Remove detailed error from error messages

[mtrezza]

New Feature / Enhancement Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.

Current Limitation

For some requests, Parse Server returns more information than necessary in the error response. For example:

unauthorized: master key is required

This is providing an outside attacker with more info than necessary.

Feature / Enhancement Description

Especially when it comes to access / permission errors, I suggest to make the error messages more ambiguous by generalizing them and removing any specific information. Instead of explaining why a request was unauthorized, the error should be only unauthorized without any further details. The detailed error message should only be logged server side.

The task would be:

• identify error messages that should be generalized
• ensure a detailed error message is logged server side

This should not be a breaking change, as long as the error code does not change. Changes of error messages are not considered breaking as logic that relies on parsing error messages is considered bad practice anyway.

[parse-github-assistant]

Thanks for opening this issue!

• 🎉 We are excited about your ideas for improvement!

[JiteshSinghShekhawat]

@mtrezza is the issue still open ?

[mtrezza]

Yes

[JiteshSinghShekhawat]

can you assign this issue to me ? @mtrezza

[mtrezza]

Please feel free to pick this up and post a comment for others to be aware that it's in the works.

[JiteshSinghShekhawat]

I'm picking up this issue and will be working on it.

[JiteshSinghShekhawat]

@mtrezza basically i have to do this in /src/Adapters/Auth or there any other folder also ?

[mtrezza]

This relates to any response message across Parse Server where more information than necessary is returned. I suggest to do this with just 1 or a few messages, then open a PR for feedback, so you don't make a lot of changes and then have to modify them again.