Skip to content

fix: Fetching _User crashes when authData remains after auth provider is removed from config#10535

Open
dblythy wants to merge 1 commit into
parse-community:alphafrom
dblythy:fix/stale-authdata-removed-provider-10526
Open

fix: Fetching _User crashes when authData remains after auth provider is removed from config#10535
dblythy wants to merge 1 commit into
parse-community:alphafrom
dblythy:fix/stale-authdata-removed-provider-10526

Conversation

@dblythy

@dblythy dblythy commented Jul 4, 2026

Copy link
Copy Markdown
Member

Closes #10526

Summary by CodeRabbit

  • Bug Fixes
    • User fetches now continue to succeed even when stored authentication data refers to a provider that is no longer configured.
    • Stale authentication data is preserved during full fetches instead of causing the request to fail or being removed unexpectedly.
    • Improved handling of provider-specific post-fetch processing so one missing provider no longer affects the entire user record.

@parse-github-assistant

Copy link
Copy Markdown

🚀 Thanks for opening this pull request! We appreciate your effort in improving the project. Please let us know once your pull request is ready for review.

Tip

  • Keep pull requests small. Large PRs will be rejected. Break complex features into smaller, incremental PRs.
  • Use Test Driven Development. Write failing tests before implementing functionality. Ensure tests pass.
  • Group code into logical blocks. Add a short comment before each block to explain its purpose.
  • We offer conceptual guidance. Coding is up to you. PRs must be merge-ready for human review.
  • Our review focuses on concept, not quality. PRs with code issues will be rejected. Use an AI agent.
  • Human review time is precious. Avoid review ping-pong. Inspect and test your AI-generated code.

Note

Please respond to review comments from AI agents just like you would to comments from a human reviewer. Let the reviewer resolve their own comments, unless they have reviewed and accepted your commit, or agreed with your explanation for why the feedback was incorrect.

Caution

Pull requests must be written using an AI agent with human supervision. Pull requests written entirely by a human will likely be rejected, because of lower code quality, higher review effort and the higher risk of introducing bugs. Please note that AI review comments on this pull request alone do not satisfy this requirement. Our CI and AI review are safeguards, not development tools. If many issues are flagged, rethink your development approach. Invest more effort in planning and design rather than using review cycles to fix low-quality code.

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Adds a try/catch around per-provider adapter resolution in runAfterFind in the Auth adapters index, logging a warning and skipping afterFind processing for a provider when resolution fails, plus a regression test verifying fetch no longer crashes with stale authData for a removed provider.

Changes

Stale authData crash fix

Layer / File(s) Summary
Guard adapter resolution in runAfterFind
src/Adapters/Auth/index.js
Imports logger and wraps getValidatorForProvider(provider) in try/catch within runAfterFind; on failure, logs a warning and skips afterFind for that provider instead of throwing.
Regression test for stale authData fetch
spec/AuthenticationAdaptersV2.spec.js
Adds a test that injects stale built-in provider authData, removes the provider from config, and verifies a master-key fetch resolves with unmodified authData.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

Suggested reviewers: mtrezza

🚥 Pre-merge checks | ✅ 5 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description only says "Closes #10526" and misses the required Issue, Approach, and Tasks sections. Add the Issue, Approach, and Tasks sections and briefly describe the fix, tests added, and any completed checklist items.
Security Check ⚠️ Warning Skipping afterFind for removed code-auth providers returns raw authData (including access tokens), undoing the redaction normally done by BaseCodeAuthAdapter.afterFind. Keep the crash fix, but redact stale provider authData (at least return {id} or mask secrets) instead of skipping provider afterFind entirely.
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title is clear and correctly summarizes the fix, and it uses the required fix: prefix.
Linked Issues check ✅ Passed The code and test address #10526 by preventing afterFind from failing when stale built-in authData remains after provider removal.
Out of Scope Changes check ✅ Passed The changes are limited to the crash fix and a regression test, with no unrelated or out-of-scope additions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Engage In Review Feedback ✅ Passed No substantive review feedback comments were present, so there was nothing to ignore or resolve without discussion.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.68%. Comparing base (cce91e5) to head (a2e51c3).
⚠️ Report is 1 commits behind head on alpha.

Additional details and impacted files
@@            Coverage Diff             @@
##            alpha   #10535      +/-   ##
==========================================
+ Coverage   92.66%   92.68%   +0.01%     
==========================================
  Files         193      193              
  Lines       16981    16985       +4     
  Branches      248      248              
==========================================
+ Hits        15736    15742       +6     
+ Misses       1224     1222       -2     
  Partials       21       21              

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dblythy

dblythy commented Jul 5, 2026

Copy link
Copy Markdown
Member Author

@coderabbitai full review

@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown
✅ Action performed

Full review finished.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/Adapters/Auth/index.js (1)

4-4: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Solid, minimal fix consistent with existing pattern.

The try/catch mirrors the existing error-swallowing pattern already used in getProviders() (Line 279-283) for the same loadAuthAdapter failure mode, and correctly prevents a single stale/removed provider from crashing the whole _User afterFind processing for all providers in the Promise.all.

One minor note: this will log a warning on every single fetch of an affected _User row until the stale authData is cleaned up or the provider reconfigured, which could be noisy for high-traffic affected accounts. Consider whether logger.warn (vs. logger.verbose/debug) is the right level long-term, but this is a reasonable default for surfacing the issue.

Also applies to: 232-245

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/Adapters/Auth/index.js` at line 4, The new try/catch around
loadAuthAdapter in Auth processing is fine, but logger.warn will emit on every
_User afterFind fetch for the same stale provider and may be too noisy under
load. Update the logging in the affected path to use a lower-noise level such as
logger.verbose or logger.debug, or otherwise gate repeated warnings, while
keeping the existing error-swallowing behavior consistent with getProviders()
and the Promise.all flow.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/Adapters/Auth/index.js`:
- Line 4: The new try/catch around loadAuthAdapter in Auth processing is fine,
but logger.warn will emit on every _User afterFind fetch for the same stale
provider and may be too noisy under load. Update the logging in the affected
path to use a lower-noise level such as logger.verbose or logger.debug, or
otherwise gate repeated warnings, while keeping the existing error-swallowing
behavior consistent with getProviders() and the Promise.all flow.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d58ab1e2-34ca-4160-8d79-73b83e930169

📥 Commits

Reviewing files that changed from the base of the PR and between 7e9d53a and a2e51c3.

📒 Files selected for processing (2)
  • spec/AuthenticationAdaptersV2.spec.js
  • src/Adapters/Auth/index.js

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Fetching _User crashes when authData remains after auth provider is removed from config

1 participant