From c16f529f74f92154401bf662f634b3c5fa45e18e Mon Sep 17 00:00:00 2001
From: Antoine Cormouls <contact.antoine.cormouls@gmail.com>
Date: Fri, 5 Aug 2022 11:25:02 +0200
Subject: [PATCH] fix: internal indices for classes `_Idempotency` and `_Role`
 are not protected in defined schema (#8121)

---
 spec/DefinedSchemas.spec.js            | 36 ++++++++++++++++++++++++++
 src/SchemaMigrations/DefinedSchemas.js | 26 ++++++++++++-------
 2 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/spec/DefinedSchemas.spec.js b/spec/DefinedSchemas.spec.js
index 9cc164640c..0b1f2a3443 100644
--- a/spec/DefinedSchemas.spec.js
+++ b/spec/DefinedSchemas.spec.js
@@ -432,6 +432,42 @@ describe('DefinedSchemas', () => {
       expect(testSchema.indexes).toBeUndefined();
       expect(userSchema.indexes).toEqual(expectedIndexes);
     });
+
+    it('should detect protected indexes for _User class', () => {
+      const definedSchema = new DefinedSchemas({}, {});
+      const protectedUserIndexes = ['_id_', 'case_insensitive_email', 'username_1', 'email_1'];
+      protectedUserIndexes.forEach(field => {
+        expect(definedSchema.isProtectedIndex('_User', field)).toEqual(true);
+      });
+      expect(definedSchema.isProtectedIndex('_User', 'test')).toEqual(false);
+    });
+
+    it('should detect protected indexes for _Role class', () => {
+      const definedSchema = new DefinedSchemas({}, {});
+      expect(definedSchema.isProtectedIndex('_Role', 'name_1')).toEqual(true);
+      expect(definedSchema.isProtectedIndex('_Role', 'test')).toEqual(false);
+    });
+
+    it('should detect protected indexes for _Idempotency class', () => {
+      const definedSchema = new DefinedSchemas({}, {});
+      expect(definedSchema.isProtectedIndex('_Idempotency', 'reqId_1')).toEqual(true);
+      expect(definedSchema.isProtectedIndex('_Idempotency', 'test')).toEqual(false);
+    });
+
+    it('should not detect protected indexes on user defined class', () => {
+      const definedSchema = new DefinedSchemas({}, {});
+      const protectedIndexes = [
+        'case_insensitive_email',
+        'username_1',
+        'email_1',
+        'reqId_1',
+        'name_1',
+      ];
+      protectedIndexes.forEach(field => {
+        expect(definedSchema.isProtectedIndex('ExampleClass', field)).toEqual(false);
+      });
+      expect(definedSchema.isProtectedIndex('ExampleClass', '_id_')).toEqual(true);
+    });
   });
 
   describe('ClassLevelPermissions', () => {
diff --git a/src/SchemaMigrations/DefinedSchemas.js b/src/SchemaMigrations/DefinedSchemas.js
index 0db3be6358..5ab737122f 100644
--- a/src/SchemaMigrations/DefinedSchemas.js
+++ b/src/SchemaMigrations/DefinedSchemas.js
@@ -399,15 +399,23 @@ export class DefinedSchemas {
   }
 
   isProtectedIndex(className: string, indexName: string) {
-    let indexes = ['_id_'];
-    if (className === '_User') {
-      indexes = [
-        ...indexes,
-        'case_insensitive_username',
-        'case_insensitive_email',
-        'username_1',
-        'email_1',
-      ];
+    const indexes = ['_id_'];
+    switch (className) {
+      case '_User':
+        indexes.push(
+          'case_insensitive_username',
+          'case_insensitive_email',
+          'username_1',
+          'email_1'
+        );
+        break;
+      case '_Role':
+        indexes.push('name_1');
+        break;
+
+      case '_Idempotency':
+        indexes.push('reqId_1');
+        break;
     }
 
     return indexes.indexOf(indexName) !== -1;