feat: Add Parse Server option resetPasswordSuccessOnInvalidEmail to choose success or error response on password reset with invalid email
#7551
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Thanks for opening this pull request!
|
Codecov ReportBase: 94.15% // Head: 94.32% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## alpha #7551 +/- ##
==========================================
+ Coverage 94.15% 94.32% +0.16%
==========================================
Files 182 182
Lines 14400 14405 +5
==========================================
+ Hits 13559 13587 +28
+ Misses 841 818 -23
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
|
Is this ready for review? |
|
I think so, I'm pretty sure the postgres tests are unrelated but not 100% sure |
|
If you don't see the "Re-run" button in the Actions, you can alway close and re-open the PR, that will retrigger the test runs. Then the failing tests should pass (and possibly others fail) |
|
I think steps 4, 5 are missing |
## [5.2.1-alpha.1](parse-community/parse-server@5.2.0...5.2.1-alpha.1) (2022-03-26) ### Bug Fixes * return correct response when revert is used in beforeSave ([parse-community#7839](parse-community#7839)) ([f63fb2b](parse-community@f63fb2b))
… Cloud Function validation (parse-community#7892)
## [5.2.1-alpha.2](parse-community/parse-server@5.2.1-alpha.1...5.2.1-alpha.2) (2022-03-26) ### Performance Improvements * reduce database operations when using the constant parameter in Cloud Function validation ([parse-community#7892](parse-community#7892)) ([48bd512](parse-community@48bd512))
# [5.3.0-alpha.1](parse-community/parse-server@5.2.1-alpha.2...5.3.0-alpha.1) (2022-03-27) ### Features * add MongoDB 5.1 compatibility ([parse-community#7682](parse-community#7682)) ([90155cf](parse-community@90155cf))
# [5.3.0-alpha.2](parse-community/parse-server@5.3.0-alpha.1...5.3.0-alpha.2) (2022-03-27) ### Bug Fixes * security upgrade parse push adapter from 4.1.0 to 4.1.2 ([parse-community#7893](parse-community#7893)) ([ef56e98](parse-community@ef56e98))
# [5.3.0-alpha.3](parse-community/parse-server@5.3.0-alpha.2...5.3.0-alpha.3) (2022-03-27) ### Features * add MongoDB 5.2 support ([parse-community#7894](parse-community#7894)) ([6b4b358](parse-community@6b4b358))
dblythy
changed the title
mtrezza
requested changes
May 29, 2022
mtrezza
reviewed
Feb 24, 2023
Signed-off-by: Manuel <5673677+mtrezza@users.noreply.github.com>
mtrezza
reviewed
Feb 24, 2023
mtrezza
reviewed
Feb 24, 2023
Signed-off-by: Manuel <5673677+mtrezza@users.noreply.github.com>
Signed-off-by: Manuel <5673677+mtrezza@users.noreply.github.com>
mtrezza
approved these changes
Feb 24, 2023
mtrezza
changed the title
resetPasswordSuccessOnInvalidEmail to respond with error on password reset with invalid email
mtrezza
changed the title
resetPasswordSuccessOnInvalidEmail to respond with error on password reset with invalid emailresetPasswordSuccessOnInvalidEmail to optionally respond with error on password reset with invalid email
mtrezza
changed the title
resetPasswordSuccessOnInvalidEmail to optionally respond with error on password reset with invalid emailresetPasswordSuccessOnInvalidEmail to choose success or error response on password reset with invalid email
|
I've had another look at the options. Should this go under So this could be named Anyway, let's just merge and hopefully someday restructure all options in a more meaningful way. |
parseplatformorg
pushed a commit
that referenced
this pull request
Feb 24, 2023
# [6.0.0-alpha.34](6.0.0-alpha.33...6.0.0-alpha.34) (2023-02-24) ### Features * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](#7551)) ([e5d610e](e5d610e))
|
🎉 This change has been released in version 6.0.0-alpha.34 |
parseplatformorg
pushed a commit
that referenced
this pull request
Mar 2, 2023
# [6.1.0-beta.1](6.0.0...6.1.0-beta.1) (2023-03-02) ### Bug Fixes * Security upgrade jsonwebtoken to 9.0.0 ([#8420](#8420)) ([f5bfe45](f5bfe45)) ### Features * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([#8436](#8436)) ([b3b76de](b3b76de)) * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](#7551)) ([e5d610e](e5d610e)) * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([#8388](#8388)) ([a49e323](a49e323))
|
🎉 This change has been released in version 6.1.0-beta.1 |
parseplatformorg
pushed a commit
that referenced
this pull request
Mar 3, 2023
# [6.1.0-alpha.1](6.0.0...6.1.0-alpha.1) (2023-03-03) ### Bug Fixes * Security upgrade jsonwebtoken to 9.0.0 ([#8420](#8420)) ([f5bfe45](f5bfe45)) ### Features * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([#8436](#8436)) ([b3b76de](b3b76de)) * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](#7551)) ([e5d610e](e5d610e)) * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([#8388](#8388)) ([a49e323](a49e323)) * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([#8443](#8443)) ([40c1961](40c1961))
|
🎉 This change has been released in version 6.1.0-alpha.1 |
parseplatformorg
pushed a commit
that referenced
this pull request
May 1, 2023
# [6.1.0](6.0.0...6.1.0) (2023-05-01) ### Bug Fixes * LiveQuery can return incorrectly formatted date ([#8456](#8456)) ([4ce135a](4ce135a)) * Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([#8446](#8446)) ([22d2446](22d2446)) * Parameters missing in `afterFind` trigger of authentication adapters ([#8458](#8458)) ([ce34747](ce34747)) * Rate limiting across multiple servers via Redis not working ([#8469](#8469)) ([d9e347d](d9e347d)) * Security upgrade jsonwebtoken to 9.0.0 ([#8420](#8420)) ([f5bfe45](f5bfe45)) ### Features * Add `afterFind` trigger to authentication adapters ([#8444](#8444)) ([c793bb8](c793bb8)) * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([#8436](#8436)) ([b3b76de](b3b76de)) * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](#7551)) ([e5d610e](e5d610e)) * Add rate limiting across multiple servers via Redis ([#8394](#8394)) ([34833e4](34833e4)) * Allow multiple origins for header `Access-Control-Allow-Origin` ([#8517](#8517)) ([4f15539](4f15539)) * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([#8388](#8388)) ([a49e323](a49e323)) * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([#8443](#8443)) ([40c1961](40c1961))
|
🎉 This change has been released in version 6.1.0 |
mtrezza
added a commit
to mtrezza/parse-server
that referenced
this pull request
Jun 10, 2023
commit 1506273 Author: semantic-release-bot <semantic-release-bot@martynus.net> Date: Sat May 20 23:24:03 2023 +0000 chore(release): 6.2.0 [skip ci] # [6.2.0](parse-community/parse-server@6.1.0...6.2.0) (2023-05-20) ### Features * Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([parse-community#8538](parse-community#8538)) ([a318e7b](parse-community@a318e7b)) commit a318e7b Author: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Sun May 21 01:23:00 2023 +0200 feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (parse-community#8538) commit 832702d Author: semantic-release-bot <semantic-release-bot@martynus.net> Date: Mon May 1 21:50:23 2023 +0000 chore(release): 6.1.0 [skip ci] # [6.1.0](parse-community/parse-server@6.0.0...6.1.0) (2023-05-01) ### Bug Fixes * LiveQuery can return incorrectly formatted date ([parse-community#8456](parse-community#8456)) ([4ce135a](parse-community@4ce135a)) * Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([parse-community#8446](parse-community#8446)) ([22d2446](parse-community@22d2446)) * Parameters missing in `afterFind` trigger of authentication adapters ([parse-community#8458](parse-community#8458)) ([ce34747](parse-community@ce34747)) * Rate limiting across multiple servers via Redis not working ([parse-community#8469](parse-community#8469)) ([d9e347d](parse-community@d9e347d)) * Security upgrade jsonwebtoken to 9.0.0 ([parse-community#8420](parse-community#8420)) ([f5bfe45](parse-community@f5bfe45)) ### Features * Add `afterFind` trigger to authentication adapters ([parse-community#8444](parse-community#8444)) ([c793bb8](parse-community@c793bb8)) * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([parse-community#8436](parse-community#8436)) ([b3b76de](parse-community@b3b76de)) * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([parse-community#7551](parse-community#7551)) ([e5d610e](parse-community@e5d610e)) * Add rate limiting across multiple servers via Redis ([parse-community#8394](parse-community#8394)) ([34833e4](parse-community@34833e4)) * Allow multiple origins for header `Access-Control-Allow-Origin` ([parse-community#8517](parse-community#8517)) ([4f15539](parse-community@4f15539)) * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([parse-community#8388](parse-community#8388)) ([a49e323](parse-community@a49e323)) * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([parse-community#8443](parse-community#8443)) ([40c1961](parse-community@40c1961)) commit 18b63d1 Merge: f7eee19 f59d46c Author: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Mon May 1 23:49:22 2023 +0200 build: Release (parse-community#8526)
mtrezza
added a commit
to mtrezza/parse-server
that referenced
this pull request
Jun 10, 2023
commit 1506273 Author: semantic-release-bot <semantic-release-bot@martynus.net> Date: Sat May 20 23:24:03 2023 +0000 chore(release): 6.2.0 [skip ci] # [6.2.0](parse-community/parse-server@6.1.0...6.2.0) (2023-05-20) ### Features * Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([parse-community#8538](parse-community#8538)) ([a318e7b](parse-community@a318e7b)) commit a318e7b Author: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Sun May 21 01:23:00 2023 +0200 feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (parse-community#8538) commit 832702d Author: semantic-release-bot <semantic-release-bot@martynus.net> Date: Mon May 1 21:50:23 2023 +0000 chore(release): 6.1.0 [skip ci] # [6.1.0](parse-community/parse-server@6.0.0...6.1.0) (2023-05-01) ### Bug Fixes * LiveQuery can return incorrectly formatted date ([parse-community#8456](parse-community#8456)) ([4ce135a](parse-community@4ce135a)) * Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([parse-community#8446](parse-community#8446)) ([22d2446](parse-community@22d2446)) * Parameters missing in `afterFind` trigger of authentication adapters ([parse-community#8458](parse-community#8458)) ([ce34747](parse-community@ce34747)) * Rate limiting across multiple servers via Redis not working ([parse-community#8469](parse-community#8469)) ([d9e347d](parse-community@d9e347d)) * Security upgrade jsonwebtoken to 9.0.0 ([parse-community#8420](parse-community#8420)) ([f5bfe45](parse-community@f5bfe45)) ### Features * Add `afterFind` trigger to authentication adapters ([parse-community#8444](parse-community#8444)) ([c793bb8](parse-community@c793bb8)) * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([parse-community#8436](parse-community#8436)) ([b3b76de](parse-community@b3b76de)) * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([parse-community#7551](parse-community#7551)) ([e5d610e](parse-community@e5d610e)) * Add rate limiting across multiple servers via Redis ([parse-community#8394](parse-community#8394)) ([34833e4](parse-community@34833e4)) * Allow multiple origins for header `Access-Control-Allow-Origin` ([parse-community#8517](parse-community#8517)) ([4f15539](parse-community@4f15539)) * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([parse-community#8388](parse-community#8388)) ([a49e323](parse-community@a49e323)) * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([parse-community#8443](parse-community#8443)) ([40c1961](parse-community@40c1961)) commit 18b63d1 Merge: f7eee19 f59d46c Author: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Mon May 1 23:49:22 2023 +0200 build: Release (parse-community#8526)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New Pull Request Checklist
Issue Description
Allows the option for returning an error "A user with the email com does not exist." when an invalid password reset is called, instead of the current return true.
Closes: #7434
Approach
Adds password policy option: resetPasswordSuccessOnInvalidEmail, which defaults to true. Does not change any existing functionality unless implicitly set.
TODOs before merging