(config, authData, beforeFind, currentUserAuthData)
| 428 | }; |
| 429 | |
| 430 | const findUsersWithAuthData = async (config, authData, beforeFind, currentUserAuthData) => { |
| 431 | const providers = Object.keys(authData); |
| 432 | |
| 433 | const queries = await Promise.all( |
| 434 | providers.map(async provider => { |
| 435 | const providerAuthData = authData[provider]; |
| 436 | |
| 437 | // Skip providers being unlinked (null value) |
| 438 | if (providerAuthData === null) { |
| 439 | return null; |
| 440 | } |
| 441 | |
| 442 | // Skip beforeFind only when incoming data is confirmed unchanged from stored data. |
| 443 | // This handles echoed-back authData from afterFind (e.g. client sends back { id: 'x' } |
| 444 | // alongside a provider unlink). On login/signup, currentUserAuthData is undefined so |
| 445 | // beforeFind always runs, preserving it as the security gate for missing credentials. |
| 446 | const storedProviderData = currentUserAuthData?.[provider]; |
| 447 | const incomingKeys = Object.keys(providerAuthData || {}); |
| 448 | const isUnchanged = storedProviderData && incomingKeys.length > 0 && |
| 449 | !incomingKeys.some(key => !isDeepStrictEqual(providerAuthData[key], storedProviderData[key])); |
| 450 | |
| 451 | const validatorConfig = config.authDataManager.getValidatorForProvider(provider); |
| 452 | // Skip database query for unconfigured providers to avoid unindexed collection scans; |
| 453 | // the provider will be rejected later in handleAuthDataValidation with UNSUPPORTED_SERVICE |
| 454 | if (!validatorConfig?.validator) { |
| 455 | return null; |
| 456 | } |
| 457 | const adapter = validatorConfig.adapter; |
| 458 | if (beforeFind && typeof adapter?.beforeFind === 'function' && !isUnchanged) { |
| 459 | await adapter.beforeFind(providerAuthData); |
| 460 | } |
| 461 | |
| 462 | if (!providerAuthData?.id) { |
| 463 | return null; |
| 464 | } |
| 465 | |
| 466 | if (typeof providerAuthData.id !== 'string') { |
| 467 | throw new Parse.Error(Parse.Error.INVALID_VALUE, `Invalid authData id for provider '${provider}'.`); |
| 468 | } |
| 469 | |
| 470 | return { [`authData.${provider}.id`]: providerAuthData.id }; |
| 471 | }) |
| 472 | ); |
| 473 | |
| 474 | // Filter out null queries |
| 475 | const validQueries = queries.filter(query => query !== null); |
| 476 | |
| 477 | if (!validQueries.length) { |
| 478 | return []; |
| 479 | } |
| 480 | |
| 481 | // Perform database query |
| 482 | return config.database.find('_User', { $or: validQueries }, { limit: 2 }); |
| 483 | }; |
| 484 | |
| 485 | const hasMutatedAuthData = (authData, userAuthData) => { |
| 486 | if (!userAuthData) { return { hasMutatedAuthData: true, mutatedAuthData: authData }; } |
nothing calls this directly
no test coverage detected