parse-community
fix: Deny requests for ip restricted master keys
Pull Request
- Report security issues confidentially.
- Any contribution is under this license.
- Link this pull request to an issue.
Issue
Closes: #8829
Approach
Tasks
- [ ] Add tests
- [ ] Add changes to documentation (guides, repository pages, code comments)
- [ ] Add security check
- [ ] Add new Parse Error codes to Parse JS SDK
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
I will reformat the title to use the proper commit message syntax.
@mtrezza Most of the fails are because of the update we are doing.
The test fails with these lines
- Error: Access denied: IP address '127.0.0.1' is not authorized to use the master key.
But one test has a different problem which is the Node v14 test, it is timeout for live query
At this point, I need to check what those failing tests stand for and what they are doing. It would be better to take advice or help from the test creators or someone who knows what they stand for.
But as an oversight, what I see from error logs;
- We need to add local IP addresses to our Parse-Server config for our tests. In this case
127.0.0.1but that won't work if the test env running on an IPv6 env. - Update the tests according to our breaking change
- Remove the failing tests cause they are trying to test a breaking change but this will eventually lead to step 2
I have fixed the test cases that were related to this current change, there are still more failed tests are exist but they are unrelated to this change, please give me Write access to this pull request so I can push my commit @suathh @mtrezza
