableForAnonymousUser !== 'boolean' + ) { + throw 'enableForAnonymousUser must be a boolean value'; + } + + if (fileUpload.enableForPublic && typeof fileUpload.enableForPublic !== 'boolean') { + throw 'enableForPublic must be a boolean value'; + } + if ( + fileUpload.enableForAuthenticatedUser && + typeof fileUpload.enableForAuthenticatedUser !== 'boolean' + ) { + throw 'enableForAuthenticatedUser must be a boolean value'; + } + } static validateMasterKeyIps(masterKeyIps) { for (const ip of masterKeyIps) { if (!net.isIP(ip)) { diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js index 7b3863e2f2..0d67c614ed 100644 --- a/src/Options/Definitions.js +++ b/src/Options/Definitions.js @@ -606,22 +606,21 @@ module.exports.PasswordPolicyOptions = { }, }; module.exports.FileUploadOptions = { - enabledForAnonymousUser: { - env: 'PARSE_SERVER_FILE_UPLOAD_ENABLED_FOR_ANONYMOUS_USER', - help: 'File upload is enabled for Anonymous Users.', + enableForAnonymousUser: { + env: 'PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_ANONYMOUS_USER', + help: 'Is true if file upload should be allowed for anonymous users.', action: parsers.booleanParser, default: false, }, - enabledForAuthenticatedUser: { - env: 'PARSE_SERVER_FILE_UPLOAD_ENABLED_FOR_AUTHENTICATED_USER', - help: 'File upload is enabled for authenticated users.', + enableForAuthenticatedUser: { + env: 'PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_AUTHENTICATED_USER', + help: 'Is true if file upload should be allowed for authenticated users.', action: parsers.booleanParser, - default: true, + default: false, }, - enabledForPublic: { - env: 'PARSE_SERVER_FILE_UPLOAD_ENABLED_FOR_PUBLIC', - help: - 'File upload is enabled for anyone with access to the Parse Server file upload endpoint, regardless of user authentication.', + enableForPublic: { + env: 'PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_PUBLIC', + help: 'Is true if file upload should be allowed for anyone, regardless of user authentication.', action: parsers.booleanParser, default: false, }, diff --git a/src/Options/docs.js b/src/Options/docs.js index 47f934e8c8..a70fa8bff2 100644 --- a/src/Options/docs.js +++ b/src/Options/docs.js @@ -141,7 +141,7 @@ /** * @interface FileUploadOptions - * @property {Boolean} enabledForAnonymousUser File upload is enabled for Anonymous Users. - * @property {Boolean} enabledForAuthenticatedUser File upload is enabled for authenticated users. - * @property {Boolean} enabledForPublic File upload is enabled for anyone with access to the Parse Server file upload endpoint, regardless of user authentication. + * @property {Boolean} enableForAnonymousUser Is true if file upload should be allowed for anonymous users. + * @property {Boolean} enableForAuthenticatedUser Is true if file upload should be allowed for authenticated users. + * @property {Boolean} enableForPublic Is true if file upload should be allowed for anyone, regardless of user authentication. */ diff --git a/src/Options/index.js b/src/Options/index.js index a8df0e098b..18fa077735 100644 --- a/src/Options/index.js +++ b/src/Options/index.js @@ -320,13 +320,13 @@ export interface PasswordPolicyOptions { } export interface FileUploadOptions { - /* File upload is enabled for Anonymous Users. + /* Is true if file upload should be allowed for anonymous users. :DEFAULT: false */ - enabledForAnonymousUser: ?boolean; - /* File upload is enabled for anyone with access to the Parse Server file upload endpoint, regardless of user authentication. + enableForAnonymousUser: ?boolean; + /* Is true if file upload should be allowed for authenticated users. :DEFAULT: false */ - enabledForPublic: ?boolean; - /* File upload is enabled for authenticated users. - :DEFAULT: true */ - enabledForAuthenticatedUser: ?boolean; + enableForAuthenticatedUser: ?boolean; + /* Is true if file upload should be allowed for anyone, regardless of user authentication. + :DEFAULT: false */ + enableForPublic: ?boolean; } diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js index bb333a8c4f..7d5f9fa67a 100644 --- a/src/Routers/FilesRouter.js +++ b/src/Routers/FilesRouter.js @@ -94,27 +94,28 @@ export class FilesRouter { async createHandler(req, res, next) { const config = req.config; - if ( - !req.config.fileUpload.enabledForAnonymousUser && - req.auth.user && - Parse.AnonymousUtils.isLinked(req.auth.user) - ) { - next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Anonymous file upload is not enabled.')); + const user = req.auth.user; + const isLinked = user && Parse.AnonymousUtils.isLinked(user); + if (!config.fileUpload.enableForAnonymousUser && isLinked) { + next( + new Parse.Error( + Parse.Error.FILE_SAVE_ERROR, + 'File upload by anonymous user is not allowed.' + ) + ); return; } - if ( - !req.config.fileUpload.enabledForAuthenticatedUser && - req.config.fileUpload.enabledForAuthenticatedUser != null && - req.auth.user && - !Parse.AnonymousUtils.isLinked(req.auth.user) - ) { + if (!config.fileUpload.enableForAuthenticatedUser && !isLinked && user) { next( - new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Authenticated file upload is not enabled.') + new Parse.Error( + Parse.Error.FILE_SAVE_ERROR, + 'File upload by authenticated users is not enabled.' + ) ); return; } - if (!req.config.fileUpload.enabledForPublic && !req.auth.user) { - next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Public file upload is not enabled.')); + if (!config.fileUpload.enableForPublic && !user) { + next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is not enabled.')); return; } const filesController = config.filesController; From 9ddd58cc37af2985e3eab3db68b0af19836dffc4 Mon Sep 17 00:00:00 2001 From: dblythy Date: Tue, 15 Dec 2020 13:28:00 +1100 Subject: [PATCH 03/15] update review --- src/Config.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Config.js b/src/Config.js index fd06e20bd8..800dad5fb5 100644 --- a/src/Config.js +++ b/src/Config.js @@ -248,6 +248,9 @@ export class Config { } } static validateFileUploadOptions(fileUpload) { + if (!fileUpload) { + fileUpload = {}; + } if ( fileUpload.enableForAnonymousUser && typeof fileUpload.enableForAnonymousUser !== 'boolean' From 67f0cc32bf465bc201ed5c341dd1507ace206785 Mon Sep 17 00:00:00 2001 From: dblythy Date: Tue, 15 Dec 2020 13:45:37 +1100 Subject: [PATCH 04/15] Update helper.js --- spec/helper.js | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/helper.js b/spec/helper.js index 135a8ecb34..27d275d41f 100644 --- a/spec/helper.js +++ b/spec/helper.js @@ -90,6 +90,7 @@ const defaultConfiguration = { logLevel, fileUpload: { enableForPublic: true, + enableForAuthenticatedUser: true, }, push: { android: { From cd26ef2388b548f210d34ec52653391596f306dd Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 00:07:03 +0100 Subject: [PATCH 05/15] added complete fileUpload values for tests --- spec/helper.js | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/helper.js b/spec/helper.js index 27d275d41f..5c598277f5 100644 --- a/spec/helper.js +++ b/spec/helper.js @@ -90,6 +90,7 @@ const defaultConfiguration = { logLevel, fileUpload: { enableForPublic: true, + enableForAnonymousUser: true, enableForAuthenticatedUser: true, }, push: { From af12edae130f99a4c8dde1148c1e5b729ac7b0b3 Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 00:10:38 +0100 Subject: [PATCH 06/15] fixed config validation --- src/Config.js | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/src/Config.js b/src/Config.js index 800dad5fb5..50a92b4b0f 100644 --- a/src/Config.js +++ b/src/Config.js @@ -6,7 +6,10 @@ import AppCache from './cache'; import SchemaCache from './Controllers/SchemaCache'; import DatabaseController from './Controllers/DatabaseController'; import net from 'net'; -import { IdempotencyOptions } from './Options/Definitions'; +import { + IdempotencyOptions, + FileUploadOptions, +} from './Options/Definitions'; function removeTrailingSlash(str) { if (!str) { @@ -89,9 +92,7 @@ export class Config { } this.validateAccountLockoutPolicy(accountLockout); - this.validatePasswordPolicy(passwordPolicy); - this.validateFileUploadOptions(fileUpload); if (typeof revokeSessionOnPasswordReset !== 'boolean') { @@ -247,28 +248,31 @@ export class Config { throw 'You cannot use emailVerifyTokenReuseIfValid without emailVerifyTokenValidityDuration'; } } + static validateFileUploadOptions(fileUpload) { if (!fileUpload) { fileUpload = {}; } - if ( - fileUpload.enableForAnonymousUser && - typeof fileUpload.enableForAnonymousUser !== 'boolean' - ) { - throw 'enableForAnonymousUser must be a boolean value'; + if (typeof fileUpload !== 'object' || fileUpload instanceof Array) { + throw 'fileUpload must be an object value.'; } - - if (fileUpload.enableForPublic && typeof fileUpload.enableForPublic !== 'boolean') { - throw 'enableForPublic must be a boolean value'; + if (fileUpload.enableForAnonymousUser === undefined) { + fileUpload.enableForAnonymousUser = FileUploadOptions.enableForAnonymousUser.default; + } else if (typeof fileUpload.enableForAnonymousUser !== 'boolean') { + throw 'fileUpload.enableForAnonymousUser must be a boolean value.'; } - - if ( - fileUpload.enableForAuthenticatedUser && - typeof fileUpload.enableForAuthenticatedUser !== 'boolean' - ) { - throw 'enableForAuthenticatedUser must be a boolean value'; + if (fileUpload.enableForPublic === undefined) { + fileUpload.enableForPublic = FileUploadOptions.enableForPublic.default; + } else if (typeof fileUpload.enableForPublic !== 'boolean') { + throw 'fileUpload.enableForPublic must be a boolean value.'; + } + if (fileUpload.enableForAuthenticatedUser === undefined) { + fileUpload.enableForAuthenticatedUser = FileUploadOptions.enableForAuthenticatedUser.default; + } else if (typeof fileUpload.enableForAuthenticatedUser !== 'boolean') { + throw 'fileUpload.enableForAuthenticatedUser must be a boolean value.'; } } + static validateMasterKeyIps(masterKeyIps) { for (const ip of masterKeyIps) { if (!net.isIP(ip)) { From 4887bf195186e5192acfbe109ab58bc99277fba7 Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 00:10:57 +0100 Subject: [PATCH 07/15] allow file upload only for authenicated user by default --- src/Options/Definitions.js | 1189 ++++++++++++++++++------------------ src/Options/index.js | 2 +- 2 files changed, 585 insertions(+), 606 deletions(-) diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js index 0d67c614ed..c0ea9b064f 100644 --- a/src/Options/Definitions.js +++ b/src/Options/Definitions.js @@ -3,625 +3,604 @@ This code has been generated by resources/buildConfigDefinitions.js Do not edit manually, but update Options/index.js */ -var parsers = require('./parsers'); +var parsers = require("./parsers"); module.exports.ParseServerOptions = { - accountLockout: { - env: 'PARSE_SERVER_ACCOUNT_LOCKOUT', - help: 'account lockout policy for failed login attempts', - action: parsers.objectParser, - }, - allowClientClassCreation: { - env: 'PARSE_SERVER_ALLOW_CLIENT_CLASS_CREATION', - help: 'Enable (or disable) client class creation, defaults to true', - action: parsers.booleanParser, - default: true, - }, - allowCustomObjectId: { - env: 'PARSE_SERVER_ALLOW_CUSTOM_OBJECT_ID', - help: 'Enable (or disable) custom objectId', - action: parsers.booleanParser, - default: false, - }, - allowHeaders: { - env: 'PARSE_SERVER_ALLOW_HEADERS', - help: 'Add headers to Access-Control-Allow-Headers', - action: parsers.arrayParser, - }, - allowOrigin: { - env: 'PARSE_SERVER_ALLOW_ORIGIN', - help: 'Sets the origin to Access-Control-Allow-Origin', - }, - analyticsAdapter: { - env: 'PARSE_SERVER_ANALYTICS_ADAPTER', - help: 'Adapter module for the analytics', - action: parsers.moduleOrObjectParser, - }, - appId: { - env: 'PARSE_SERVER_APPLICATION_ID', - help: 'Your Parse Application ID', - required: true, - }, - appName: { - env: 'PARSE_SERVER_APP_NAME', - help: 'Sets the app name', - }, - auth: { - env: 'PARSE_SERVER_AUTH_PROVIDERS', - help: - 'Configuration for your authentication providers, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication', - action: parsers.objectParser, - }, - cacheAdapter: { - env: 'PARSE_SERVER_CACHE_ADAPTER', - help: 'Adapter module for the cache', - action: parsers.moduleOrObjectParser, - }, - cacheMaxSize: { - env: 'PARSE_SERVER_CACHE_MAX_SIZE', - help: 'Sets the maximum size for the in memory cache, defaults to 10000', - action: parsers.numberParser('cacheMaxSize'), - default: 10000, - }, - cacheTTL: { - env: 'PARSE_SERVER_CACHE_TTL', - help: 'Sets the TTL for the in memory cache (in ms), defaults to 5000 (5 seconds)', - action: parsers.numberParser('cacheTTL'), - default: 5000, - }, - clientKey: { - env: 'PARSE_SERVER_CLIENT_KEY', - help: 'Key for iOS, MacOS, tvOS clients', - }, - cloud: { - env: 'PARSE_SERVER_CLOUD', - help: 'Full path to your cloud code main.js', - }, - cluster: { - env: 'PARSE_SERVER_CLUSTER', - help: 'Run with cluster, optionally set the number of processes default to os.cpus().length', - action: parsers.numberOrBooleanParser, - }, - collectionPrefix: { - env: 'PARSE_SERVER_COLLECTION_PREFIX', - help: 'A collection prefix for the classes', - default: '', - }, - customPages: { - env: 'PARSE_SERVER_CUSTOM_PAGES', - help: 'custom pages for password validation and reset', - action: parsers.objectParser, - default: {}, - }, - databaseAdapter: { - env: 'PARSE_SERVER_DATABASE_ADAPTER', - help: 'Adapter module for the database', - action: parsers.moduleOrObjectParser, - }, - databaseOptions: { - env: 'PARSE_SERVER_DATABASE_OPTIONS', - help: 'Options to pass to the mongodb client', - action: parsers.objectParser, - }, - databaseURI: { - env: 'PARSE_SERVER_DATABASE_URI', - help: 'The full URI to your database. Supported databases are mongodb or postgres.', - required: true, - default: 'mongodb://localhost:27017/parse', - }, - directAccess: { - env: 'PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS', - help: - 'Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.', - action: parsers.booleanParser, - default: false, - }, - dotNetKey: { - env: 'PARSE_SERVER_DOT_NET_KEY', - help: 'Key for Unity and .Net SDK', - }, - emailAdapter: { - env: 'PARSE_SERVER_EMAIL_ADAPTER', - help: 'Adapter module for email sending', - action: parsers.moduleOrObjectParser, - }, - emailVerifyTokenReuseIfValid: { - env: 'PARSE_SERVER_EMAIL_VERIFY_TOKEN_REUSE_IF_VALID', - help: - 'an existing email verify token should be reused when resend verification email is requested', - action: parsers.booleanParser, - default: false, - }, - emailVerifyTokenValidityDuration: { - env: 'PARSE_SERVER_EMAIL_VERIFY_TOKEN_VALIDITY_DURATION', - help: 'Email verification token validity duration, in seconds', - action: parsers.numberParser('emailVerifyTokenValidityDuration'), - }, - enableAnonymousUsers: { - env: 'PARSE_SERVER_ENABLE_ANON_USERS', - help: 'Enable (or disable) anonymous users, defaults to true', - action: parsers.booleanParser, - default: true, - }, - enableExpressErrorHandler: { - env: 'PARSE_SERVER_ENABLE_EXPRESS_ERROR_HANDLER', - help: 'Enables the default express error handler for all errors', - action: parsers.booleanParser, - default: false, - }, - enableSingleSchemaCache: { - env: 'PARSE_SERVER_ENABLE_SINGLE_SCHEMA_CACHE', - help: - 'Use a single schema cache shared across requests. Reduces number of queries made to _SCHEMA, defaults to false, i.e. unique schema cache per request.', - action: parsers.booleanParser, - default: false, - }, - encryptionKey: { - env: 'PARSE_SERVER_ENCRYPTION_KEY', - help: 'Key for encrypting your files', - }, - expireInactiveSessions: { - env: 'PARSE_SERVER_EXPIRE_INACTIVE_SESSIONS', - help: 'Sets wether we should expire the inactive sessions, defaults to true', - action: parsers.booleanParser, - default: true, - }, - fileKey: { - env: 'PARSE_SERVER_FILE_KEY', - help: 'Key for your files', - }, - filesAdapter: { - env: 'PARSE_SERVER_FILES_ADAPTER', - help: 'Adapter module for the files sub-system', - action: parsers.moduleOrObjectParser, - }, - fileUpload: { - env: 'PARSE_SERVER_FILE_UPLOAD_OPTIONS', - help: 'Options for file uploads', - action: parsers.objectParser, - }, - graphQLPath: { - env: 'PARSE_SERVER_GRAPHQL_PATH', - help: 'Mount path for the GraphQL endpoint, defaults to /graphql', - default: '/graphql', - }, - graphQLSchema: { - env: 'PARSE_SERVER_GRAPH_QLSCHEMA', - help: 'Full path to your GraphQL custom schema.graphql file', - }, - host: { - env: 'PARSE_SERVER_HOST', - help: 'The host to serve ParseServer on, defaults to 0.0.0.0', - default: '0.0.0.0', - }, - idempotencyOptions: { - env: 'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_OPTIONS', - help: - 'Options for request idempotency to deduplicate identical requests that may be caused by network issues. Caution, this is an experimental feature that may not be appropriate for production.', - action: parsers.objectParser, - default: {}, - }, - javascriptKey: { - env: 'PARSE_SERVER_JAVASCRIPT_KEY', - help: 'Key for the Javascript SDK', - }, - jsonLogs: { - env: 'JSON_LOGS', - help: 'Log as structured JSON objects', - action: parsers.booleanParser, - }, - liveQuery: { - env: 'PARSE_SERVER_LIVE_QUERY', - help: "parse-server's LiveQuery configuration object", - action: parsers.objectParser, - }, - liveQueryServerOptions: { - env: 'PARSE_SERVER_LIVE_QUERY_SERVER_OPTIONS', - help: 'Live query server configuration options (will start the liveQuery server)', - action: parsers.objectParser, - }, - loggerAdapter: { - env: 'PARSE_SERVER_LOGGER_ADAPTER', - help: 'Adapter module for the logging sub-system', - action: parsers.moduleOrObjectParser, - }, - logLevel: { - env: 'PARSE_SERVER_LOG_LEVEL', - help: 'Sets the level for logs', - }, - logsFolder: { - env: 'PARSE_SERVER_LOGS_FOLDER', - help: "Folder for the logs (defaults to './logs'); set to null to disable file based logging", - default: './logs', - }, - masterKey: { - env: 'PARSE_SERVER_MASTER_KEY', - help: 'Your Parse Master Key', - required: true, - }, - masterKeyIps: { - env: 'PARSE_SERVER_MASTER_KEY_IPS', - help: 'Restrict masterKey to be used by only these ips, defaults to [] (allow all ips)', - action: parsers.arrayParser, - default: [], - }, - maxLimit: { - env: 'PARSE_SERVER_MAX_LIMIT', - help: 'Max value for limit option on queries, defaults to unlimited', - action: parsers.numberParser('maxLimit'), - }, - maxLogFiles: { - env: 'PARSE_SERVER_MAX_LOG_FILES', - help: - "Maximum number of logs to keep. If not set, no logs will be removed. This can be a number of files or number of days. If using days, add 'd' as the suffix. (default: null)", - action: parsers.objectParser, - }, - maxUploadSize: { - env: 'PARSE_SERVER_MAX_UPLOAD_SIZE', - help: 'Max file size for uploads, defaults to 20mb', - default: '20mb', - }, - middleware: { - env: 'PARSE_SERVER_MIDDLEWARE', - help: 'middleware for express server, can be string or function', - }, - mountGraphQL: { - env: 'PARSE_SERVER_MOUNT_GRAPHQL', - help: 'Mounts the GraphQL endpoint', - action: parsers.booleanParser, - default: false, - }, - mountPath: { - env: 'PARSE_SERVER_MOUNT_PATH', - help: 'Mount path for the server, defaults to /parse', - default: '/parse', - }, - mountPlayground: { - env: 'PARSE_SERVER_MOUNT_PLAYGROUND', - help: 'Mounts the GraphQL Playground - never use this option in production', - action: parsers.booleanParser, - default: false, - }, - objectIdSize: { - env: 'PARSE_SERVER_OBJECT_ID_SIZE', - help: "Sets the number of characters in generated object id's, default 10", - action: parsers.numberParser('objectIdSize'), - default: 10, - }, - passwordPolicy: { - env: 'PARSE_SERVER_PASSWORD_POLICY', - help: 'Password policy for enforcing password related rules', - action: parsers.objectParser, - }, - playgroundPath: { - env: 'PARSE_SERVER_PLAYGROUND_PATH', - help: 'Mount path for the GraphQL Playground, defaults to /playground', - default: '/playground', - }, - port: { - env: 'PORT', - help: 'The port to run the ParseServer, defaults to 1337.', - action: parsers.numberParser('port'), - default: 1337, - }, - preserveFileName: { - env: 'PARSE_SERVER_PRESERVE_FILE_NAME', - help: 'Enable (or disable) the addition of a unique hash to the file names', - action: parsers.booleanParser, - default: false, - }, - preventLoginWithUnverifiedEmail: { - env: 'PARSE_SERVER_PREVENT_LOGIN_WITH_UNVERIFIED_EMAIL', - help: - 'Prevent user from login if email is not verified and PARSE_SERVER_VERIFY_USER_EMAILS is true, defaults to false', - action: parsers.booleanParser, - default: false, - }, - protectedFields: { - env: 'PARSE_SERVER_PROTECTED_FIELDS', - help: 'Protected fields that should be treated with extra security when fetching details.', - action: parsers.objectParser, - default: { - _User: { - '*': ['email'], - }, - }, - }, - publicServerURL: { - env: 'PARSE_PUBLIC_SERVER_URL', - help: 'Public URL to your parse server with http:// or https://.', - }, - push: { - env: 'PARSE_SERVER_PUSH', - help: - 'Configuration for push, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#push-notifications', - action: parsers.objectParser, - }, - readOnlyMasterKey: { - env: 'PARSE_SERVER_READ_ONLY_MASTER_KEY', - help: 'Read-only key, which has the same capabilities as MasterKey without writes', - }, - restAPIKey: { - env: 'PARSE_SERVER_REST_API_KEY', - help: 'Key for REST calls', - }, - revokeSessionOnPasswordReset: { - env: 'PARSE_SERVER_REVOKE_SESSION_ON_PASSWORD_RESET', - help: - "When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions.", - action: parsers.booleanParser, - default: true, - }, - scheduledPush: { - env: 'PARSE_SERVER_SCHEDULED_PUSH', - help: 'Configuration for push scheduling, defaults to false.', - action: parsers.booleanParser, - default: false, - }, - schemaCacheTTL: { - env: 'PARSE_SERVER_SCHEMA_CACHE_TTL', - help: - 'The TTL for caching the schema for optimizing read/write operations. You should put a long TTL when your DB is in production. default to 5000; set 0 to disable.', - action: parsers.numberParser('schemaCacheTTL'), - default: 5000, - }, - serverCloseComplete: { - env: 'PARSE_SERVER_SERVER_CLOSE_COMPLETE', - help: 'Callback when server has closed', - }, - serverStartComplete: { - env: 'PARSE_SERVER_SERVER_START_COMPLETE', - help: 'Callback when server has started', - }, - serverURL: { - env: 'PARSE_SERVER_URL', - help: 'URL to your parse server with http:// or https://.', - required: true, - }, - sessionLength: { - env: 'PARSE_SERVER_SESSION_LENGTH', - help: 'Session duration, in seconds, defaults to 1 year', - action: parsers.numberParser('sessionLength'), - default: 31536000, - }, - silent: { - env: 'SILENT', - help: 'Disables console output', - action: parsers.booleanParser, - }, - startLiveQueryServer: { - env: 'PARSE_SERVER_START_LIVE_QUERY_SERVER', - help: 'Starts the liveQuery server', - action: parsers.booleanParser, - }, - userSensitiveFields: { - env: 'PARSE_SERVER_USER_SENSITIVE_FIELDS', - help: - 'Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields', - action: parsers.arrayParser, - }, - verbose: { - env: 'VERBOSE', - help: 'Set the logging to verbose', - action: parsers.booleanParser, - }, - verifyUserEmails: { - env: 'PARSE_SERVER_VERIFY_USER_EMAILS', - help: 'Enable (or disable) user email validation, defaults to false', - action: parsers.booleanParser, - default: false, - }, - webhookKey: { - env: 'PARSE_SERVER_WEBHOOK_KEY', - help: 'Key sent with outgoing webhook calls', - }, + "accountLockout": { + "env": "PARSE_SERVER_ACCOUNT_LOCKOUT", + "help": "account lockout policy for failed login attempts", + "action": parsers.objectParser + }, + "allowClientClassCreation": { + "env": "PARSE_SERVER_ALLOW_CLIENT_CLASS_CREATION", + "help": "Enable (or disable) client class creation, defaults to true", + "action": parsers.booleanParser, + "default": true + }, + "allowCustomObjectId": { + "env": "PARSE_SERVER_ALLOW_CUSTOM_OBJECT_ID", + "help": "Enable (or disable) custom objectId", + "action": parsers.booleanParser, + "default": false + }, + "allowHeaders": { + "env": "PARSE_SERVER_ALLOW_HEADERS", + "help": "Add headers to Access-Control-Allow-Headers", + "action": parsers.arrayParser + }, + "allowOrigin": { + "env": "PARSE_SERVER_ALLOW_ORIGIN", + "help": "Sets the origin to Access-Control-Allow-Origin" + }, + "analyticsAdapter": { + "env": "PARSE_SERVER_ANALYTICS_ADAPTER", + "help": "Adapter module for the analytics", + "action": parsers.moduleOrObjectParser + }, + "appId": { + "env": "PARSE_SERVER_APPLICATION_ID", + "help": "Your Parse Application ID", + "required": true + }, + "appName": { + "env": "PARSE_SERVER_APP_NAME", + "help": "Sets the app name" + }, + "auth": { + "env": "PARSE_SERVER_AUTH_PROVIDERS", + "help": "Configuration for your authentication providers, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication", + "action": parsers.objectParser + }, + "cacheAdapter": { + "env": "PARSE_SERVER_CACHE_ADAPTER", + "help": "Adapter module for the cache", + "action": parsers.moduleOrObjectParser + }, + "cacheMaxSize": { + "env": "PARSE_SERVER_CACHE_MAX_SIZE", + "help": "Sets the maximum size for the in memory cache, defaults to 10000", + "action": parsers.numberParser("cacheMaxSize"), + "default": 10000 + }, + "cacheTTL": { + "env": "PARSE_SERVER_CACHE_TTL", + "help": "Sets the TTL for the in memory cache (in ms), defaults to 5000 (5 seconds)", + "action": parsers.numberParser("cacheTTL"), + "default": 5000 + }, + "clientKey": { + "env": "PARSE_SERVER_CLIENT_KEY", + "help": "Key for iOS, MacOS, tvOS clients" + }, + "cloud": { + "env": "PARSE_SERVER_CLOUD", + "help": "Full path to your cloud code main.js" + }, + "cluster": { + "env": "PARSE_SERVER_CLUSTER", + "help": "Run with cluster, optionally set the number of processes default to os.cpus().length", + "action": parsers.numberOrBooleanParser + }, + "collectionPrefix": { + "env": "PARSE_SERVER_COLLECTION_PREFIX", + "help": "A collection prefix for the classes", + "default": "" + }, + "customPages": { + "env": "PARSE_SERVER_CUSTOM_PAGES", + "help": "custom pages for password validation and reset", + "action": parsers.objectParser, + "default": {} + }, + "databaseAdapter": { + "env": "PARSE_SERVER_DATABASE_ADAPTER", + "help": "Adapter module for the database", + "action": parsers.moduleOrObjectParser + }, + "databaseOptions": { + "env": "PARSE_SERVER_DATABASE_OPTIONS", + "help": "Options to pass to the mongodb client", + "action": parsers.objectParser + }, + "databaseURI": { + "env": "PARSE_SERVER_DATABASE_URI", + "help": "The full URI to your database. Supported databases are mongodb or postgres.", + "required": true, + "default": "mongodb://localhost:27017/parse" + }, + "directAccess": { + "env": "PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS", + "help": "Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.", + "action": parsers.booleanParser, + "default": false + }, + "dotNetKey": { + "env": "PARSE_SERVER_DOT_NET_KEY", + "help": "Key for Unity and .Net SDK" + }, + "emailAdapter": { + "env": "PARSE_SERVER_EMAIL_ADAPTER", + "help": "Adapter module for email sending", + "action": parsers.moduleOrObjectParser + }, + "emailVerifyTokenReuseIfValid": { + "env": "PARSE_SERVER_EMAIL_VERIFY_TOKEN_REUSE_IF_VALID", + "help": "an existing email verify token should be reused when resend verification email is requested", + "action": parsers.booleanParser, + "default": false + }, + "emailVerifyTokenValidityDuration": { + "env": "PARSE_SERVER_EMAIL_VERIFY_TOKEN_VALIDITY_DURATION", + "help": "Email verification token validity duration, in seconds", + "action": parsers.numberParser("emailVerifyTokenValidityDuration") + }, + "enableAnonymousUsers": { + "env": "PARSE_SERVER_ENABLE_ANON_USERS", + "help": "Enable (or disable) anonymous users, defaults to true", + "action": parsers.booleanParser, + "default": true + }, + "enableExpressErrorHandler": { + "env": "PARSE_SERVER_ENABLE_EXPRESS_ERROR_HANDLER", + "help": "Enables the default express error handler for all errors", + "action": parsers.booleanParser, + "default": false + }, + "enableSingleSchemaCache": { + "env": "PARSE_SERVER_ENABLE_SINGLE_SCHEMA_CACHE", + "help": "Use a single schema cache shared across requests. Reduces number of queries made to _SCHEMA, defaults to false, i.e. unique schema cache per request.", + "action": parsers.booleanParser, + "default": false + }, + "encryptionKey": { + "env": "PARSE_SERVER_ENCRYPTION_KEY", + "help": "Key for encrypting your files" + }, + "expireInactiveSessions": { + "env": "PARSE_SERVER_EXPIRE_INACTIVE_SESSIONS", + "help": "Sets wether we should expire the inactive sessions, defaults to true", + "action": parsers.booleanParser, + "default": true + }, + "fileKey": { + "env": "PARSE_SERVER_FILE_KEY", + "help": "Key for your files" + }, + "filesAdapter": { + "env": "PARSE_SERVER_FILES_ADAPTER", + "help": "Adapter module for the files sub-system", + "action": parsers.moduleOrObjectParser + }, + "fileUpload": { + "env": "PARSE_SERVER_FILE_UPLOAD_OPTIONS", + "help": "Options for file uploads", + "action": parsers.objectParser + }, + "graphQLPath": { + "env": "PARSE_SERVER_GRAPHQL_PATH", + "help": "Mount path for the GraphQL endpoint, defaults to /graphql", + "default": "/graphql" + }, + "graphQLSchema": { + "env": "PARSE_SERVER_GRAPH_QLSCHEMA", + "help": "Full path to your GraphQL custom schema.graphql file" + }, + "host": { + "env": "PARSE_SERVER_HOST", + "help": "The host to serve ParseServer on, defaults to 0.0.0.0", + "default": "0.0.0.0" + }, + "idempotencyOptions": { + "env": "PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_OPTIONS", + "help": "Options for request idempotency to deduplicate identical requests that may be caused by network issues. Caution, this is an experimental feature that may not be appropriate for production.", + "action": parsers.objectParser, + "default": {} + }, + "javascriptKey": { + "env": "PARSE_SERVER_JAVASCRIPT_KEY", + "help": "Key for the Javascript SDK" + }, + "jsonLogs": { + "env": "JSON_LOGS", + "help": "Log as structured JSON objects", + "action": parsers.booleanParser + }, + "liveQuery": { + "env": "PARSE_SERVER_LIVE_QUERY", + "help": "parse-server's LiveQuery configuration object", + "action": parsers.objectParser + }, + "liveQueryServerOptions": { + "env": "PARSE_SERVER_LIVE_QUERY_SERVER_OPTIONS", + "help": "Live query server configuration options (will start the liveQuery server)", + "action": parsers.objectParser + }, + "loggerAdapter": { + "env": "PARSE_SERVER_LOGGER_ADAPTER", + "help": "Adapter module for the logging sub-system", + "action": parsers.moduleOrObjectParser + }, + "logLevel": { + "env": "PARSE_SERVER_LOG_LEVEL", + "help": "Sets the level for logs" + }, + "logsFolder": { + "env": "PARSE_SERVER_LOGS_FOLDER", + "help": "Folder for the logs (defaults to './logs'); set to null to disable file based logging", + "default": "./logs" + }, + "masterKey": { + "env": "PARSE_SERVER_MASTER_KEY", + "help": "Your Parse Master Key", + "required": true + }, + "masterKeyIps": { + "env": "PARSE_SERVER_MASTER_KEY_IPS", + "help": "Restrict masterKey to be used by only these ips, defaults to [] (allow all ips)", + "action": parsers.arrayParser, + "default": [] + }, + "maxLimit": { + "env": "PARSE_SERVER_MAX_LIMIT", + "help": "Max value for limit option on queries, defaults to unlimited", + "action": parsers.numberParser("maxLimit") + }, + "maxLogFiles": { + "env": "PARSE_SERVER_MAX_LOG_FILES", + "help": "Maximum number of logs to keep. If not set, no logs will be removed. This can be a number of files or number of days. If using days, add 'd' as the suffix. (default: null)", + "action": parsers.objectParser + }, + "maxUploadSize": { + "env": "PARSE_SERVER_MAX_UPLOAD_SIZE", + "help": "Max file size for uploads, defaults to 20mb", + "default": "20mb" + }, + "middleware": { + "env": "PARSE_SERVER_MIDDLEWARE", + "help": "middleware for express server, can be string or function" + }, + "mountGraphQL": { + "env": "PARSE_SERVER_MOUNT_GRAPHQL", + "help": "Mounts the GraphQL endpoint", + "action": parsers.booleanParser, + "default": false + }, + "mountPath": { + "env": "PARSE_SERVER_MOUNT_PATH", + "help": "Mount path for the server, defaults to /parse", + "default": "/parse" + }, + "mountPlayground": { + "env": "PARSE_SERVER_MOUNT_PLAYGROUND", + "help": "Mounts the GraphQL Playground - never use this option in production", + "action": parsers.booleanParser, + "default": false + }, + "objectIdSize": { + "env": "PARSE_SERVER_OBJECT_ID_SIZE", + "help": "Sets the number of characters in generated object id's, default 10", + "action": parsers.numberParser("objectIdSize"), + "default": 10 + }, + "passwordPolicy": { + "env": "PARSE_SERVER_PASSWORD_POLICY", + "help": "Password policy for enforcing password related rules", + "action": parsers.objectParser + }, + "playgroundPath": { + "env": "PARSE_SERVER_PLAYGROUND_PATH", + "help": "Mount path for the GraphQL Playground, defaults to /playground", + "default": "/playground" + }, + "port": { + "env": "PORT", + "help": "The port to run the ParseServer, defaults to 1337.", + "action": parsers.numberParser("port"), + "default": 1337 + }, + "preserveFileName": { + "env": "PARSE_SERVER_PRESERVE_FILE_NAME", + "help": "Enable (or disable) the addition of a unique hash to the file names", + "action": parsers.booleanParser, + "default": false + }, + "preventLoginWithUnverifiedEmail": { + "env": "PARSE_SERVER_PREVENT_LOGIN_WITH_UNVERIFIED_EMAIL", + "help": "Prevent user from login if email is not verified and PARSE_SERVER_VERIFY_USER_EMAILS is true, defaults to false", + "action": parsers.booleanParser, + "default": false + }, + "protectedFields": { + "env": "PARSE_SERVER_PROTECTED_FIELDS", + "help": "Protected fields that should be treated with extra security when fetching details.", + "action": parsers.objectParser, + "default": { + "_User": { + "*": ["email"] + } + } + }, + "publicServerURL": { + "env": "PARSE_PUBLIC_SERVER_URL", + "help": "Public URL to your parse server with http:// or https://." + }, + "push": { + "env": "PARSE_SERVER_PUSH", + "help": "Configuration for push, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#push-notifications", + "action": parsers.objectParser + }, + "readOnlyMasterKey": { + "env": "PARSE_SERVER_READ_ONLY_MASTER_KEY", + "help": "Read-only key, which has the same capabilities as MasterKey without writes" + }, + "restAPIKey": { + "env": "PARSE_SERVER_REST_API_KEY", + "help": "Key for REST calls" + }, + "revokeSessionOnPasswordReset": { + "env": "PARSE_SERVER_REVOKE_SESSION_ON_PASSWORD_RESET", + "help": "When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions.", + "action": parsers.booleanParser, + "default": true + }, + "scheduledPush": { + "env": "PARSE_SERVER_SCHEDULED_PUSH", + "help": "Configuration for push scheduling, defaults to false.", + "action": parsers.booleanParser, + "default": false + }, + "schemaCacheTTL": { + "env": "PARSE_SERVER_SCHEMA_CACHE_TTL", + "help": "The TTL for caching the schema for optimizing read/write operations. You should put a long TTL when your DB is in production. default to 5000; set 0 to disable.", + "action": parsers.numberParser("schemaCacheTTL"), + "default": 5000 + }, + "serverCloseComplete": { + "env": "PARSE_SERVER_SERVER_CLOSE_COMPLETE", + "help": "Callback when server has closed" + }, + "serverStartComplete": { + "env": "PARSE_SERVER_SERVER_START_COMPLETE", + "help": "Callback when server has started" + }, + "serverURL": { + "env": "PARSE_SERVER_URL", + "help": "URL to your parse server with http:// or https://.", + "required": true + }, + "sessionLength": { + "env": "PARSE_SERVER_SESSION_LENGTH", + "help": "Session duration, in seconds, defaults to 1 year", + "action": parsers.numberParser("sessionLength"), + "default": 31536000 + }, + "silent": { + "env": "SILENT", + "help": "Disables console output", + "action": parsers.booleanParser + }, + "startLiveQueryServer": { + "env": "PARSE_SERVER_START_LIVE_QUERY_SERVER", + "help": "Starts the liveQuery server", + "action": parsers.booleanParser + }, + "userSensitiveFields": { + "env": "PARSE_SERVER_USER_SENSITIVE_FIELDS", + "help": "Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields", + "action": parsers.arrayParser + }, + "verbose": { + "env": "VERBOSE", + "help": "Set the logging to verbose", + "action": parsers.booleanParser + }, + "verifyUserEmails": { + "env": "PARSE_SERVER_VERIFY_USER_EMAILS", + "help": "Enable (or disable) user email validation, defaults to false", + "action": parsers.booleanParser, + "default": false + }, + "webhookKey": { + "env": "PARSE_SERVER_WEBHOOK_KEY", + "help": "Key sent with outgoing webhook calls" + } }; module.exports.CustomPagesOptions = { - choosePassword: { - env: 'PARSE_SERVER_CUSTOM_PAGES_CHOOSE_PASSWORD', - help: 'choose password page path', - }, - invalidLink: { - env: 'PARSE_SERVER_CUSTOM_PAGES_INVALID_LINK', - help: 'invalid link page path', - }, - invalidVerificationLink: { - env: 'PARSE_SERVER_CUSTOM_PAGES_INVALID_VERIFICATION_LINK', - help: 'invalid verification link page path', - }, - linkSendFail: { - env: 'PARSE_SERVER_CUSTOM_PAGES_LINK_SEND_FAIL', - help: 'verification link send fail page path', - }, - linkSendSuccess: { - env: 'PARSE_SERVER_CUSTOM_PAGES_LINK_SEND_SUCCESS', - help: 'verification link send success page path', - }, - parseFrameURL: { - env: 'PARSE_SERVER_CUSTOM_PAGES_PARSE_FRAME_URL', - help: 'for masking user-facing pages', - }, - passwordResetSuccess: { - env: 'PARSE_SERVER_CUSTOM_PAGES_PASSWORD_RESET_SUCCESS', - help: 'password reset success page path', - }, - verifyEmailSuccess: { - env: 'PARSE_SERVER_CUSTOM_PAGES_VERIFY_EMAIL_SUCCESS', - help: 'verify email success page path', - }, + "choosePassword": { + "env": "PARSE_SERVER_CUSTOM_PAGES_CHOOSE_PASSWORD", + "help": "choose password page path" + }, + "invalidLink": { + "env": "PARSE_SERVER_CUSTOM_PAGES_INVALID_LINK", + "help": "invalid link page path" + }, + "invalidVerificationLink": { + "env": "PARSE_SERVER_CUSTOM_PAGES_INVALID_VERIFICATION_LINK", + "help": "invalid verification link page path" + }, + "linkSendFail": { + "env": "PARSE_SERVER_CUSTOM_PAGES_LINK_SEND_FAIL", + "help": "verification link send fail page path" + }, + "linkSendSuccess": { + "env": "PARSE_SERVER_CUSTOM_PAGES_LINK_SEND_SUCCESS", + "help": "verification link send success page path" + }, + "parseFrameURL": { + "env": "PARSE_SERVER_CUSTOM_PAGES_PARSE_FRAME_URL", + "help": "for masking user-facing pages" + }, + "passwordResetSuccess": { + "env": "PARSE_SERVER_CUSTOM_PAGES_PASSWORD_RESET_SUCCESS", + "help": "password reset success page path" + }, + "verifyEmailSuccess": { + "env": "PARSE_SERVER_CUSTOM_PAGES_VERIFY_EMAIL_SUCCESS", + "help": "verify email success page path" + } }; module.exports.LiveQueryOptions = { - classNames: { - env: 'PARSE_SERVER_LIVEQUERY_CLASSNAMES', - help: "parse-server's LiveQuery classNames", - action: parsers.arrayParser, - }, - pubSubAdapter: { - env: 'PARSE_SERVER_LIVEQUERY_PUB_SUB_ADAPTER', - help: 'LiveQuery pubsub adapter', - action: parsers.moduleOrObjectParser, - }, - redisOptions: { - env: 'PARSE_SERVER_LIVEQUERY_REDIS_OPTIONS', - help: "parse-server's LiveQuery redisOptions", - action: parsers.objectParser, - }, - redisURL: { - env: 'PARSE_SERVER_LIVEQUERY_REDIS_URL', - help: "parse-server's LiveQuery redisURL", - }, - wssAdapter: { - env: 'PARSE_SERVER_LIVEQUERY_WSS_ADAPTER', - help: 'Adapter module for the WebSocketServer', - action: parsers.moduleOrObjectParser, - }, + "classNames": { + "env": "PARSE_SERVER_LIVEQUERY_CLASSNAMES", + "help": "parse-server's LiveQuery classNames", + "action": parsers.arrayParser + }, + "pubSubAdapter": { + "env": "PARSE_SERVER_LIVEQUERY_PUB_SUB_ADAPTER", + "help": "LiveQuery pubsub adapter", + "action": parsers.moduleOrObjectParser + }, + "redisOptions": { + "env": "PARSE_SERVER_LIVEQUERY_REDIS_OPTIONS", + "help": "parse-server's LiveQuery redisOptions", + "action": parsers.objectParser + }, + "redisURL": { + "env": "PARSE_SERVER_LIVEQUERY_REDIS_URL", + "help": "parse-server's LiveQuery redisURL" + }, + "wssAdapter": { + "env": "PARSE_SERVER_LIVEQUERY_WSS_ADAPTER", + "help": "Adapter module for the WebSocketServer", + "action": parsers.moduleOrObjectParser + } }; module.exports.LiveQueryServerOptions = { - appId: { - env: 'PARSE_LIVE_QUERY_SERVER_APP_ID', - help: - 'This string should match the appId in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same appId.', - }, - cacheTimeout: { - env: 'PARSE_LIVE_QUERY_SERVER_CACHE_TIMEOUT', - help: - "Number in milliseconds. When clients provide the sessionToken to the LiveQuery server, the LiveQuery server will try to fetch its ParseUser's objectId from parse server and store it in the cache. The value defines the duration of the cache. Check the following Security section and our protocol specification for details, defaults to 5 * 1000 ms (5 seconds).", - action: parsers.numberParser('cacheTimeout'), - }, - keyPairs: { - env: 'PARSE_LIVE_QUERY_SERVER_KEY_PAIRS', - help: - 'A JSON object that serves as a whitelist of keys. It is used for validating clients when they try to connect to the LiveQuery server. Check the following Security section and our protocol specification for details.', - action: parsers.objectParser, - }, - logLevel: { - env: 'PARSE_LIVE_QUERY_SERVER_LOG_LEVEL', - help: - 'This string defines the log level of the LiveQuery server. We support VERBOSE, INFO, ERROR, NONE, defaults to INFO.', - }, - masterKey: { - env: 'PARSE_LIVE_QUERY_SERVER_MASTER_KEY', - help: - 'This string should match the masterKey in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same masterKey.', - }, - port: { - env: 'PARSE_LIVE_QUERY_SERVER_PORT', - help: 'The port to run the LiveQuery server, defaults to 1337.', - action: parsers.numberParser('port'), - default: 1337, - }, - pubSubAdapter: { - env: 'PARSE_LIVE_QUERY_SERVER_PUB_SUB_ADAPTER', - help: 'LiveQuery pubsub adapter', - action: parsers.moduleOrObjectParser, - }, - redisOptions: { - env: 'PARSE_LIVE_QUERY_SERVER_REDIS_OPTIONS', - help: "parse-server's LiveQuery redisOptions", - action: parsers.objectParser, - }, - redisURL: { - env: 'PARSE_LIVE_QUERY_SERVER_REDIS_URL', - help: "parse-server's LiveQuery redisURL", - }, - serverURL: { - env: 'PARSE_LIVE_QUERY_SERVER_SERVER_URL', - help: - 'This string should match the serverURL in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same serverURL.', - }, - websocketTimeout: { - env: 'PARSE_LIVE_QUERY_SERVER_WEBSOCKET_TIMEOUT', - help: - 'Number of milliseconds between ping/pong frames. The WebSocket server sends ping/pong frames to the clients to keep the WebSocket alive. This value defines the interval of the ping/pong frame from the server to clients, defaults to 10 * 1000 ms (10 s).', - action: parsers.numberParser('websocketTimeout'), - }, - wssAdapter: { - env: 'PARSE_LIVE_QUERY_SERVER_WSS_ADAPTER', - help: 'Adapter module for the WebSocketServer', - action: parsers.moduleOrObjectParser, - }, + "appId": { + "env": "PARSE_LIVE_QUERY_SERVER_APP_ID", + "help": "This string should match the appId in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same appId." + }, + "cacheTimeout": { + "env": "PARSE_LIVE_QUERY_SERVER_CACHE_TIMEOUT", + "help": "Number in milliseconds. When clients provide the sessionToken to the LiveQuery server, the LiveQuery server will try to fetch its ParseUser's objectId from parse server and store it in the cache. The value defines the duration of the cache. Check the following Security section and our protocol specification for details, defaults to 5 * 1000 ms (5 seconds).", + "action": parsers.numberParser("cacheTimeout") + }, + "keyPairs": { + "env": "PARSE_LIVE_QUERY_SERVER_KEY_PAIRS", + "help": "A JSON object that serves as a whitelist of keys. It is used for validating clients when they try to connect to the LiveQuery server. Check the following Security section and our protocol specification for details.", + "action": parsers.objectParser + }, + "logLevel": { + "env": "PARSE_LIVE_QUERY_SERVER_LOG_LEVEL", + "help": "This string defines the log level of the LiveQuery server. We support VERBOSE, INFO, ERROR, NONE, defaults to INFO." + }, + "masterKey": { + "env": "PARSE_LIVE_QUERY_SERVER_MASTER_KEY", + "help": "This string should match the masterKey in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same masterKey." + }, + "port": { + "env": "PARSE_LIVE_QUERY_SERVER_PORT", + "help": "The port to run the LiveQuery server, defaults to 1337.", + "action": parsers.numberParser("port"), + "default": 1337 + }, + "pubSubAdapter": { + "env": "PARSE_LIVE_QUERY_SERVER_PUB_SUB_ADAPTER", + "help": "LiveQuery pubsub adapter", + "action": parsers.moduleOrObjectParser + }, + "redisOptions": { + "env": "PARSE_LIVE_QUERY_SERVER_REDIS_OPTIONS", + "help": "parse-server's LiveQuery redisOptions", + "action": parsers.objectParser + }, + "redisURL": { + "env": "PARSE_LIVE_QUERY_SERVER_REDIS_URL", + "help": "parse-server's LiveQuery redisURL" + }, + "serverURL": { + "env": "PARSE_LIVE_QUERY_SERVER_SERVER_URL", + "help": "This string should match the serverURL in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same serverURL." + }, + "websocketTimeout": { + "env": "PARSE_LIVE_QUERY_SERVER_WEBSOCKET_TIMEOUT", + "help": "Number of milliseconds between ping/pong frames. The WebSocket server sends ping/pong frames to the clients to keep the WebSocket alive. This value defines the interval of the ping/pong frame from the server to clients, defaults to 10 * 1000 ms (10 s).", + "action": parsers.numberParser("websocketTimeout") + }, + "wssAdapter": { + "env": "PARSE_LIVE_QUERY_SERVER_WSS_ADAPTER", + "help": "Adapter module for the WebSocketServer", + "action": parsers.moduleOrObjectParser + } }; module.exports.IdempotencyOptions = { - paths: { - env: 'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_PATHS', - help: - 'An array of paths for which the feature should be enabled. The mount path must not be included, for example instead of `/parse/functions/myFunction` specifiy `functions/myFunction`. The entries are interpreted as regular expression, for example `functions/.*` matches all functions, `jobs/.*` matches all jobs, `classes/.*` matches all classes, `.*` matches all paths.', - action: parsers.arrayParser, - default: [], - }, - ttl: { - env: 'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_TTL', - help: - 'The duration in seconds after which a request record is discarded from the database, defaults to 300s.', - action: parsers.numberParser('ttl'), - default: 300, - }, + "paths": { + "env": "PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_PATHS", + "help": "An array of paths for which the feature should be enabled. The mount path must not be included, for example instead of `/parse/functions/myFunction` specifiy `functions/myFunction`. The entries are interpreted as regular expression, for example `functions/.*` matches all functions, `jobs/.*` matches all jobs, `classes/.*` matches all classes, `.*` matches all paths.", + "action": parsers.arrayParser, + "default": [] + }, + "ttl": { + "env": "PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_TTL", + "help": "The duration in seconds after which a request record is discarded from the database, defaults to 300s.", + "action": parsers.numberParser("ttl"), + "default": 300 + } }; module.exports.AccountLockoutOptions = { - duration: { - env: 'PARSE_SERVER_ACCOUNT_LOCKOUT_DURATION', - help: - 'number of minutes that a locked-out account remains locked out before automatically becoming unlocked.', - action: parsers.numberParser('duration'), - }, - threshold: { - env: 'PARSE_SERVER_ACCOUNT_LOCKOUT_THRESHOLD', - help: 'number of failed sign-in attempts that will cause a user account to be locked', - action: parsers.numberParser('threshold'), - }, + "duration": { + "env": "PARSE_SERVER_ACCOUNT_LOCKOUT_DURATION", + "help": "number of minutes that a locked-out account remains locked out before automatically becoming unlocked.", + "action": parsers.numberParser("duration") + }, + "threshold": { + "env": "PARSE_SERVER_ACCOUNT_LOCKOUT_THRESHOLD", + "help": "number of failed sign-in attempts that will cause a user account to be locked", + "action": parsers.numberParser("threshold") + } }; module.exports.PasswordPolicyOptions = { - doNotAllowUsername: { - env: 'PARSE_SERVER_PASSWORD_POLICY_DO_NOT_ALLOW_USERNAME', - help: 'disallow username in passwords', - action: parsers.booleanParser, - }, - maxPasswordAge: { - env: 'PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_AGE', - help: 'days for password expiry', - action: parsers.numberParser('maxPasswordAge'), - }, - maxPasswordHistory: { - env: 'PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_HISTORY', - help: 'setting to prevent reuse of previous n passwords', - action: parsers.numberParser('maxPasswordHistory'), - }, - resetTokenReuseIfValid: { - env: 'PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_REUSE_IF_VALID', - help: "resend token if it's still valid", - action: parsers.booleanParser, - }, - resetTokenValidityDuration: { - env: 'PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_VALIDITY_DURATION', - help: 'time for token to expire', - action: parsers.numberParser('resetTokenValidityDuration'), - }, - validatorCallback: { - env: 'PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_CALLBACK', - help: 'a callback function to be invoked to validate the password', - }, - validatorPattern: { - env: 'PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_PATTERN', - help: 'a RegExp object or a regex string representing the pattern to enforce', - }, + "doNotAllowUsername": { + "env": "PARSE_SERVER_PASSWORD_POLICY_DO_NOT_ALLOW_USERNAME", + "help": "disallow username in passwords", + "action": parsers.booleanParser + }, + "maxPasswordAge": { + "env": "PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_AGE", + "help": "days for password expiry", + "action": parsers.numberParser("maxPasswordAge") + }, + "maxPasswordHistory": { + "env": "PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_HISTORY", + "help": "setting to prevent reuse of previous n passwords", + "action": parsers.numberParser("maxPasswordHistory") + }, + "resetTokenReuseIfValid": { + "env": "PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_REUSE_IF_VALID", + "help": "resend token if it's still valid", + "action": parsers.booleanParser + }, + "resetTokenValidityDuration": { + "env": "PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_VALIDITY_DURATION", + "help": "time for token to expire", + "action": parsers.numberParser("resetTokenValidityDuration") + }, + "validatorCallback": { + "env": "PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_CALLBACK", + "help": "a callback function to be invoked to validate the password" + }, + "validatorPattern": { + "env": "PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_PATTERN", + "help": "a RegExp object or a regex string representing the pattern to enforce" + } }; module.exports.FileUploadOptions = { - enableForAnonymousUser: { - env: 'PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_ANONYMOUS_USER', - help: 'Is true if file upload should be allowed for anonymous users.', - action: parsers.booleanParser, - default: false, - }, - enableForAuthenticatedUser: { - env: 'PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_AUTHENTICATED_USER', - help: 'Is true if file upload should be allowed for authenticated users.', - action: parsers.booleanParser, - default: false, - }, - enableForPublic: { - env: 'PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_PUBLIC', - help: 'Is true if file upload should be allowed for anyone, regardless of user authentication.', - action: parsers.booleanParser, - default: false, - }, + "enableForAnonymousUser": { + "env": "PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_ANONYMOUS_USER", + "help": "Is true if file upload should be allowed for anonymous users.", + "action": parsers.booleanParser, + "default": false + }, + "enableForAuthenticatedUser": { + "env": "PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_AUTHENTICATED_USER", + "help": "Is true if file upload should be allowed for authenticated users.", + "action": parsers.booleanParser, + "default": true + }, + "enableForPublic": { + "env": "PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_PUBLIC", + "help": "Is true if file upload should be allowed for anyone, regardless of user authentication.", + "action": parsers.booleanParser, + "default": false + } }; diff --git a/src/Options/index.js b/src/Options/index.js index 18fa077735..f1dc21d45b 100644 --- a/src/Options/index.js +++ b/src/Options/index.js @@ -324,7 +324,7 @@ export interface FileUploadOptions { :DEFAULT: false */ enableForAnonymousUser: ?boolean; /* Is true if file upload should be allowed for authenticated users. - :DEFAULT: false */ + :DEFAULT: true */ enableForAuthenticatedUser: ?boolean; /* Is true if file upload should be allowed for anyone, regardless of user authentication. :DEFAULT: false */ From 29adffcf3eb99600c46e54cc0be1d0c406d36dbd Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 00:11:17 +0100 Subject: [PATCH 08/15] fixed inconsistent error messages --- src/Routers/FilesRouter.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js index 7d5f9fa67a..6b26b8ef3a 100644 --- a/src/Routers/FilesRouter.js +++ b/src/Routers/FilesRouter.js @@ -100,7 +100,7 @@ export class FilesRouter { next( new Parse.Error( Parse.Error.FILE_SAVE_ERROR, - 'File upload by anonymous user is not allowed.' + 'File upload by anonymous user is disabled.' ) ); return; @@ -109,13 +109,13 @@ export class FilesRouter { next( new Parse.Error( Parse.Error.FILE_SAVE_ERROR, - 'File upload by authenticated users is not enabled.' + 'File upload by authenticated user is disabled.' ) ); return; } if (!config.fileUpload.enableForPublic && !user) { - next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is not enabled.')); + next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is disabled.')); return; } const filesController = config.filesController; From 08a64cbdb214df3753e9f06f86aa3876f5707384 Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 00:12:03 +0100 Subject: [PATCH 09/15] consolidated and extended tests --- spec/ParseFile.spec.js | 249 ++++++++++++++++++++++------------------- 1 file changed, 136 insertions(+), 113 deletions(-) diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js index c809b183ec..4a3e3f7e71 100644 --- a/spec/ParseFile.spec.js +++ b/spec/ParseFile.spec.js @@ -4,6 +4,7 @@ 'use strict'; const request = require('../lib/request'); +const Definitions = require('../src/Options/Definitions'); const str = 'Hello World!'; const data = []; @@ -861,22 +862,30 @@ describe('Parse.File testing', () => { }); }); - describe('disable file upload', () => { - it('can reject file upload with unspecified', async () => { + describe('file upload configuration', () => { + it('allows file upload only for authenticated user by default', async () => { await reconfigureServer({ - fileUpload: {}, + fileUpload: { + enableForPublic: Definitions.FileUploadOptions.enableForPublic.default, + enableForAnonymousUser: Definitions.FileUploadOptions.enableForAnonymousUser.default, + enableForAuthenticatedUser: Definitions.FileUploadOptions.enableForAuthenticatedUser.default, + } }); - try { - const file = new Parse.File('hello.txt', data, 'text/plain'); - await file.save(); - fail('should not have been able to save file.'); - } catch (e) { - expect(e.code).toBe(130); - expect(e.message).toBe('File upload by public is not enabled.'); - } + let file = new Parse.File('hello.txt', data, 'text/plain'); + await expectAsync(file.save()).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is disabled.') + ); + file = new Parse.File('hello.txt', data, 'text/plain'); + const anonUser = await Parse.AnonymousUtils.logIn(); + await expectAsync(file.save({ sessionToken: anonUser.getSessionToken() })).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by anonymous user is disabled.') + ); + file = new Parse.File('hello.txt', data, 'text/plain'); + const authUser = await Parse.User.signUp('user', 'password'); + await expectAsync(file.save({ sessionToken: authUser.getSessionToken() })).toBeResolved(); }); - it('disable all file upload', async () => { + it('rejects all file uploads', async () => { await reconfigureServer({ fileUpload: { enableForPublic: false, @@ -884,138 +893,152 @@ describe('Parse.File testing', () => { enableForAuthenticatedUser: false, }, }); - try { - const file = new Parse.File('hello.txt', data, 'text/plain'); - await file.save(); - fail('should not have been able to save file.'); - } catch (e) { - expect(e.code).toBe(130); - expect(e.message).toBe('File upload by public is not enabled.'); - } - }); - - it('disable public file upload', async () => { - await reconfigureServer({ - fileUpload: { - enableForPublic: false, - }, - }); - try { - const file = new Parse.File('hello.txt', data, 'text/plain'); - await file.save(); - fail('should not have been able to save file.'); - } catch (e) { - expect(e.code).toBe(130); - expect(e.message).toBe('File upload by public is not enabled.'); - } + let file = new Parse.File('hello.txt', data, 'text/plain'); + await expectAsync(file.save()).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is disabled.') + ); + file = new Parse.File('hello.txt', data, 'text/plain'); + const anonUser = await Parse.AnonymousUtils.logIn(); + await expectAsync(file.save({ sessionToken: anonUser.getSessionToken() })).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by anonymous user is disabled.') + ); + file = new Parse.File('hello.txt', data, 'text/plain'); + const authUser = await Parse.User.signUp('user', 'password'); + await expectAsync(file.save({ sessionToken: authUser.getSessionToken() })).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by authenticated user is disabled.') + ); }); - it('disable file upload for public but allow for user', async () => { + it('allows all file uploads', async () => { await reconfigureServer({ fileUpload: { - enableForPublic: false, + enableForPublic: true, + enableForAnonymousUser: true, enableForAuthenticatedUser: true, }, }); - try { - const user = await Parse.User.signUp('myUser', 'password'); - const file = new Parse.File('hello.txt', data, 'text/plain'); - await file.save({ sessionToken: user.getSessionToken() }); - } catch (e) { - fail('should have allowed file to save.'); - } + let file = new Parse.File('hello.txt', data, 'text/plain'); + await expectAsync(file.save()).toBeResolved(); + file = new Parse.File('hello.txt', data, 'text/plain'); + const anonUser = await Parse.AnonymousUtils.logIn(); + await expectAsync(file.save({ sessionToken: anonUser.getSessionToken() })).toBeResolved(); + file = new Parse.File('hello.txt', data, 'text/plain'); + const authUser = await Parse.User.signUp('user', 'password'); + await expectAsync(file.save({ sessionToken: authUser.getSessionToken() })).toBeResolved(); }); - it('disable file upload for anonymous', async () => { + it('allows file upload only for public', async () => { await reconfigureServer({ fileUpload: { + enableForPublic: true, enableForAnonymousUser: false, + enableForAuthenticatedUser: false, }, }); - try { - const user = await Parse.AnonymousUtils.logIn(); - const file = new Parse.File('hello.txt', data, 'text/plain'); - await file.save({ sessionToken: user.getSessionToken() }); - fail('should not have been able to save file.'); - } catch (e) { - expect(e.code).toBe(130); - expect(e.message).toBe('File upload by anonymous user is not allowed.'); - } + let file = new Parse.File('hello.txt', data, 'text/plain'); + await expectAsync(file.save()).toBeResolved(); + file = new Parse.File('hello.txt', data, 'text/plain'); + const anonUser = await Parse.AnonymousUtils.logIn(); + await expectAsync(file.save({ sessionToken: anonUser.getSessionToken() })).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by anonymous user is disabled.') + ); + file = new Parse.File('hello.txt', data, 'text/plain'); + const authUser = await Parse.User.signUp('user', 'password'); + await expectAsync(file.save({ sessionToken: authUser.getSessionToken() })).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by authenticated user is disabled.') + ); }); - it('enable file upload for anonymous', async () => { + it('allows file upload only for anonymous user', async () => { await reconfigureServer({ fileUpload: { enableForPublic: false, enableForAnonymousUser: true, + enableForAuthenticatedUser: false, }, }); - try { - const user = await Parse.AnonymousUtils.logIn(); - const file = new Parse.File('hello.txt', data, 'text/plain'); - await file.save({ sessionToken: user.getSessionToken() }); - } catch (e) { - fail('should have allowed file to save.'); - } + let file = new Parse.File('hello.txt', data, 'text/plain'); + await expectAsync(file.save()).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is disabled.') + ); + file = new Parse.File('hello.txt', data, 'text/plain'); + const anonUser = await Parse.AnonymousUtils.logIn(); + await expectAsync(file.save({ sessionToken: anonUser.getSessionToken() })).toBeResolved(); + file = new Parse.File('hello.txt', data, 'text/plain'); + const authUser = await Parse.User.signUp('user', 'password'); + await expectAsync(file.save({ sessionToken: authUser.getSessionToken() })).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by authenticated user is disabled.') + ); }); - it('enable file upload for anonymous but not authenticated users', async () => { + it('allows file upload only for authenticated user', async () => { await reconfigureServer({ fileUpload: { enableForPublic: false, - enableForAnonymousUser: true, - enableForAuthenticatedUser: false, + enableForAnonymousUser: false, + enableForAuthenticatedUser: true, }, }); - try { - const user = await Parse.AnonymousUtils.logIn(); - const file = new Parse.File('hello.txt', data, 'text/plain'); - await file.save({ sessionToken: user.getSessionToken() }); - } catch (e) { - fail('should have allowed file to save.'); + let file = new Parse.File('hello.txt', data, 'text/plain'); + await expectAsync(file.save()).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is disabled.') + ); + file = new Parse.File('hello.txt', data, 'text/plain'); + const anonUser = await Parse.AnonymousUtils.logIn(); + await expectAsync(file.save({ sessionToken: anonUser.getSessionToken() })).toBeRejectedWith( + new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by anonymous user is disabled.') + ); + file = new Parse.File('hello.txt', data, 'text/plain'); + const authUser = await Parse.User.signUp('user', 'password'); + await expectAsync(file.save({ sessionToken: authUser.getSessionToken() })).toBeResolved(); + }); + + it('rejects invalid fileUpload configuration', async () => { + const invalidConfigs = [ + { fileUpload: [] }, + { fileUpload: 1 }, + { fileUpload: "string" }, + ]; + const validConfigs = [ + { fileUpload: {} }, + { fileUpload: null }, + { fileUpload: undefined }, + ]; + const keys = [ + "enableForPublic", + "enableForAnonymousUser", + "enableForAuthenticatedUser", + ]; + const invalidValues = [ + [], + {}, + 1, + "string", + null, + ]; + const validValues = [ + undefined, + true, + false, + ]; + for (const config of invalidConfigs) { + await expectAsync(reconfigureServer(config)).toBeRejectedWith( + 'fileUpload must be an object value.' + ); } - try { - const user = await Parse.User.signUp('myUser', 'password'); - const file = new Parse.File('hello.txt', data, 'text/plain'); - await file.save({ sessionToken: user.getSessionToken() }); - fail('should have not allowed file to save.'); - } catch (e) { - expect(e.code).toBe(130); - expect(e.message).toBe('File upload by authenticated users is not enabled.'); + for (const config of validConfigs) { + await expectAsync(reconfigureServer(config)).toBeResolved(); + } + for (const key of keys) { + for (const value of invalidValues) { + await expectAsync(reconfigureServer({ fileUpload: { [key]: value }})).toBeRejectedWith( + `fileUpload.${key} must be a boolean value.` + ); + } + for (const value of validValues) { + await expectAsync(reconfigureServer({ fileUpload: { [key]: value }})).toBeResolved(); + } } }); }); - - it('setup with invalid configuration', async () => { - try { - await reconfigureServer({ - fileUpload: { - enableForPublic: [], - }, - }); - fail('should not allow invalid configuration'); - } catch (e) { - expect(e).toBe('enableForPublic must be a boolean value'); - } - try { - await reconfigureServer({ - fileUpload: { - enableForAnonymousUser: [], - }, - }); - fail('should not allow invalid configuration'); - } catch (e) { - expect(e).toBe('enableForAnonymousUser must be a boolean value'); - } - try { - await reconfigureServer({ - fileUpload: { - enableForAuthenticatedUser: [], - }, - }); - fail('should not allow invalid configuration'); - } catch (e) { - expect(e).toBe('enableForAuthenticatedUser must be a boolean value'); - } - }); }); From 04d2dc7b2d6062e3b7236b96661c8b11b9e5bbf6 Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 00:16:42 +0100 Subject: [PATCH 10/15] minor compacting --- src/Routers/FilesRouter.js | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js index 6b26b8ef3a..d1d43b2e4d 100644 --- a/src/Routers/FilesRouter.js +++ b/src/Routers/FilesRouter.js @@ -97,21 +97,17 @@ export class FilesRouter { const user = req.auth.user; const isLinked = user && Parse.AnonymousUtils.isLinked(user); if (!config.fileUpload.enableForAnonymousUser && isLinked) { - next( - new Parse.Error( - Parse.Error.FILE_SAVE_ERROR, - 'File upload by anonymous user is disabled.' - ) - ); + next(new Parse.Error( + Parse.Error.FILE_SAVE_ERROR, + 'File upload by anonymous user is disabled.' + )); return; } if (!config.fileUpload.enableForAuthenticatedUser && !isLinked && user) { - next( - new Parse.Error( - Parse.Error.FILE_SAVE_ERROR, - 'File upload by authenticated user is disabled.' - ) - ); + next(new Parse.Error( + Parse.Error.FILE_SAVE_ERROR, + 'File upload by authenticated user is disabled.' + )); return; } if (!config.fileUpload.enableForPublic && !user) { From 81b0de50dca2c85f803915b02bc8c09f1c6088e1 Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 00:22:58 +0100 Subject: [PATCH 11/15] removed irregular whitespace --- spec/ParseFile.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js index 4a3e3f7e71..35686c464c 100644 --- a/spec/ParseFile.spec.js +++ b/spec/ParseFile.spec.js @@ -1031,7 +1031,7 @@ describe('Parse.File testing', () => { } for (const key of keys) { for (const value of invalidValues) { - await expectAsync(reconfigureServer({ fileUpload: { [key]: value }})).toBeRejectedWith( + await expectAsync(reconfigureServer({ fileUpload: { [key]: value }})).toBeRejectedWith( `fileUpload.${key} must be a boolean value.` ); } From 1e8378e94fc4a4d894a10701c7f300cd3009e763 Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 00:53:59 +0100 Subject: [PATCH 12/15] added changelog entry --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fa847e4a99..230bae6631 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ### master [Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...master) + +__BREAKING CHANGES:__ +- NEW: Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the `fileUpload` parameter in the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html). [#7071](https://github.com/parse-community/parse-server/pull/7071). Thanks to [dblythy](https://github.com/dblythy). +___ - IMPROVE: Optimize queries on classes with pointer permissions. [#7061](https://github.com/parse-community/parse-server/pull/7061). Thanks to [Pedro Diaz](https://github.com/pdiaz) ### 4.5.0 From c3088f68ef461e795d789afef4fa914d2f1fb8d7 Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 01:35:42 +0100 Subject: [PATCH 13/15] always allow file upload with master key --- spec/ParseFile.spec.js | 12 ++++++++++++ src/Routers/FilesRouter.js | 7 ++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js index 35686c464c..1021438963 100644 --- a/spec/ParseFile.spec.js +++ b/spec/ParseFile.spec.js @@ -885,6 +885,18 @@ describe('Parse.File testing', () => { await expectAsync(file.save({ sessionToken: authUser.getSessionToken() })).toBeResolved(); }); + fit('allows file upload with master key', async () => { + await reconfigureServer({ + fileUpload: { + enableForPublic: false, + enableForAnonymousUser: false, + enableForAuthenticatedUser: false, + }, + }); + let file = new Parse.File('hello.txt', data, 'text/plain'); + await expectAsync(file.save({ useMasterKey: true })).toBeResolved(); + }); + it('rejects all file uploads', async () => { await reconfigureServer({ fileUpload: { diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js index d1d43b2e4d..1a8b2ca50b 100644 --- a/src/Routers/FilesRouter.js +++ b/src/Routers/FilesRouter.js @@ -95,22 +95,23 @@ export class FilesRouter { async createHandler(req, res, next) { const config = req.config; const user = req.auth.user; + const isMaster = req.auth.isMaster; const isLinked = user && Parse.AnonymousUtils.isLinked(user); - if (!config.fileUpload.enableForAnonymousUser && isLinked) { + if (!isMaster && !config.fileUpload.enableForAnonymousUser && isLinked) { next(new Parse.Error( Parse.Error.FILE_SAVE_ERROR, 'File upload by anonymous user is disabled.' )); return; } - if (!config.fileUpload.enableForAuthenticatedUser && !isLinked && user) { + if (!isMaster && !config.fileUpload.enableForAuthenticatedUser && !isLinked && user) { next(new Parse.Error( Parse.Error.FILE_SAVE_ERROR, 'File upload by authenticated user is disabled.' )); return; } - if (!config.fileUpload.enableForPublic && !user) { + if (!isMaster && !config.fileUpload.enableForPublic && !user) { next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is disabled.')); return; } From 43033b038574e15188ed5de0667c300ea917f365 Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 01:37:43 +0100 Subject: [PATCH 14/15] fix lint --- spec/ParseFile.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js index 1021438963..e0f2c83ba5 100644 --- a/spec/ParseFile.spec.js +++ b/spec/ParseFile.spec.js @@ -893,7 +893,7 @@ describe('Parse.File testing', () => { enableForAuthenticatedUser: false, }, }); - let file = new Parse.File('hello.txt', data, 'text/plain'); + const file = new Parse.File('hello.txt', data, 'text/plain'); await expectAsync(file.save({ useMasterKey: true })).toBeResolved(); }); From 9b87378804806017bafb2a1d558b2e907d14139c Mon Sep 17 00:00:00 2001 From: Manuel Trezza Date: Thu, 17 Dec 2020 01:41:19 +0100 Subject: [PATCH 15/15] removed fit --- spec/ParseFile.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js index e0f2c83ba5..0bd90426c6 100644 --- a/spec/ParseFile.spec.js +++ b/spec/ParseFile.spec.js @@ -885,7 +885,7 @@ describe('Parse.File testing', () => { await expectAsync(file.save({ sessionToken: authUser.getSessionToken() })).toBeResolved(); }); - fit('allows file upload with master key', async () => { + it('allows file upload with master key', async () => { await reconfigureServer({ fileUpload: { enableForPublic: false,