From 29624e0fae17161cd412ae58d35a195cfa286cad Mon Sep 17 00:00:00 2001 From: Onur <154966188+onurhanife@users.noreply.github.com> Date: Tue, 5 Mar 2024 22:05:54 +0300 Subject: [PATCH] feat: Deprecation DEPPS5: Config option `allowClientClassCreation` defaults to `false` (#8849) BREAKING CHANGE: The Parse Server option `allowClientClassCreation` defaults to `false`. --- DEPRECATIONS.md | 2 +- spec/ParseUser.spec.js | 28 ++++++++++++++++++++++++++++ spec/helper.js | 1 + src/Config.js | 8 ++++++++ src/Deprecator/Deprecations.js | 1 - src/Options/Definitions.js | 4 ++-- src/Options/docs.js | 2 +- src/Options/index.js | 4 ++-- 8 files changed, 43 insertions(+), 7 deletions(-) diff --git a/DEPRECATIONS.md b/DEPRECATIONS.md index 73841840f9..af683c2d46 100644 --- a/DEPRECATIONS.md +++ b/DEPRECATIONS.md @@ -8,7 +8,7 @@ The following is a list of deprecations, according to the [Deprecation Policy](h | DEPPS2 | Config option `directAccess` defaults to `true` | [#6636](https://github.com/parse-community/parse-server/pull/6636) | 5.0.0 (2022) | 6.0.0 (2023) | removed | - | | DEPPS3 | Config option `enforcePrivateUsers` defaults to `true` | [#7319](https://github.com/parse-community/parse-server/pull/7319) | 5.0.0 (2022) | 6.0.0 (2023) | removed | - | | DEPPS4 | Remove convenience method for http request `Parse.Cloud.httpRequest` | [#7589](https://github.com/parse-community/parse-server/pull/7589) | 5.0.0 (2022) | 6.0.0 (2023) | removed | - | -| DEPPS5 | Config option `allowClientClassCreation` defaults to `false` | [#7925](https://github.com/parse-community/parse-server/pull/7925) | 5.3.0 (2022) | 7.0.0 (2024) | deprecated | - | +| DEPPS5 | Config option `allowClientClassCreation` defaults to `false` | [#7925](https://github.com/parse-community/parse-server/pull/7925) | 5.3.0 (2022) | 7.0.0 (2024) | removed | - | | DEPPS6 | Auth providers disabled by default | [#7953](https://github.com/parse-community/parse-server/pull/7953) | 5.3.0 (2022) | 7.0.0 (2024) | removed | - | | DEPPS7 | Remove file trigger syntax `Parse.Cloud.beforeSaveFile((request) => {})` | [#7966](https://github.com/parse-community/parse-server/pull/7966) | 5.3.0 (2022) | 7.0.0 (2024) | removed | - | | DEPPS8 | Login with expired 3rd party authentication token defaults to `false` | [#7079](https://github.com/parse-community/parse-server/pull/7079) | 5.3.0 (2022) | 7.0.0 (2024) | removed | - | diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js index 4fa7cd2804..e97db08a6c 100644 --- a/spec/ParseUser.spec.js +++ b/spec/ParseUser.spec.js @@ -4402,3 +4402,31 @@ describe('login as other user', () => { done(); }); }); + +describe('allowClientClassCreation option', () => { + it('should enforce boolean values', async () => { + const options = [[], 'a', '', 0, 1, {}, 'true', 'false']; + for (const option of options) { + await expectAsync(reconfigureServer({ allowClientClassCreation: option })).toBeRejected(); + } + }); + + it('should accept true value', async () => { + await reconfigureServer({ allowClientClassCreation: true }); + expect(Config.get(Parse.applicationId).allowClientClassCreation).toBe(true); + }); + + it('should accept false value', async () => { + await reconfigureServer({ allowClientClassCreation: false }); + expect(Config.get(Parse.applicationId).allowClientClassCreation).toBe(false); + }); + + it('should default false', async () => { + // remove predefined allowClientClassCreation:true on global defaultConfiguration + delete defaultConfiguration.allowClientClassCreation; + await reconfigureServer(defaultConfiguration); + expect(Config.get(Parse.applicationId).allowClientClassCreation).toBe(false); + // Need to set it back to true to avoid other test fails + defaultConfiguration.allowClientClassCreation = true; + }); +}); diff --git a/spec/helper.js b/spec/helper.js index f17f105e85..802dc90893 100644 --- a/spec/helper.js +++ b/spec/helper.js @@ -129,6 +129,7 @@ const defaultConfiguration = { }, shortLivedAuth: mockShortLivedAuth(), }, + allowClientClassCreation: true, }; if (process.env.PARSE_SERVER_TEST_CACHE === 'redis') { diff --git a/src/Config.js b/src/Config.js index 0e8cdda246..933cf39858 100644 --- a/src/Config.js +++ b/src/Config.js @@ -90,6 +90,7 @@ export class Config { rateLimit, databaseOptions, extendSessionOnUse, + allowClientClassCreation, }) { if (masterKey === readOnlyMasterKey) { throw new Error('masterKey and readOnlyMasterKey should be different'); @@ -132,6 +133,7 @@ export class Config { this.validateRateLimit(rateLimit); this.validateLogLevels(logLevels); this.validateDatabaseOptions(databaseOptions); + this.validateAllowClientClassCreation(allowClientClassCreation); } static validateControllers({ @@ -174,6 +176,12 @@ export class Config { } } + static validateAllowClientClassCreation(allowClientClassCreation) { + if (typeof allowClientClassCreation !== 'boolean') { + throw 'Parse Server option allowClientClassCreation must be a boolean.'; + } + } + static validateSecurityOptions(security) { if (Object.prototype.toString.call(security) !== '[object Object]') { throw 'Parse Server option security must be an object.'; diff --git a/src/Deprecator/Deprecations.js b/src/Deprecator/Deprecations.js index 0e901dfda4..6fbd358fcc 100644 --- a/src/Deprecator/Deprecations.js +++ b/src/Deprecator/Deprecations.js @@ -16,6 +16,5 @@ * If there are no deprecations, this must return an empty array. */ module.exports = [ - { optionKey: 'allowClientClassCreation', changeNewDefault: 'false' }, { optionKey: 'encodeParseObjectInCloudFunction', changeNewDefault: 'true' }, ]; diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js index f4c9619633..6db0f51d3a 100644 --- a/src/Options/Definitions.js +++ b/src/Options/Definitions.js @@ -57,9 +57,9 @@ module.exports.ParseServerOptions = { }, allowClientClassCreation: { env: 'PARSE_SERVER_ALLOW_CLIENT_CLASS_CREATION', - help: 'Enable (or disable) client class creation, defaults to true', + help: 'Enable (or disable) client class creation, defaults to false', action: parsers.booleanParser, - default: true, + default: false, }, allowCustomObjectId: { env: 'PARSE_SERVER_ALLOW_CUSTOM_OBJECT_ID', diff --git a/src/Options/docs.js b/src/Options/docs.js index 2938662949..98318d23ef 100644 --- a/src/Options/docs.js +++ b/src/Options/docs.js @@ -12,7 +12,7 @@ /** * @interface ParseServerOptions * @property {AccountLockoutOptions} accountLockout The account lockout policy for failed login attempts. - * @property {Boolean} allowClientClassCreation Enable (or disable) client class creation, defaults to true + * @property {Boolean} allowClientClassCreation Enable (or disable) client class creation, defaults to false * @property {Boolean} allowCustomObjectId Enable (or disable) custom objectId * @property {Boolean} allowExpiredAuthDataToken Allow a user to log in even if the 3rd party authentication token that was used to sign in to their account has expired. If this is set to `false`, then the token will be validated every time the user signs in to their account. This refers to the token that is stored in the `_User.authData` field. Defaults to `false`. * @property {String[]} allowHeaders Add headers to Access-Control-Allow-Headers diff --git a/src/Options/index.js b/src/Options/index.js index 22c86d255e..40187cb64b 100644 --- a/src/Options/index.js +++ b/src/Options/index.js @@ -148,9 +148,9 @@ export interface ParseServerOptions { :ENV: PARSE_SERVER_ENABLE_ANON_USERS :DEFAULT: true */ enableAnonymousUsers: ?boolean; - /* Enable (or disable) client class creation, defaults to true + /* Enable (or disable) client class creation, defaults to false :ENV: PARSE_SERVER_ALLOW_CLIENT_CLASS_CREATION - :DEFAULT: true */ + :DEFAULT: false */ allowClientClassCreation: ?boolean; /* Enable (or disable) custom objectId :ENV: PARSE_SERVER_ALLOW_CUSTOM_OBJECT_ID