File tree 1 file changed +5
-2
lines changed
1 file changed +5
-2
lines changed Original file line number Diff line number Diff line change @@ -524,8 +524,7 @@ RestWrite.prototype.handleAuthData = async function (authData) {
524524 const results = this . filteredObjectsByACL ( r ) ;
525525
526526 if ( results . length > 1 ) {
527- // To avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5
528- // Let's run some validation before throwing
527+ // Run validation before throwing to avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5
529528 await Auth . handleAuthDataValidation ( authData , this , results [ 0 ] ) ;
530529 throw new Parse . Error ( Parse . Error . ACCOUNT_ALREADY_LINKED , 'this auth is already used' ) ;
531530 }
@@ -546,6 +545,10 @@ RestWrite.prototype.handleAuthData = async function (authData) {
546545 if ( results . length === 1 ) {
547546 const userId = this . getUserId ( ) ;
548547 const userResult = results [ 0 ] ;
548+
549+ // Run validation to avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5
550+ await Auth . handleAuthDataValidation ( authData , this , userResult ) ;
551+
549552 // Prevent duplicate authData id
550553 if ( userId && userId !== userResult . objectId ) {
551554 throw new Parse . Error ( Parse . Error . ACCOUNT_ALREADY_LINKED , 'this auth is already used' ) ;
You can’t perform that action at this time.
0 commit comments