fix: `Parse.Query.select('authData')` for `_User` class doesn't return auth data#10055

mtrezza · 2026-02-12T19:48:50Z

Pull Request

Report security issues confidentially.
Any contribution is under this license.

Issue

Parse.Query.select('authData') for _User class doesn't return auth data. The reason is that the authData field is synthesized and actually stored as _auth_data_<PROVIDER> in the _User obj. So setting authData as selected key for MongoDB won't find a field of such name.

Summary by CodeRabbit

New Features
- Retrieve a user’s authentication data when explicitly selected in queries using the master key.
- Add a function to list configured authentication providers (built-in and custom).
Tests
- Added a test verifying retrieval of authData via master-key queries.

parse-github-assistant · 2026-02-12T19:48:55Z

🚀 Thanks for opening this pull request!

coderabbitai · 2026-02-12T19:49:12Z

📝 Walkthrough

Walkthrough

Adds a test ensuring authData is returned when selected with masterKey, exposes a new getProviders() API to enumerate configured auth providers, and updates _User query projection to include internal _auth_data_<provider> fields when authData is requested.

Changes

Cohort / File(s)	Summary
Test Coverage `spec/ParseUser.spec.js`	Adds a test that logs in a user with Facebook auth, queries `_User` selecting `authData` with `useMasterKey: true`, and asserts returned `authData` contains `facebook.id` and `facebook.access_token`.
Auth Provider Discovery `src/Adapters/Auth/index.js`	Adds and exports `getProviders()` which returns configured/auth-adapter-backed provider names (combines built-ins and custom providers; optionally excludes `anonymous`).
Query Projection Logic `src/RestQuery.js`	When className is `_User` and `authData` is selected, appends internal `_auth_data_<provider>` keys for configured providers to the find projection so per-provider auth fields are returned from DBs that store them separately.

Sequence Diagram(s)

sequenceDiagram
    participant Client as Client
    participant REST as REST Layer (RestQuery)
    participant Auth as Auth Adapter Registry (getProviders)
    participant DB as Database

    Client->>REST: Request _User fields=authData (useMasterKey)
    REST->>Auth: getProviders()
    Auth-->>REST: ["facebook", ...]
    REST->>DB: find(query, projection: authData + _auth_data_facebook, ...)
    DB-->>REST: user record (includes _auth_data_facebook)
    REST-->>Client: user object with authData populated

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

fix: Queries with object field authData.provider.id are incorrectly transformed to _auth_data_provider.id for custom classes #9932: Related changes to how _auth_data_<provider> fields are handled for _User authData queries.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description identifies the issue but lacks implementation details and is missing critical sections from the template like Approach and Tasks checklist.	Add an Approach section describing the implementation strategy and complete the Tasks checklist to indicate which tasks were completed for this PR.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main fix: enabling Parse.Query.select('authData') to return auth data for the _User class.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into `alpha`

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

No actionable comments were generated in the recent review. 🎉

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/Adapters/Auth/index.js`:
- Around line 264-270: The catch block in the filter over allProviders uses an
unused exception binding `e`; update the try/catch in the function that returns
[...allProviders].filter(...) (the block that calls loadAuthAdapter(provider,
authOptions)) to remove the unused binding by changing `catch (e)` to an empty
catch `catch {}` (and keep returning false inside it) so the linter no longer
complains about an unused variable while preserving the current behavior.

🧹 Nitpick comments (1)

src/Adapters/Auth/index.js (1)

257-271: Consider caching or memoizing the provider list.

getProviders() calls loadAuthAdapter() for every configured provider on each invocation. In RestQuery.runFind, this is called for every _User query that selects authData. Since the set of configured providers doesn't change at runtime (barring server reconfiguration), computing this repeatedly is wasteful. A simple lazy-cached value (invalidated on config change) would avoid redundant adapter loading.

src/Adapters/Auth/index.js

parseplatformorg · 2026-02-12T19:52:53Z

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

codecov · 2026-02-12T19:59:58Z

Codecov Report

❌ Patch coverage is 92.85714% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 92.57%. Comparing base (1af6c0d) to head (48e5ead).
⚠️ Report is 2 commits behind head on alpha.

Files with missing lines	Patch %	Lines
src/Adapters/Auth/index.js	87.50%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##            alpha   #10055   +/-   ##
=======================================
  Coverage   92.57%   92.57%           
=======================================
  Files         191      191           
  Lines       15589    15603   +14     
  Branches      176      176           
=======================================
+ Hits        14432    14445   +13     
- Misses       1145     1146    +1     
  Partials       12       12

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

# [9.3.0-alpha.5](9.3.0-alpha.4...9.3.0-alpha.5) (2026-02-12) ### Bug Fixes * `Parse.Query.select('authData')` for `_User` class doesn't return auth data ([#10055](#10055)) ([44a5bb1](44a5bb1))

parseplatformorg · 2026-02-12T20:46:46Z

🎉 This change has been released in version 9.3.0-alpha.5

fix

3b27713

Merge branch 'alpha' into fix/auth-data-select

060419f

coderabbitai bot requested changes Feb 12, 2026

View reviewed changes

src/Adapters/Auth/index.js Show resolved Hide resolved

docs

f52fe00

lint

48e5ead

coderabbitai bot approved these changes Feb 12, 2026

View reviewed changes

mtrezza merged commit 44a5bb1 into parse-community:alpha Feb 12, 2026
22 of 23 checks passed

mtrezza deleted the fix/auth-data-select branch February 12, 2026 20:46

parseplatformorg added the state:released-alpha Released as alpha version label Feb 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: `Parse.Query.select('authData')` for `_User` class doesn't return auth data#10055