Merge branch 'alpha' into slimImage

Author: mtrezza

.github/workflows/ci.yml

@@ -193,6 +193,9 @@ jobs:
     steps:
       - name: Fix usage of insecure GitHub protocol
         run: sudo git config --system url."https://github".insteadOf "git://github"
+      - name: Fix git protocol for Node 14
+        if: ${{ startsWith(matrix.NODE_VERSION, '14.') }}
+        run: sudo git config --system url."https://github".insteadOf "ssh://git@github"
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.NODE_VERSION }}
         uses: actions/setup-node@v2

6.0.0.md

@@ -4,11 +4,26 @@ This document only highlights specific changes that require a longer explanation
 
 ---
 
+- [Incompatible git protocol with Node 14](#incompatible-git-protocol-with-node-14)
 - [Import Statement](#import-statement)
 - [Asynchronous Initialization](#asynchronous-initialization)
 
 ---
 
+## Incompatible git protocol with Node 14
+
+Parse Server 6 uses the Node Package Manger (npm) package lock file version 2. While version 2 is supposed to be backwards compatible with version 1, you may still encounter errors due to incompatible git protocols that cannot be interpreted correctly by npm bundled with Node 14.
+
+If you are encountering issues installing Parse Server on Node 14 because of dependency references in the package lock file using the `ssh` protocol, configure git to use the `https` protocol instead:
+
+```
+sudo git config --system url."https://github".insteadOf "ssh://git@github"
+```
+
+Alternatively you could manually replace the dependency URLs in the package lock file.
+
+⚠️ You could also delete the package lock file and recreate it with Node 14. Keep in mind that doing so you are not using an official version of Parse Server anymore. You may be using dependencies that have not been tested as part of the Parse Server release process.
+
 ## Import Statement
 
 The import and initialization syntax has been simplified with more intuitive naming and structure.

README.md

@@ -60,6 +60,7 @@ A big *thank you* 🙏 to our [sponsors](#sponsors) and [backers](#backers) who
 - [Configuration](#configuration)
   - [Basic Options](#basic-options)
   - [Client Key Options](#client-key-options)
+  - [Access Scopes](#access-scopes)
   - [Email Verification and Password Reset](#email-verification-and-password-reset)
   - [Password and Account Policy](#password-and-account-policy)
   - [Custom Routes](#custom-routes)
@@ -357,6 +358,15 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo
 * `restAPIKey`
 * `dotNetKey`
 
+## Access Scopes
+
+| Scope          | Internal data | Custom data | Restricted by CLP, ACL | Key                 |
+|----------------|---------------|-------------|------------------------|---------------------|
+| Internal       | r/w           | r/w         | no                     | `maintenanceKey`    |
+| Master         | -/-           | r/w         | no                     | `masterKey`         |
+| ReadOnlyMaster | -/-           | r/-         | no                     | `readOnlyMasterKey` |
+| Session        | -/-           | r/w         | yes                    | `sessionToken`      |
+
 ## Email Verification and Password Reset
 
 Verifying user email addresses and enabling password reset via email requires an email adapter. There are many email adapters provided and maintained by the community. The following is an example configuration with an example email adapter. See the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) for more details and a full list of available options.

changelogs/CHANGELOG_alpha.md

@@ -1,3 +1,27 @@
+# [6.0.0-alpha.23](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.22...6.0.0-alpha.23) (2023-01-08)
+
+
+### Features
+
+* Access the internal scope of Parse Server using the new `maintenanceKey`; the internal scope contains unofficial and undocumented fields (prefixed with underscore `_`) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the `maintenanceKey` for routine operations in a production environment; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) ([#8212](https://github.com/parse-community/parse-server/issues/8212)) ([f3bcc93](https://github.com/parse-community/parse-server/commit/f3bcc9365cd6f08b0a32c132e8e5ff6d1b650863))
+
+
+### BREAKING CHANGES
+
+* Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212) ([f3bcc93](f3bcc93))
+
+# [6.0.0-alpha.22](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.21...6.0.0-alpha.22) (2023-01-08)
+
+
+### Features
+
+* Adapt `verifyServerUrl` for new asynchronous Parse Server start-up states ([#8366](https://github.com/parse-community/parse-server/issues/8366)) ([ffa4974](https://github.com/parse-community/parse-server/commit/ffa4974158615fbff4a2692b9db41dcb50d3f77b))
+
+
+### BREAKING CHANGES
+
+* The method `ParseServer.verifyServerUrl` now returns a promise instead of a callback. ([ffa4974](ffa4974))
+
 # [6.0.0-alpha.21](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.20...6.0.0-alpha.21) (2023-01-06)
 
 

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "6.0.0-alpha.21",
+  "version": "6.0.0-alpha.23",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

package.json

@@ -1,5 +1,6 @@
 'use strict';
 
+const Auth = require('../lib/Auth');
 const Config = require('../lib/Config');
 const request = require('../lib/request');
 
@@ -262,9 +263,14 @@ describe('Email Verification Token Expiration: ', () => {
       })
       .then(() => {
         const config = Config.get('test');
-        return config.database.find('_User', {
-          username: 'sets_email_verify_token_expires_at',
-        });
+        return config.database.find(
+          '_User',
+          {
+            username: 'sets_email_verify_token_expires_at',
+          },
+          {},
+          Auth.maintenance(config)
+        );
       })
       .then(results => {
         expect(results.length).toBe(1);
@@ -499,7 +505,12 @@ describe('Email Verification Token Expiration: ', () => {
       .then(() => {
         const config = Config.get('test');
         return config.database
-          .find('_User', { username: 'newEmailVerifyTokenOnEmailReset' })
+          .find(
+            '_User',
+            { username: 'newEmailVerifyTokenOnEmailReset' },
+            {},
+            Auth.maintenance(config)
+          )
           .then(results => {
             return results[0];
           });
@@ -582,7 +593,7 @@ describe('Email Verification Token Expiration: ', () => {
         // query for this user again
         const config = Config.get('test');
         return config.database
-          .find('_User', { username: 'resends_verification_token' })
+          .find('_User', { username: 'resends_verification_token' }, {}, Auth.maintenance(config))
           .then(results => {
             return results[0];
           });
@@ -599,6 +610,7 @@ describe('Email Verification Token Expiration: ', () => {
         done();
       })
       .catch(error => {
+        console.log(error);
         jfail(error);
         done();
       });

spec/EmailVerificationToken.spec.js

@@ -162,6 +162,22 @@ describe('middlewares', () => {
     expect(fakeReq.auth.isMaster).toBe(false);
   });
 
+  it('should not succeed if the ip does not belong to maintenanceKeyIps list', async () => {
+    const logger = require('../lib/logger').logger;
+    spyOn(logger, 'error').and.callFake(() => {});
+    AppCache.put(fakeReq.body._ApplicationId, {
+      maintenanceKey: 'masterKey',
+      maintenanceKeyIps: ['10.0.0.0', '10.0.0.1'],
+    });
+    fakeReq.ip = '10.0.0.2';
+    fakeReq.headers['x-parse-maintenance-key'] = 'masterKey';
+    await new Promise(resolve => middlewares.handleParseHeaders(fakeReq, fakeRes, resolve));
+    expect(fakeReq.auth.isMaintenance).toBe(false);
+    expect(logger.error).toHaveBeenCalledWith(
+      `Request using maintenance key rejected as the request IP address '10.0.0.2' is not set in Parse Server option 'maintenanceKeyIps'.`
+    );
+  });
+
   it('should succeed if the ip does belong to masterKeyIps list', async () => {
     AppCache.put(fakeReq.body._ApplicationId, {
       masterKey: 'masterKey',

spec/Middlewares.spec.js

@@ -1,4 +1,5 @@
 'use strict';
+const Auth = require('../lib/Auth');
 const UserController = require('../lib/Controllers/UserController').UserController;
 const Config = require('../lib/Config');
 const validatorFail = () => {
@@ -977,6 +978,7 @@ describe('ParseLiveQuery', function () {
     };
 
     await reconfigureServer({
+      maintenanceKey: 'test2',
       liveQuery: {
         classNames: [Parse.User],
       },
@@ -998,9 +1000,14 @@ describe('ParseLiveQuery', function () {
         .signUp()
         .then(() => {
           const config = Config.get('test');
-          return config.database.find('_User', {
-            username: 'zxcv',
-          });
+          return config.database.find(
+            '_User',
+            {
+              username: 'zxcv',
+            },
+            {},
+            Auth.maintenance(config)
+          );
         })
         .then(async results => {
           const foundUser = results[0];

spec/ParseLiveQuery.spec.js

@@ -29,27 +29,20 @@ describe('Server Url Checks', () => {
     server.close(done);
   });
 
-  it('validate good server url', done => {
+  it('validate good server url', async () => {
     Parse.serverURL = 'http://localhost:13376';
-    ParseServer.verifyServerUrl(async result => {
-      if (!result) {
-        done.fail('Did not pass valid url');
-      }
-      await reconfigureServer();
-      done();
-    });
+    const response = await ParseServer.verifyServerUrl();
+    expect(response).toBeTrue();
   });
 
-  it('mark bad server url', done => {
+  it('mark bad server url', async () => {
     spyOn(console, 'warn').and.callFake(() => {});
     Parse.serverURL = 'notavalidurl';
-    ParseServer.verifyServerUrl(async result => {
-      if (result) {
-        done.fail('Did not mark invalid url');
-      }
-      await reconfigureServer();
-      done();
-    });
+    const response = await ParseServer.verifyServerUrl();
+    expect(response).not.toBeTrue();
+    expect(console.warn).toHaveBeenCalledWith(
+      `\nWARNING, Unable to connect to 'notavalidurl' as the URL is invalid. Cloud code and push notifications may be unavailable!\n`
+    );
   });
 
   xit('handleShutdown, close connection', done => {