diff --git a/package-lock.json b/package-lock.json
index 4abb0752bc..662366bb33 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,7 +15,6 @@
"@graphql-tools/merge": "9.0.8",
"@graphql-tools/schema": "10.0.7",
"@graphql-tools/utils": "10.5.5",
- "@node-rs/bcrypt": "1.10.5",
"@parse/fs-files-adapter": "3.0.0",
"@parse/push-adapter": "6.4.1",
"bcryptjs": "2.4.3",
diff --git a/src/Adapters/Auth/OAuth1Client.js b/src/Adapters/Auth/OAuth1Client.js
index fec508ba8b..25ad816016 100644
--- a/src/Adapters/Auth/OAuth1Client.js
+++ b/src/Adapters/Auth/OAuth1Client.js
@@ -4,7 +4,8 @@ var Parse = require('parse/node').Parse;
var OAuth = function (options) {
if (!options) {
- throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'No options passed to OAuth');
+ console.error('No options passed to OAuth');
+ throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Configuration error.');
}
this.consumer_key = options.consumer_key;
this.consumer_secret = options.consumer_secret;
diff --git a/src/Adapters/Auth/apple.js b/src/Adapters/Auth/apple.js
index 4fd1153b75..db8621a903 100644
--- a/src/Adapters/Auth/apple.js
+++ b/src/Adapters/Auth/apple.js
@@ -20,9 +20,10 @@ const getAppleKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
try {
key = await authUtils.getSigningKey(client, keyId);
} catch (error) {
+ console.error(`Unable to find matching key for Key ID: ${keyId}. Error: ${error.message}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `Unable to find matching key for Key ID: ${keyId}`
+ `Unauthorized`
);
}
return key;
@@ -30,7 +31,8 @@ const getAppleKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMaxAge }) => {
if (!token) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token is invalid for this user.`);
+ console.error('Invalid token');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
}
const { kid: keyId, alg: algorithm } = authUtils.getHeaderFromToken(token);
@@ -51,19 +53,21 @@ const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMa
});
} catch (exception) {
const message = exception.message;
-
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
+ console.error(`JWT verification failed. Error: ${message}`);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
}
if (jwtClaims.iss !== TOKEN_ISSUER) {
+ console.error(`Token issuer mismatch. Expected: ${TOKEN_ISSUER}, Received: ${jwtClaims.iss}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`
+ `Unauthorized`
);
}
if (jwtClaims.sub !== id) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `auth data is invalid for this user.`);
+ console.error(`Token subject mismatch for user ID: ${id}.`);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
}
return jwtClaims;
};
diff --git a/src/Adapters/Auth/facebook.js b/src/Adapters/Auth/facebook.js
index 858e9579c6..dc608ebbb7 100644
--- a/src/Adapters/Auth/facebook.js
+++ b/src/Adapters/Auth/facebook.js
@@ -28,7 +28,8 @@ function validateGraphToken(authData, options) {
if ((data && data.id == authData.id) || (process.env.TESTING && authData.id === 'test')) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
+ console.error(`Invalid Facebook auth for user with ID: ${authData.id}`);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
});
}
@@ -38,16 +39,19 @@ async function validateGraphAppId(appIds, authData, options) {
return;
}
if (!Array.isArray(appIds)) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.');
+ console.error('appIds must be an array.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
if (!appIds.length) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is not configured.');
+ console.error('Authentication is not configured.')
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
const data = await graphRequest(
`app?access_token=${access_token}${getAppSecretPath(authData, options)}`
);
if (!data || !appIds.includes(data.id)) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
+ console.error('Invalid authentication data.')
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
}
@@ -63,9 +67,10 @@ const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
try {
key = await authUtils.getSigningKey(client, keyId);
} catch (error) {
+ console.error(`Unable to find matching key for Key ID: ${keyId}. Error: ${error.message}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `Unable to find matching key for Key ID: ${keyId}`
+ `Unable to validate authentication key.`
);
}
return key;
@@ -73,7 +78,7 @@ const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMaxAge }) => {
if (!token) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'id token is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'invalid token.');
}
const { kid: keyId, alg: algorithm } = authUtils.getHeaderFromToken(token);
@@ -94,19 +99,22 @@ const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMa
});
} catch (exception) {
const message = exception.message;
+ console.error(`JWT verification failed. Error: ${message}`);
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized access.`);
}
if (jwtClaims.iss !== TOKEN_ISSUER) {
+ console.error(`id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`
+ `Unauthorized access.`
);
}
if (jwtClaims.sub !== id) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'auth data is invalid for this user.');
+ console.error(`Token subject mismatch for user ID: ${id}.`);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid authentication data.');
}
return jwtClaims;
};
diff --git a/src/Adapters/Auth/gcenter.js b/src/Adapters/Auth/gcenter.js
index f70c254188..e71725b06d 100644
--- a/src/Adapters/Auth/gcenter.js
+++ b/src/Adapters/Auth/gcenter.js
@@ -39,9 +39,10 @@ function convertX509CertToPEM(X509Cert) {
async function getAppleCertificate(publicKeyUrl) {
if (!verifyPublicKeyUrl(publicKeyUrl)) {
+ console.error(`Invalid publicKeyUrl: ${publicKeyUrl}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
+ `Unauthorized`
);
}
if (cache[publicKeyUrl]) {
@@ -62,9 +63,10 @@ async function getAppleCertificate(publicKeyUrl) {
cert_headers['content-length'] == null ||
cert_headers['content-length'] > 10000
) {
+ console.error(`Invalid publicKeyUrl: ${publicKeyUrl}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
+ `Unauthorized`
);
}
const { certificate, headers } = await getCertificate(publicKeyUrl);
@@ -126,29 +128,33 @@ function verifySignature(publicKey, authData) {
verifier.update(authData.salt, 'base64');
if (!verifier.verify(publicKey, authData.signature, 'base64')) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center - invalid signature');
+ console.error('Invalid signature during Apple Game Center verification.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
}
function verifyPublicKeyIssuer(cert, publicKeyUrl) {
const publicKeyCert = pki.certificateFromPem(cert);
if (!ca.cert) {
+ console.error('Invalid root certificate during Apple Game Center verification.');
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.'
+ 'Unauthorized'
);
}
try {
if (!ca.cert.verify(publicKeyCert)) {
+ console.error(`Invalid publicKeyUrl issuer: ${publicKeyUrl}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
+ `Unauthorized`
);
}
} catch (e) {
+ console.error(`Error verifying publicKeyUrl issuer: ${e.message}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
+ `Unauthorized`
);
}
return cert;
@@ -157,7 +163,8 @@ function verifyPublicKeyIssuer(cert, publicKeyUrl) {
// Returns a promise that fulfills if this user id is valid.
async function validateAuthData(authData) {
if (!authData.id) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center - authData id missing');
+ console.error('Missing authData id during Apple Game Center validation.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
authData.playerId = authData.id;
const publicKey = await getAppleCertificate(authData.publicKeyUrl);
@@ -179,9 +186,10 @@ async function validateAppId(appIds, authData, options = {}) {
headers['content-length'] == null ||
headers['content-length'] > 10000
) {
+ console.error('Invalid root certificate URL during Apple Game Center validation.');
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.'
+ 'Unauthorized'
);
}
ca.cert = pki.certificateFromPem(certificate);
diff --git a/src/Adapters/Auth/github.js b/src/Adapters/Auth/github.js
index 75233d53fd..76a89ed141 100644
--- a/src/Adapters/Auth/github.js
+++ b/src/Adapters/Auth/github.js
@@ -8,7 +8,8 @@ function validateAuthData(authData) {
if (data && data.id == authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Github auth is invalid for this user.');
+ console.error('Github auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
});
}
diff --git a/src/Adapters/Auth/google.js b/src/Adapters/Auth/google.js
index 755eb3c673..52c087a261 100644
--- a/src/Adapters/Auth/google.js
+++ b/src/Adapters/Auth/google.js
@@ -68,18 +68,22 @@ async function verifyIdToken({ id_token: token, id }, { clientId }) {
});
} catch (exception) {
const message = exception.message;
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
+ console.error(`Google Sign-In Validation Error: ${message}`);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
}
if (jwtClaims.iss !== TOKEN_ISSUER && jwtClaims.iss !== HTTPS_TOKEN_ISSUER) {
+ console.error(`id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- `id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}`
+ 'Unauthorized'
);
}
if (jwtClaims.sub !== id) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `auth data is invalid for this user.`);
+ const errMsg = `Token subject does not match user id.`;
+ console.error(`Google Sign-In Validation Error: ${errMsg}`);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
if (clientId && jwtClaims.aud !== clientId) {
diff --git a/src/Adapters/Auth/gpgames.js b/src/Adapters/Auth/gpgames.js
index 4462a7897d..f38a7f2977 100644
--- a/src/Adapters/Auth/gpgames.js
+++ b/src/Adapters/Auth/gpgames.js
@@ -15,9 +15,10 @@ async function validateAuthData(authData) {
`https://www.googleapis.com/games/v1/players/${authData.id}?access_token=${authData.access_token}`
);
if (!(response && response.playerId === authData.id)) {
+ console.error('Google Play Games Services - authData is invalid for this user.');
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'Google Play Games Services - authData is invalid for this user.'
+ 'Authentication Failed'
);
}
}
diff --git a/src/Adapters/Auth/instagram.js b/src/Adapters/Auth/instagram.js
index 521796de63..0d23c39066 100644
--- a/src/Adapters/Auth/instagram.js
+++ b/src/Adapters/Auth/instagram.js
@@ -12,7 +12,8 @@ function validateAuthData(authData) {
if (user && user.id == authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Instagram auth is invalid for this user.');
+ console.error('Instagram auth is invalid for this user.')
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
});
}
diff --git a/src/Adapters/Auth/janraincapture.js b/src/Adapters/Auth/janraincapture.js
index 01670e84aa..2a4feeb8b5 100644
--- a/src/Adapters/Auth/janraincapture.js
+++ b/src/Adapters/Auth/janraincapture.js
@@ -11,9 +11,10 @@ function validateAuthData(authData, options) {
if (data && data.stat == 'ok' && data.result == authData.id) {
return;
}
+ console.error('Janrain capture auth is invalid for this user.')
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'Janrain capture auth is invalid for this user.'
+ 'Unauthorized'
);
});
}
diff --git a/src/Adapters/Auth/janrainengage.js b/src/Adapters/Auth/janrainengage.js
index 6e1589e724..4d333c7e1d 100644
--- a/src/Adapters/Auth/janrainengage.js
+++ b/src/Adapters/Auth/janrainengage.js
@@ -11,9 +11,10 @@ function validateAuthData(authData, options) {
if (data && data.stat == 'ok' && data.profile.identifier == authData.id) {
return;
}
+ console.error('Janrain engage auth is invalid for this user.');
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'Janrain engage auth is invalid for this user.'
+ 'Unauthorized'
);
});
}
diff --git a/src/Adapters/Auth/keycloak.js b/src/Adapters/Auth/keycloak.js
index fd72e58e85..afc0323cb6 100644
--- a/src/Adapters/Auth/keycloak.js
+++ b/src/Adapters/Auth/keycloak.js
@@ -51,10 +51,12 @@ const arraysEqual = (_arr1, _arr2) => {
const handleAuth = async ({ access_token, id, roles, groups } = {}, { config } = {}) => {
if (!(access_token && id)) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Missing access token and/or User id');
+ console.error('Missing access token and/or User id');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed');
}
if (!config || !(config['auth-server-url'] && config['realm'])) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Missing keycloak configuration');
+ console.error('Missing Keycloak configuration');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed');
}
try {
const response = await httpsRequest.get({
@@ -73,18 +75,22 @@ const handleAuth = async ({ access_token, id, roles, groups } = {}, { config } =
) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid authentication');
+ console.error('Invalid authentication: response data does not match');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed');
} catch (e) {
if (e instanceof Parse.Error) {
+ console.error('Parse Error:', e.message);
throw e;
}
const error = JSON.parse(e.text);
if (error.error_description) {
- throw new Parse.Error(Parse.Error.HOSTING_ERROR, error.error_description);
+ console.error('Authentication server error:', error.error_description);
+ throw new Parse.Error(Parse.Error.HOSTING_ERROR, 'Authentication failed');
} else {
+ console.error('Could not connect to the authentication server');
throw new Parse.Error(
Parse.Error.HOSTING_ERROR,
- 'Could not connect to the authentication server'
+ 'Authentication failed'
);
}
}
diff --git a/src/Adapters/Auth/ldap.js b/src/Adapters/Auth/ldap.js
index 8ea735698f..9db4091d6d 100644
--- a/src/Adapters/Auth/ldap.js
+++ b/src/Adapters/Auth/ldap.js
@@ -3,8 +3,9 @@ const Parse = require('parse/node').Parse;
function validateAuthData(authData, options) {
if (!optionsAreValid(options)) {
+ console.error('LDAP auth configuration missing');
return new Promise((_, reject) => {
- reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'LDAP auth configuration missing'));
+ reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication failed'));
});
}
const clientOptions = options.url.startsWith('ldaps://')
@@ -26,18 +27,19 @@ function validateAuthData(authData, options) {
case 49:
error = new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'LDAP: Wrong username or password'
+ 'Authentication failed'
);
break;
case 'DEPTH_ZERO_SELF_SIGNED_CERT':
- error = new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'LDAPS: Certificate mismatch');
+ error = new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Certificate mismatch');
break;
default:
error = new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'LDAP: Somthing went wrong (' + ldapError.code + ')'
+ 'Authentication failed'
);
}
+ console.error('LDAP Error:', ldapError);
reject(error);
client.destroy(ldapError);
return;
@@ -75,7 +77,8 @@ function searchForGroup(client, options, id, resolve, reject) {
if (searchError) {
client.unbind();
client.destroy();
- return reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'LDAP group search failed'));
+ console.error('LDAP Search Error:', searchError);
+ return reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication failed'));
}
res.on('searchEntry', entry => {
if (entry.pojo.attributes.find(obj => obj.type === 'cn').values.includes(options.groupCn)) {
@@ -90,14 +93,15 @@ function searchForGroup(client, options, id, resolve, reject) {
client.unbind();
client.destroy();
return reject(
- new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'LDAP: User not in group')
+ new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication failed')
);
}
});
res.on('error', () => {
client.unbind();
client.destroy();
- return reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'LDAP group search failed'));
+ console.error('LDAP Group Search Error');
+ return reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication failed'));
});
});
}
diff --git a/src/Adapters/Auth/line.js b/src/Adapters/Auth/line.js
index d773323f70..24cba9f752 100644
--- a/src/Adapters/Auth/line.js
+++ b/src/Adapters/Auth/line.js
@@ -8,7 +8,11 @@ function validateAuthData(authData) {
if (response && response.userId && response.userId === authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Line auth is invalid for this user.');
+ console.error('Line auth validation failed. Response:', response);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid authentication');
+ }).catch(err=>{
+ console.error('Error validating Line auth:',err);
+ throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication validation failed');
});
}
diff --git a/src/Adapters/Auth/linkedin.js b/src/Adapters/Auth/linkedin.js
index 4faa2eb2a9..56a8ce24b6 100644
--- a/src/Adapters/Auth/linkedin.js
+++ b/src/Adapters/Auth/linkedin.js
@@ -8,7 +8,8 @@ function validateAuthData(authData) {
if (data && data.id == authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Linkedin auth is invalid for this user.');
+ console.error('Linkedin auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed');
});
}
diff --git a/src/Adapters/Auth/meetup.js b/src/Adapters/Auth/meetup.js
index 93dc1d48ad..e36048738b 100644
--- a/src/Adapters/Auth/meetup.js
+++ b/src/Adapters/Auth/meetup.js
@@ -8,7 +8,8 @@ function validateAuthData(authData) {
if (data && data.id == authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Meetup auth is invalid for this user.');
+ console.error('Meetup auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed');
});
}
diff --git a/src/Adapters/Auth/microsoft.js b/src/Adapters/Auth/microsoft.js
index 9f4f5c4ea4..3090fd8afa 100644
--- a/src/Adapters/Auth/microsoft.js
+++ b/src/Adapters/Auth/microsoft.js
@@ -8,9 +8,10 @@ function validateAuthData(authData) {
if (response && response.id && response.id == authData.id) {
return;
}
+ console.error('Microsoft Graph auth is invalid for this user.');
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'Microsoft Graph auth is invalid for this user.'
+ 'Authentication failed'
);
});
}
diff --git a/src/Adapters/Auth/oauth2.js b/src/Adapters/Auth/oauth2.js
index ba1fe7bc4f..9ab2a44bb7 100644
--- a/src/Adapters/Auth/oauth2.js
+++ b/src/Adapters/Auth/oauth2.js
@@ -58,10 +58,12 @@ const querystring = require('querystring');
const httpsRequest = require('./httpsRequest');
const INVALID_ACCESS = 'OAuth2 access token is invalid for this user.';
+const INVALID_RESPONSE = 'Authentication failed';
const INVALID_ACCESS_APPID =
"OAuth2: the access_token's appID is empty or is not in the list of permitted appIDs in the auth configuration.";
const MISSING_APPIDS =
'OAuth2 configuration is missing the client app IDs ("appIds" config parameter).';
+const MISSING_RESPONSE = 'Configuration Error.';
const MISSING_URL = 'OAuth2 token introspection endpoint URL is missing from configuration!';
// Returns a promise that fulfills if this user id is valid.
@@ -72,7 +74,8 @@ function validateAuthData(authData, options) {
!response.active ||
(options.useridField && authData.id !== response[options.useridField])
) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_ACCESS);
+ console.error(INVALID_ACCESS);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_RESPONSE);
}
});
}
@@ -82,15 +85,18 @@ function validateAppId(appIds, authData, options) {
return Promise.resolve();
}
if (!appIds || appIds.length === 0) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_APPIDS);
+ console.error(MISSING_APPIDS);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_RESPONSE);
}
return requestTokenInfo(options, authData.access_token).then(response => {
if (!response || !response.active) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_ACCESS);
+ console.error(INVALID_ACCESS);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_RESPONSE);
}
const appidField = options.appidField;
if (!response[appidField]) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_ACCESS_APPID);
+ console.error(INVALID_ACCESS_APPID);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_RESPONSE);
}
const responseValue = response[appidField];
if (!Array.isArray(responseValue) && appIds.includes(responseValue)) {
@@ -101,7 +107,8 @@ function validateAppId(appIds, authData, options) {
) {
return;
} else {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_ACCESS_APPID);
+ console.error(INVALID_ACCESS_APPID);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_RESPONSE);
}
});
}
@@ -109,7 +116,8 @@ function validateAppId(appIds, authData, options) {
// A promise wrapper for requests to the OAuth2 token introspection endpoint.
function requestTokenInfo(options, access_token) {
if (!options || !options.tokenIntrospectionEndpointUrl) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_URL);
+ console.error(MISSING_URL);
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_RESPONSE);
}
const parsedUrl = new URL(options.tokenIntrospectionEndpointUrl);
const postData = querystring.stringify({
diff --git a/src/Adapters/Auth/phantauth.js b/src/Adapters/Auth/phantauth.js
index a7fba68dc5..1f8bdda1a8 100644
--- a/src/Adapters/Auth/phantauth.js
+++ b/src/Adapters/Auth/phantauth.js
@@ -14,7 +14,8 @@ function validateAuthData(authData) {
if (data && data.sub == authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'PhantAuth auth is invalid for this user.');
+ console.error('PhantAuth auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
});
}
diff --git a/src/Adapters/Auth/qq.js b/src/Adapters/Auth/qq.js
index dddc7cc7a3..fc25cc7c6b 100644
--- a/src/Adapters/Auth/qq.js
+++ b/src/Adapters/Auth/qq.js
@@ -8,7 +8,8 @@ function validateAuthData(authData) {
if (data && data.openid == authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'qq auth is invalid for this user.');
+ console.error('qq auth is invalid for this user.')
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
});
}
@@ -28,7 +29,8 @@ function parseResponseData(data) {
const starPos = data.indexOf('(');
const endPos = data.indexOf(')');
if (starPos == -1 || endPos == -1) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'qq auth is invalid for this user.');
+ console.error('qq auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
data = data.substring(starPos + 1, endPos - 1);
return JSON.parse(data);
diff --git a/src/Adapters/Auth/spotify.js b/src/Adapters/Auth/spotify.js
index 604868d078..a7551025ea 100644
--- a/src/Adapters/Auth/spotify.js
+++ b/src/Adapters/Auth/spotify.js
@@ -8,7 +8,8 @@ function validateAuthData(authData) {
if (data && data.id == authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Spotify auth is invalid for this user.');
+ console.error('Spotify auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
});
}
@@ -16,14 +17,17 @@ function validateAuthData(authData) {
async function validateAppId(appIds, authData) {
const access_token = authData.access_token;
if (!Array.isArray(appIds)) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.');
+ console.error('appIds must be an array.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
if (!appIds.length) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Spotify auth is not configured.');
+ console.error('Spotify auth is not configured.')
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
const data = await request('me', access_token);
if (!data || !appIds.includes(data.id)) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Spotify auth is invalid for this user.');
+ console.error('Spotify auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
}
diff --git a/src/Adapters/Auth/twitter.js b/src/Adapters/Auth/twitter.js
index eac83cbed4..ae63ecb4ca 100644
--- a/src/Adapters/Auth/twitter.js
+++ b/src/Adapters/Auth/twitter.js
@@ -5,7 +5,8 @@ var Parse = require('parse/node').Parse;
// Returns a promise that fulfills iff this user id is valid.
function validateAuthData(authData, options) {
if (!options) {
- throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Twitter auth configuration missing');
+ console.error('Twitter auth configuration missing');
+ throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Unauthorized');
}
options = handleMultipleConfigurations(authData, options);
var client = new OAuth(options);
@@ -17,7 +18,8 @@ function validateAuthData(authData, options) {
if (data && data.id_str == '' + authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Twitter auth is invalid for this user.');
+ console.error('Twitter auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
});
}
@@ -30,14 +32,16 @@ function handleMultipleConfigurations(authData, options) {
if (Array.isArray(options)) {
const consumer_key = authData.consumer_key;
if (!consumer_key) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Twitter auth is invalid for this user.');
+ console.error('Twitter auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
options = options.filter(option => {
return option.consumer_key == consumer_key;
});
if (options.length == 0) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Twitter auth is invalid for this user.');
+ console.error('Twitter auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
}
options = options[0];
}
diff --git a/src/Adapters/Auth/utils.js b/src/Adapters/Auth/utils.js
index 0d4d7cd8a2..7f16692aeb 100644
--- a/src/Adapters/Auth/utils.js
+++ b/src/Adapters/Auth/utils.js
@@ -4,7 +4,8 @@ const Parse = require('parse/node').Parse;
const getHeaderFromToken = token => {
const decodedToken = jwt.decode(token, { complete: true });
if (!decodedToken) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `provided token does not decode as JWT`);
+ console.error('provided token does not decode as JWT');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
}
return decodedToken.header;
diff --git a/src/Adapters/Auth/vkontakte.js b/src/Adapters/Auth/vkontakte.js
index 46fd1248ae..fbba25bd32 100644
--- a/src/Adapters/Auth/vkontakte.js
+++ b/src/Adapters/Auth/vkontakte.js
@@ -21,10 +21,12 @@ function validateAuthData(authData, params) {
) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Vk auth is invalid for this user.');
+ console.error('Vk auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed.');
});
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Vk appIds or appSecret is incorrect.');
+ console.error('Vk appIds or appSecret is incorrect.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed.');
});
}
@@ -37,9 +39,10 @@ function vkOAuth2Request(params) {
!params.appSecret ||
!params.appSecret.length
) {
+ console.error('Vk auth is not configured. Missing appIds or appSecret.');
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
- 'Vk auth is not configured. Missing appIds or appSecret.'
+ 'Configuration Error'
);
}
if (!params.apiVersion) {
diff --git a/src/Adapters/Auth/wechat.js b/src/Adapters/Auth/wechat.js
index 82ddb851ef..9d5448e453 100644
--- a/src/Adapters/Auth/wechat.js
+++ b/src/Adapters/Auth/wechat.js
@@ -9,7 +9,8 @@ function validateAuthData(authData) {
if (data.errcode == 0) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'wechat auth is invalid for this user.');
+ console.error('wechat auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed.');
}
);
}
diff --git a/src/Adapters/Auth/weibo.js b/src/Adapters/Auth/weibo.js
index a29c3872df..5f34d28f72 100644
--- a/src/Adapters/Auth/weibo.js
+++ b/src/Adapters/Auth/weibo.js
@@ -9,7 +9,8 @@ function validateAuthData(authData) {
if (data && data.uid == authData.id) {
return;
}
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'weibo auth is invalid for this user.');
+ console.error('weibo auth is invalid for this user.');
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed.');
});
}