Skip to content

fix: Queries with object field authData.provider.id are incorrectly transformed to _auth_data_provider.id for custom classes #9932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mtrezza merged 1 commit into from
Nov 17, 2025
Merged

fix: Queries with object field authData.provider.id are incorrectly transformed to _auth_data_provider.id for custom classes #9932

mtrezza merged 1 commit into from
Nov 17, 2025

Conversation

@mtrezza
Copy link
Member

@mtrezza mtrezza commented Nov 17, 2025
edited
Loading

Pull Request

Issue

Queries with authData.provider.id are incorrectly transformed to _auth_data_provider.id for all classes. This transformation should only occur for the _User class, where authData is a special field with internal MongoDB representation. For custom classes, authData should be treated as a regular field and remain untransformed.

Approach

Changes:

  • Add className check in transformQueryKeyValue to restrict authData transformation to _User class only
  • Add test case verifying authData queries work correctly for both _User and custom classes

All other MongoDB authData transformations are already class-specific:

  • DatabaseController.js:317 - Already checks className === '_User'
  • MongoTransform.js:1204 - Already checks className === '_User'

This fix at line was the only missing check.

Summary by CodeRabbit

  • Bug Fixes

    • Fixed authData transformation logic to correctly restrict transformations to User records, preventing unintended behavior where other data types could be incorrectly transformed.

  • Tests

    • Added test coverage for authData transformation behavior across different record types.

@parse-github-assistant
Copy link

parse-github-assistant bot commented Nov 17, 2025
edited
Loading

🚀 Thanks for opening this pull request!

@coderabbitai
Copy link

coderabbitai bot commented Nov 17, 2025
edited
Loading

📝 Walkthrough

Walkthrough

A test has been added to verify authData transformation behavior in MongoDB queries. The implementation is updated to restrict authData field mapping to the _User class only, preventing unintended transformations in other classes.

Changes

Cohort / File(s) Summary
Test validation for authData transformation
spec/MongoTransform.spec.js		 New test added to verify authData transformation behavior differs between _User and non-User classes
className check in query transformation
src/Adapters/Storage/Mongo/MongoTransform.js		 Modified transformQueryKeyValue to only map authData fields to special _auth_data_<provider>.id keys when className is '_User'

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

  • Focus on verifying the className equality check is placed correctly in the control flow
  • Confirm the test covers both the _User and non-User class branches
  • Verify no side effects to other authData handling logic outside this conditional

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main fix: restricting authData transformation to the _User class and preventing incorrect transformation for custom classes.
Description check ✅ Passed The description covers the issue, approach, and implementation details. However, the 'Issue' section does not include a link to the GitHub issue as required by the template.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@parseplatformorg
Copy link
Contributor

parseplatformorg commented Nov 17, 2025

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@mtrezza mtrezza added state:breaking Breaking change requires major version increment and `BREAKING CHANGE` commit message and removed state:breaking Breaking change requires major version increment and `BREAKING CHANGE` commit message labels Nov 17, 2025
@mtrezza mtrezza changed the title fix: Queries with object field authData are transformed for custom classes fix: Queries with object field authData.provider.id are incorrectly transformed to _auth_data_provider.id for custom classes Nov 17, 2025
@codecov
Copy link

codecov bot commented Nov 17, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.07%. Comparing base (7d5e9fc) to head (29fcd6b).
⚠️ Report is 3 commits behind head on alpha.

Additional details and impacted files 
@@           Coverage Diff           @@
##            alpha    #9932   +/-   ##
=======================================
  Coverage   93.07%   93.07%           
=======================================
  Files         187      187           
  Lines       15243    15243           
  Branches      177      177           
=======================================
  Hits        14187    14187           
  Misses       1044     1044           
  Partials       12       12

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mtrezza mtrezza merged commit 7b9fa18 into parse-community:alpha Nov 17, 2025
27 of 28 checks passed
@mtrezza mtrezza deleted the fix/auth-data-transform branch November 17, 2025 16:47
parseplatformorg pushed a commit that referenced this pull request Nov 17, 2025
@semantic-release-bot
chore(release): 8.5.0-alpha.10 [skip ci]
fcede16 
# [8.5.0-alpha.10](8.5.0-alpha.9...8.5.0-alpha.10) (2025-11-17)

### Bug Fixes

* Queries with object field `authData.provider.id` are incorrectly transformed to `_auth_data_provider.id` for custom classes ([#9932](#9932)) ([7b9fa18](7b9fa18))
@parseplatformorg
Copy link
Contributor

parseplatformorg commented Nov 17, 2025

🎉 This change has been released in version 8.5.0-alpha.10

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Nov 17, 2025
parseplatformorg pushed a commit that referenced this pull request Dec 1, 2025
@semantic-release-bot
chore(release): 8.5.0 [skip ci]
b479102 
# [8.5.0](8.4.0...8.5.0) (2025-12-01)

### Bug Fixes

* `GridFSBucketAdapter` throws when using some Parse Server specific options in MongoDB database options ([#9915](#9915)) ([d3d4003](d3d4003))
* Deprecation warning logged at server launch for nested Parse Server option even if option is explicitly set ([#9934](#9934)) ([c22cb0a](c22cb0a))
* Parse Server option `rateLimit.zone` does not use default value `ip` ([#9941](#9941)) ([12beb8f](12beb8f))
* Queries with object field `authData.provider.id` are incorrectly transformed to `_auth_data_provider.id` for custom classes ([#9932](#9932)) ([7b9fa18](7b9fa18))
* Race condition can cause multiple Apollo server initializations under load ([#9929](#9929)) ([7d5e9fc](7d5e9fc))
* Server internal error details leaking in error messages returned to clients ([#9937](#9937)) ([50edb5a](50edb5a))

### Features

* Add `beforePasswordResetRequest` hook ([#9906](#9906)) ([94cee5b](94cee5b))
* Add MongoDB client event logging via database option `logClientEvents` ([#9914](#9914)) ([b760733](b760733))
* Add Parse Server option `allowPublicExplain` to allow `Parse.Query.explain` without master key ([#9890](#9890)) ([4456b02](4456b02))
* Add Parse Server option `enableSanitizedErrorResponse` to remove detailed error messages from responses sent to clients ([#9944](#9944)) ([4752197](4752197))
* Add support for MongoDB driver options `serverSelectionTimeoutMS`, `maxIdleTimeMS`, `heartbeatFrequencyMS` ([#9910](#9910)) ([1b661e9](1b661e9))
* Add support for more MongoDB driver options ([#9911](#9911)) ([cff451e](cff451e))
* Allow option `publicServerURL` to be set dynamically as asynchronous function ([#9803](#9803)) ([460a65c](460a65c))
* Upgrade to parse 7.1.1 ([#9954](#9954)) ([fa57d69](fa57d69))
* Upgrade to parse 7.1.2 ([#9955](#9955)) ([5c644a5](5c644a5))

### Performance Improvements

* `Parse.Query.include` now fetches pointers at same level in parallel ([#9861](#9861)) ([dafea21](dafea21))
* Remove unused dependencies ([#9943](#9943)) ([d4c6de0](d4c6de0))
* Upgrade MongoDB driver to 6.20.0 ([#9887](#9887)) ([3c9af48](3c9af48))
@parseplatformorg
Copy link
Contributor

parseplatformorg commented Dec 1, 2025

🎉 This change has been released in version 8.5.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Dec 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

state:released Released as stable version state:released-alpha Released as alpha version

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mtrezza @parseplatformorg