Protected fields fix

[acinader]

We launch the parse server using the cli.

I discovered after releasing parse-server@3.2.1 last night that our userSensitiveFields were leaking.

I tracked it down to the fact that the cli merges in the defaults before instantiating ParseServer.

My fix is to always process and merge userSensitiveFields if they exist.

I'd like to get this in and publish 3.2.2.

[acinader]

@awgeorge review please?

[mrmarcsmith]

Looks good!

[codecov]

Codecov Report

Merging #5463 into master will increase coverage by 0.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #5463      +/-   ##
==========================================
+ Coverage   93.91%   93.92%   +0.01%     
==========================================
  Files         123      123              
  Lines        9024     9025       +1     
==========================================
+ Hits         8475     8477       +2     
+ Misses        549      548       -1

Impacted Files	Coverage Δ
src/ParseServer.js	96.29% <100%> (+0.02%)	⬆️
src/RestWrite.js	93.26% <0%> (+0.18%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 11976b8...edf7fd6. Read the comment docs.

[awgeorge]

Some initial thoughts - will run it against my server now.

[acinader]

ok.

1. I removed the initialization code in question. It wasn't getting covered so I was trying to test it (and remember why I put it in in the first place).

2. I also notice that some of the unit test in UserPII.spec.js were failing, but the failure was getting swallowed. Here is what I noticed:

✓ should not get PII via REST (0.29 sec)
error undefined UserPII.spec.js:183

when I dug into it, I discovered that it was a false fail because some of the tests were running before the beforeEach that sets up the user. I returned all promises to jasmine and made sure that we weren't calling done after an error occurs and they all appear to be working as expected.

@awgeorge I think we're good now to push this to clean up leaking userSensitiveFields (but not email) for users like me who use the cli to launch.

[acinader]

an error with the request gets swallowed here.

[acinader]

cause this resolves the error and we go into the then.

[acinader]

AH! forgot to run build locally. I see the failing test.

[acinader]

third times a charm?

I think I fully reasoned through the various states that options.protectedFields will be.

when we take out sensitiveFields in the next minor release, we can get rid of all this logic....

[awgeorge]

Cheers for the patch - good to know about the CLI mode.