Add options to _linkWith(provider) for masterKey (#767)

* Don't add the session token to the save options.
Remove test that verifies that session token is added to save options

* Allow master key to be used with ParseUser._link

needed to link in cloud code.

* 1. add saveOptions to recursive _link call
2. add a fixme to add options to unlink too

* attempt to cover changes.  unusccessfully

* add integration tests

* unit tests

* test for custom auth

Author: acinader

integration/server.js

@@ -1,22 +1,27 @@
 const express = require('express');
 const ParseServer = require('parse-server').ParseServer;
 const app = express();
+const CustomAuth = require('./test/CustomAuth');
 
-// Specify the connection string for your mongodb database
-// and the location to your Parse cloud code
 const api = new ParseServer({
   databaseURI: 'mongodb://localhost:27017/integration',
   appId: 'integration',
   masterKey: 'notsosecret',
-  serverURL: 'http://localhost:1337/parse', // Don't forget to change to https if needed
+  serverURL: 'http://localhost:1337/parse',
   cloud: `${__dirname}/cloud/main.js`,
   liveQuery: {
     classNames: ['TestObject', 'DiffObject'],
   },
   startLiveQueryServer: true,
+  auth: {
+    myAuth: {
+      module: CustomAuth,
+      option1: 'hello',
+      option2: 'world',
+    }
+  }
 });
 
-// Serve the Parse API on the /parse URL prefix
 app.use('/parse', api);
 
 const TestUtils = require('parse-server').TestUtils;

integration/test/CustomAuth.js

@@ -0,0 +1,13 @@
+/* eslint-disable */
+function validateAuthData(authData, options) {
+  return Promise.resolve({})
+}
+
+function validateAppId(appIds, authData, options) {
+  return Promise.resolve({});
+}
+
+module.exports = {
+  validateAppId,
+  validateAuthData,
+};

integration/test/ParseUserTest.js

@@ -17,6 +17,20 @@ class CustomUser extends Parse.User {
 }
 Parse.Object.registerSubclass('CustomUser', CustomUser);
 
+const provider = {
+  authenticate: () => Promise.resolve(),
+  restoreAuthentication: () => true,
+  getAuthType: () => 'anonymous',
+  getAuthData() {
+    return {
+      authData: {
+        id: '1234',
+      },
+    };
+  },
+};
+Parse.User._registerAuthenticationProvider(provider);
+
 describe('Parse User', () => {
   beforeAll(() => {
     Parse.initialize('integration', null, 'notsosecret');
@@ -562,4 +576,77 @@ describe('Parse User', () => {
     expect(user instanceof CustomUser).toBe(true);
     expect(user.doSomething()).toBe(5);
   });
+
+  it('can link without master key', async () => {
+    Parse.User.enableUnsafeCurrentUser();
+
+    const user = new Parse.User();
+    user.setUsername('Alice');
+    user.setPassword('sekrit');
+    await user.signUp();
+    await user._linkWith(provider.getAuthType(), provider.getAuthData());
+    expect(user._isLinked(provider)).toBe(true);
+    await user._unlinkFrom(provider);
+    expect(user._isLinked(provider)).toBe(false);
+  });
+
+  it('can link with master key', async () => {
+    Parse.User.disableUnsafeCurrentUser();
+
+    const user = new Parse.User();
+    user.setUsername('Alice');
+    user.setPassword('sekrit');
+    await user.save(null, { useMasterKey: true });
+    await user._linkWith(provider.getAuthType(), provider.getAuthData(), { useMasterKey: true });
+    expect(user._isLinked(provider)).toBe(true);
+    await user._unlinkFrom(provider, { useMasterKey: true });
+    expect(user._isLinked(provider)).toBe(false);
+  });
+
+  it('can link with session token', async () => {
+    Parse.User.disableUnsafeCurrentUser();
+
+    const user = new Parse.User();
+    user.setUsername('Alice');
+    user.setPassword('sekrit');
+    await user.signUp();
+    expect(user.isCurrent()).toBe(false);
+
+    const sessionToken = user.getSessionToken();
+    await user._linkWith(provider.getAuthType(), provider.getAuthData(), { sessionToken });
+    expect(user._isLinked(provider)).toBe(true);
+    await user._unlinkFrom(provider, { sessionToken });
+    expect(user._isLinked(provider)).toBe(false);
+  });
+
+  it('can link with custom auth', async () => {
+    Parse.User.enableUnsafeCurrentUser();
+    const provider = {
+      authenticate: () => Promise.resolve(),
+      restoreAuthentication() {
+        return true;
+      },
+
+      getAuthType() {
+        return 'myAuth';
+      },
+
+      getAuthData() {
+        return {
+          authData: {
+            id: 1234,
+          },
+        };
+      },
+    };
+    Parse.User._registerAuthenticationProvider(provider);
+    const user = new Parse.User();
+    user.setUsername('Alice');
+    user.setPassword('sekrit');
+    await user.signUp();
+    await user._linkWith(provider.getAuthType(), provider.getAuthData());
+    expect(user._isLinked(provider)).toBe(true);
+    await user._unlinkFrom(provider);
+    expect(user._isLinked(provider)).toBe(false);
+  });
 });

src/ParseObject.js

@@ -1158,10 +1158,6 @@ class ParseObject {
     if (options.hasOwnProperty('sessionToken') && typeof options.sessionToken === 'string') {
       saveOptions.sessionToken = options.sessionToken;
     }
-    // Pass sessionToken if saving currentUser
-    if (typeof this.getSessionToken === 'function' && this.getSessionToken()) {
-      saveOptions.sessionToken = this.getSessionToken();
-    }
     const controller = CoreManager.getObjectController();
     const unsaved = unsavedChildren(this);
     return controller.save(unsaved, saveOptions).then(() => {

src/ParseUser.js

@@ -77,7 +77,7 @@ class ParseUser extends ParseObject {
    * Unlike in the Android/iOS SDKs, logInWith is unnecessary, since you can
    * call linkWith on the user (even if it doesn't exist yet on the server).
    */
-  _linkWith(provider: any, options: { authData?: AuthData }): Promise {
+  _linkWith(provider: any, options: { authData?: AuthData }, saveOpts?: FullOptions): Promise {
     let authType;
     if (typeof provider === 'string') {
       authType = provider;
@@ -95,15 +95,16 @@ class ParseUser extends ParseObject {
       const controller = CoreManager.getUserController();
       return controller.linkWith(
         this,
-        authData
+        authData,
+        saveOpts
       );
     } else {
       return new Promise((resolve, reject) => {
         provider.authenticate({
           success: (provider, result) => {
             const opts = {};
             opts.authData = result;
-            this._linkWith(provider, opts).then(() => {
+            this._linkWith(provider, opts, saveOpts).then(() => {
               resolve(this);
             }, (error) => {
               reject(error);
@@ -180,13 +181,12 @@ class ParseUser extends ParseObject {
 
   /**
    * Unlinks a user from a service.
-
    */
-  _unlinkFrom(provider: any) {
+  _unlinkFrom(provider: any, options?: FullOptions) {
     if (typeof provider === 'string') {
       provider = authProviders[provider];
     }
-    return this._linkWith(provider, { authData: null }).then(() => {
+    return this._linkWith(provider, { authData: null }, options).then(() => {
       this._synchronizeAuthData(provider);
       return Promise.resolve(this);
     });
@@ -1054,8 +1054,8 @@ const DefaultController = {
     });
   },
 
-  linkWith(user: ParseUser, authData: AuthData) {
-    return user.save({ authData }).then(() => {
+  linkWith(user: ParseUser, authData: AuthData, options: FullOptions) {
+    return user.save({ authData }, options).then(() => {
       if (canUseCurrentUser) {
         return DefaultController.setCurrentUser(user);
       }

src/__tests__/ParseUser-test.js

@@ -742,31 +742,6 @@ describe('ParseUser', () => {
     spy.mockRestore();
   });
 
-  it('can pass sessionToken on save', async () => {
-    ParseUser.enableUnsafeCurrentUser();
-    ParseUser._clearCache();
-    CoreManager.setRESTController({
-      request() {
-        return Promise.resolve({
-          objectId: 'uid5',
-          sessionToken: 'r:123abc',
-          authData: {
-            anonymous: {
-              id: 'anonymousId',
-            }
-          }
-        }, 200);
-      },
-      ajax() {}
-    });
-    const user = await AnonymousUtils.logIn();
-    user.set('field', 'hello');
-    jest.spyOn(user, 'getSessionToken');
-
-    await user.save();
-    expect(user.getSessionToken).toHaveBeenCalledTimes(2);
-  });
-
   it('can destroy anonymous user on logout', async () => {
     ParseUser.enableUnsafeCurrentUser();
     ParseUser._clearCache();
@@ -792,6 +767,31 @@ describe('ParseUser', () => {
     expect(user.destroy).toHaveBeenCalledTimes(1);
   });
 
+  it('can unlink', async () => {
+    const provider = AnonymousUtils._getAuthProvider();
+    ParseUser._registerAuthenticationProvider(provider);
+    const user = new ParseUser();
+    jest.spyOn(user, '_linkWith');
+    user._unlinkFrom(provider);
+    expect(user._linkWith).toHaveBeenCalledTimes(1);
+    expect(user._linkWith).toHaveBeenCalledWith(provider, { authData: null }, undefined);
+  });
+
+  it('can unlink with options', async () => {
+    const provider = AnonymousUtils._getAuthProvider();
+    ParseUser._registerAuthenticationProvider(provider);
+    const user = new ParseUser();
+    jest.spyOn(user, '_linkWith')
+      .mockImplementationOnce((authProvider, authData, saveOptions) => {
+        expect(authProvider).toEqual(provider);
+        expect(authData).toEqual({ authData: null});
+        expect(saveOptions).toEqual({ useMasterKey: true });
+        return Promise.resolve();
+      });
+    user._unlinkFrom(provider.getAuthType(), { useMasterKey: true });
+    expect(user._linkWith).toHaveBeenCalledTimes(1);
+  });
+
   it('can destroy anonymous user when login new user', async () => {
     ParseUser.enableUnsafeCurrentUser();
     ParseUser._clearCache();
@@ -876,4 +876,44 @@ describe('ParseUser', () => {
       done();
     });
   });
+
+  it('can linkWith options', async () => {
+    ParseUser._clearCache();
+    CoreManager.setRESTController({
+      request(method, path, body, options) {
+        expect(options).toEqual({ useMasterKey: true });
+        return Promise.resolve({
+          objectId: 'uid5',
+          sessionToken: 'r:123abc',
+          authData: {
+            test: {
+              id: 'id',
+              access_token: 'access_token'
+            }
+          }
+        }, 200);
+      },
+      ajax() {}
+    });
+    const provider = {
+      authenticate(options) {
+        if (options.success) {
+          options.success(this, {
+            id: 'id',
+            access_token: 'access_token'
+          });
+        }
+      },
+      restoreAuthentication() {},
+      getAuthType() {
+        return 'test';
+      },
+      deauthenticate() {}
+    };
+
+    const user = new ParseUser();
+    await user._linkWith(provider, null, { useMasterKey: true });
+
+    expect(user.get('authData')).toEqual({ test: { id: 'id', access_token: 'access_token' } });
+  });
 });