Kill without validation (parse-community#2089)

* remove WithoutValidation from config and push * remove one use of WithoutValidation * remove another WithoutValidation * Kill WithoutValidation and skipValidation
iconso22 · Jun 27, 2016 · e4cfe5a · e4cfe5a
1 parent 147b493
commit e4cfe5a
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 35 deletions.
diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
@@ -80,18 +80,13 @@ const validateQuery = query => {
   });
 }
 
-function DatabaseController(adapter, { skipValidation } = {}) {
+function DatabaseController(adapter) {
   this.adapter = adapter;
 
   // We don't want a mutable this.schema, because then you could have
   // one request that uses different schemas for different parts of
   // it. Instead, use loadSchema to get a schema.
   this.schemaPromise = null;
-  this.skipValidation = !!skipValidation;
-}
-
-DatabaseController.prototype.WithoutValidation = function() {
-  return new DatabaseController(this.adapter, { skipValidation: true });
 }
 
 DatabaseController.prototype.collectionExists = function(className) {
@@ -105,9 +100,6 @@ DatabaseController.prototype.purgeCollection = function(className) {
 };
 
 DatabaseController.prototype.validateClassName = function(className) {
-  if (this.skipValidation) {
-    return Promise.resolve();
-  }
   if (!SchemaController.classNameIsValid(className)) {
     return Promise.reject(new Parse.Error(Parse.Error.INVALID_CLASS_NAME, 'invalid className: ' + className));
   }
@@ -189,8 +181,7 @@ DatabaseController.prototype.update = function(className, query, update, {
   acl,
   many,
   upsert,
-} = {}) {
-
+} = {}, skipSanitization = false) {
   const originalUpdate = update;
   // Make a copy of the object, so we don't mutate the incoming data.
   update = deepcopy(update);
@@ -252,7 +243,7 @@ DatabaseController.prototype.update = function(className, query, update, {
       if (!result) {
         return Promise.reject(new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.'));
       }
-      if (this.skipValidation) {
+      if (skipSanitization) {
         return Promise.resolve(result);
       }
       return sanitizeDatabaseResult(originalUpdate, result);

diff --git a/src/Controllers/UserController.js b/src/Controllers/UserController.js
@@ -45,8 +45,7 @@ export class UserController extends AdaptableController {
       // TODO: Better error here.
       throw undefined;
     }
-    let database = this.config.database.WithoutValidation();
-    return database.update('_User', {
+    return this.config.database.update('_User', {
       username: username,
       _email_verify_token: token
     }, {emailVerified: true}).then(document => {
@@ -58,8 +57,7 @@ export class UserController extends AdaptableController {
   }
 
   checkResetTokenValidity(username, token) {
-    let database = this.config.database.WithoutValidation();
-    return database.find('_User', {
+    return this.config.database.find('_User', {
       username: username,
       _perishable_token: token
     }, {limit: 1}).then(results => {
@@ -114,9 +112,7 @@ export class UserController extends AdaptableController {
   }
 
   setPasswordResetToken(email) {
-    let token = randomString(25);
-    let database = this.config.database.WithoutValidation();
-    return database.update('_User', {email: email}, {_perishable_token: token});
+    return this.config.database.update('_User', { email }, { _perishable_token: randomString(25) }, {}, true)
   }
 
   sendPasswordResetEmail(email) {
@@ -126,8 +122,8 @@ export class UserController extends AdaptableController {
       return;
     }
 
-    return this.setPasswordResetToken(email).then((user) => {
-
+    return this.setPasswordResetToken(email)
+    .then(user => {
       const token = encodeURIComponent(user._perishable_token);
       const username = encodeURIComponent(user.username);
       let link = `${this.config.requestResetPasswordURL}?token=${token}&username=${username}`
@@ -149,14 +145,12 @@ export class UserController extends AdaptableController {
   }
 
   updatePassword(username, token, password, config) {
-   return this.checkResetTokenValidity(username, token).then((user) => {
-     return updateUserPassword(user.objectId, password, this.config);
-   }).then(() => {
-      // clear reset password token
-      return this.config.database.WithoutValidation().update('_User', { username }, {
-        _perishable_token: {__op: 'Delete'}
-      });
-    });
+    return this.checkResetTokenValidity(username, token)
+    .then(user => updateUserPassword(user.objectId, password, this.config))
+    // clear reset password token
+    .then(() => this.config.database.update('_User', { username }, {
+      _perishable_token: {__op: 'Delete'}
+    }));
   }
 
   defaultVerificationEmail({link, user, appName, }) {

diff --git a/src/Routers/GlobalConfigRouter.js b/src/Routers/GlobalConfigRouter.js
@@ -5,8 +5,7 @@ import * as middleware from "../middlewares";
 
 export class GlobalConfigRouter extends PromiseRouter {
   getGlobalConfig(req) {
-    let database = req.config.database.WithoutValidation();
-    return database.find('_GlobalConfig', { objectId: 1 }, { limit: 1 }).then((results) => {
+    return req.config.database.find('_GlobalConfig', { objectId: 1 }, { limit: 1 }).then((results) => {
       if (results.length != 1) {
         // If there is no config in the database - return empty config.
         return { response: { params: {} } };
@@ -23,8 +22,7 @@ export class GlobalConfigRouter extends PromiseRouter {
       acc[`params.${key}`] = params[key];
       return acc;
     }, {});
-    let database = req.config.database.WithoutValidation();
-    return database.update('_GlobalConfig', {objectId: 1}, update, {upsert: true}).then(() => ({ response: { result: true } }));
+    return req.config.database.update('_GlobalConfig', {objectId: 1}, update, {upsert: true}).then(() => ({ response: { result: true } }));
   }
 
   mountRoutes() {

diff --git a/src/pushStatusHandler.js b/src/pushStatusHandler.js
@@ -1,5 +1,5 @@
 import { md5Hash, newObjectId } from './cryptoUtils';
-import { logger } from './logger';
+import { logger }               from './logger';
 
 const PUSH_STATUS_COLLECTION = '_PushStatus';
 
@@ -19,7 +19,7 @@ export default function pushStatusHandler(config) {
   let initialPromise;
   let pushStatus;
   let objectId = newObjectId();
-  let database = config.database.WithoutValidation();
+  let database = config.database;
 
   let setInitial = function(body = {}, where, options = {source: 'rest'}) {
     let now = new Date();