Add account unlock on password reset

[mtrezza]

New Pull Request Checklist

• I am not disclosing a vulnerability.
• I am creating this PR in reference to an issue.

Issue Description

Resetting the password of an account does not lift the account lock, which is unusual behavior compared to major online services and therefore may cause confusion on the user side.

Related issue: closes #6773

Approach

Added new account policy that allows to automatically unlock an account after successfully resetting the password.

accountLockout: {
  unlockOnPasswordReset: true // Is true if the account lock should be removed after a successful password reset. Default: false
}

This is added as a policy option to account for different security policies, depending on use case.

TODOs before merging

• Add test cases
• Add Parse Server account policy option
• Add entry to changelog
• Add changes to documentation (guides, repository pages, in-code descriptions)

[codecov]

Codecov Report

Merging #7146 (0a76ac8) into master (857d4ec) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #7146   +/-   ##
=======================================
  Coverage   93.92%   93.92%           
=======================================
  Files         169      169           
  Lines       12535    12547   +12     
=======================================
+ Hits        11773    11785   +12     
  Misses        762      762           

Impacted Files	Coverage Δ
src/Options/Definitions.js	100.00% <ø> (ø)
src/Options/index.js	100.00% <ø> (ø)
src/AccountLockout.js	97.56% <100.00%> (+0.19%)	⬆️
src/Config.js	91.22% <100.00%> (+0.26%)	⬆️
src/Controllers/SchemaCache.js	100.00% <100.00%> (ø)
src/Controllers/UserController.js	95.27% <100.00%> (+0.15%)	⬆️
src/RestWrite.js	93.67% <0.00%> (-0.17%)	⬇️
...dapters/Storage/Postgres/PostgresStorageAdapter.js	95.93% <0.00%> (-0.16%)	⬇️
src/Adapters/Storage/Mongo/MongoStorageAdapter.js	93.51% <0.00%> (+0.67%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 857d4ec...8539315. Read the comment docs.

[Moumouls]

I'll take a look asap 🙂

[davimacedo]

It is a minor item, but why do we have all these changes?

[mtrezza]

Oh, these changes actually seem to occur for me on npm run definitions. The file is then built with double quotes. Could you try this out on your side, if that happens as well?

[mtrezza]

It seems that the generator already adds the double quotes before writing to file, as I can see when inspecting the res output:

parse-server/resources/buildConfigDefinitions.js

Line 279 in 25fb576

const res = babel.transformFileSync('./src/Options/index.js', { plugins: [ plugin, '@babel/transform-flow-strip-types' ], babelrc: false, auxiliaryCommentBefore, sourceMaps: false });

This babel issue describes that the quotes option has also been removed and babel outputs with double quotes. So much about babel's side at least.

[mtrezza]

OK, when I run npm run prettier the double quotes are removed. That also affects some other files though, which are not related to this PR. What is the current workflow - should we have prettier run as a pre-commit hook? It seems that currently a PR is not guaranteed to be merged with prettier, if the author did not manually run it?

[davimacedo]

LGTM!

[mtrezza]

Not merging yet, looking into definitions quotes changes.

Update: Solved -- ready for review.

[parseplatformorg]

🎉 This change has been released in version 5.0.0-beta.1

[parseplatformorg]

🎉 This change has been released in version 5.0.0