(req)
| 448 | } |
| 449 | |
| 450 | handleVerifyPassword(req) { |
| 451 | return this._authenticateUserFromRequest(req) |
| 452 | .then(async user => { |
| 453 | // Remove hidden properties. |
| 454 | UsersRouter.removeHiddenProperties(user); |
| 455 | // Re-fetch the user with the caller's auth context so that |
| 456 | // protectedFields and CLP apply correctly; if the caller used master key, |
| 457 | // protectedFields are bypassed, matching the behavior of GET /users/:id |
| 458 | const refetchAuth = |
| 459 | req.auth.isMaster || req.auth.isMaintenance |
| 460 | ? req.auth |
| 461 | : new Auth.Auth({ |
| 462 | config: req.config, |
| 463 | isMaster: false, |
| 464 | user: Parse.Object.fromJSON({ className: '_User', objectId: user.objectId }), |
| 465 | installationId: req.info.installationId, |
| 466 | }); |
| 467 | let filteredUser; |
| 468 | try { |
| 469 | const filteredUserResponse = await rest.get( |
| 470 | req.config, |
| 471 | refetchAuth, |
| 472 | '_User', |
| 473 | user.objectId, |
| 474 | {}, |
| 475 | req.info.clientSDK, |
| 476 | req.info.context |
| 477 | ); |
| 478 | filteredUser = filteredUserResponse.results?.[0]; |
| 479 | } catch { |
| 480 | // re-fetch may fail for legacy users without ACL; fall through |
| 481 | } |
| 482 | if (!filteredUser) { |
| 483 | filteredUser = user; |
| 484 | } |
| 485 | UsersRouter.removeHiddenProperties(filteredUser); |
| 486 | return { response: filteredUser }; |
| 487 | }) |
| 488 | .catch(error => { |
| 489 | throw error; |
| 490 | }); |
| 491 | } |
| 492 | |
| 493 | async handleLogOut(req) { |
| 494 | const success = { response: {} }; |
no test coverage detected