Merge remote-tracking branch 'upstream/master' into custom-branding

* upstream/master:
  docs: Update node in README
  Update sass and docker (parse-community#1792)
  ci: Remove parse server dev dependency (parse-community#1796)
  ci: modernize steps (parse-community#1789)
  fix(docker): increase node version in docker to 12 (parse-community#1788)
  Fix: Update CLP for new class (parse-community#1785)
  feat: Add MFA to Dashboard (parse-community#1624)
  ci: refactor docker ci (parse-community#1786)
  ci: Fix docker image pushing to Docker Hub (parse-community#1781)

Author: stepanic

.github/workflows/ci.yml

@@ -6,31 +6,164 @@ on:
   pull_request:
     branches:
       - '**'
+env:
+  NODE_VERSION: 16.9.0
 jobs:
+  check-ci:
+    name: CI Self-Check
+    timeout-minutes: 15
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Determine major node version
+        id: node
+        run: |
+          node_major=$(echo "${{ env.NODE_VERSION }}" | cut -d'.' -f1)
+          echo "::set-output name=node_major::$(echo $node_major)"
+      - uses: actions/checkout@v2
+      - name: Use Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ env.node-version }}
+      - name: Cache Node.js modules
+        uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-${{ env.NODE_VERSION }}-
+      - name: Install dependencies
+        run: npm ci
+      - name: CI Environments Check
+        run: npm run ci:check
+      - name: CI Node Engine Check
+        run: npm run ci:checkNodeEngine
   check-changelog:
     name: Changelog
     timeout-minutes: 5
     runs-on: ubuntu-18.04
     steps:
     - uses: actions/checkout@v2
     - uses: dangoslen/changelog-enforcer@v2
-  build:
+  # check-lint:
+  #   name: Lint
+  #   timeout-minutes: 15
+  #   runs-on: ubuntu-18.04
+  #   steps:
+  #     - uses: actions/checkout@v2
+  #     - name: Use Node.js ${{ env.NODE_VERSION }}
+  #       uses: actions/setup-node@v1
+  #       with:
+  #         node-version: ${{ env.node-version }}
+  #     - name: Cache Node.js modules
+  #       uses: actions/cache@v2
+  #       with:
+  #         path: ~/.npm
+  #         key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }}
+  #         restore-keys: |
+  #           ${{ runner.os }}-node-${{ env.NODE_VERSION }}-
+  #     - name: Install dependencies
+  #       run: npm ci
+  #     - run: npm run lint
+  check-circular:
+     name: Circular Dependencies
+     timeout-minutes: 5
+     runs-on: ubuntu-18.04
+     steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ env.node-version }}
+      - name: Cache Node.js modules
+        uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-${{ env.NODE_VERSION }}-
+      - name: Install dependencies
+        run: npm ci
+      - name: Scan for circular dependencies
+        run: npm run madge:circular
+  check-docker:
+    strategy:
+      matrix:
+        include:
+          - name: Docker linux/amd64
+            DOCKER_PLATFORM: linux/amd64
+          # Building currently fails for the platforms below
+          # - name: Docker linux/arm/v6
+          #   DOCKER_PLATFORM: linux/arm/v6
+          # - name: Docker linux/arm/v7
+          #   DOCKER_PLATFORM: linux/arm/v7
+          # - name: Docker linux/arm64/v8
+          #   DOCKER_PLATFORM: linux/arm64/v8
+      fail-fast: false
+    name: ${{ matrix.name }}
+    timeout-minutes: 15
     runs-on: ubuntu-18.04
-    timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js
-      uses: actions/setup-node@v1
-      with:
-        node-version: '10.14'
-    - name: Cache Node.js modules
-      uses: actions/cache@v2
-      with:
-        path: ~/.npm
-        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-            ${{ runner.os }}-node-
-    - run: npm ci
-    - run: ./scripts/before_script.sh
-      env:
-        CI: true
+      - uses: actions/checkout@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Build docker image
+        uses: docker/build-push-action@v2
+        with:
+          platforms: ${{ matrix.DOCKER_PLATFORM }}
+  check-lock-file-version:
+    name: NPM Lock File Version
+    timeout-minutes: 5
+    runs-on: ubuntu-18.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Check NPM lock file version
+        uses: mansona/npm-lockfile-version@v1
+        with:
+          version: 1
+  check-build:
+    strategy:
+      matrix:
+        include:
+          - name: Node 12
+            NODE_VERSION: 12.22.6
+          - name: Node 14
+            NODE_VERSION: 14.17.6
+          # Enable the following lines when Parse Dashboard reached Node 16 compatibility
+          # - name: Node 16
+          #   NODE_VERSION: 16.9.0
+      fail-fast: false
+    name: ${{ matrix.name }}
+    timeout-minutes: 15
+    runs-on: ubuntu-18.04
+    env:
+      NODE_VERSION: ${{ matrix.NODE_VERSION }}
+    steps:
+      - name: Determine major node version
+        id: node
+        run: |
+          node_major=$(echo "${{ matrix.NODE_VERSION }}" | cut -d'.' -f1)
+          echo "::set-output name=node_major::$(echo $node_major)"
+      - uses: actions/checkout@v2
+      - name: Use Node.js ${{ matrix.NODE_VERSION }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.NODE_VERSION }}
+      - name: Cache Node.js modules
+        uses: actions/cache@v2
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+              ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-
+      - name: Install dependencies (Node < 10)
+        run: npm install
+        if: ${{ steps.node.outputs.node_major < 10 }}
+      - name: Install dependencies (Node >= 10)
+        run: npm ci
+        if: ${{ steps.node.outputs.node_major >= 10 }}
+      - name: Test bundles
+        run: ./scripts/before_script.sh
+        env:
+          CI: true

.github/workflows/docker-publish.yml

@@ -0,0 +1,62 @@
+name: docker
+
+on:
+  # Disabled as we move to new branch model and plan to change the `latest` tag to mean "latest stable" instead of as currently "latest unstable"
+  # schedule:
+  #   # Nightly builds capture upstream updates to dependency images such as node.
+  #   - cron: '19 17 * * *'
+  push:
+    # Disabled as we move to new branch model and plan to change the `latest` tag to mean "latest stable" instead of as currently "latest unstable"
+    # branches: [ master ]
+    tags: [ '*.*.*' ]
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: parseplatform/parse-dashboard
+
+jobs:
+  build:
+
+    runs-on: ubuntu-18.04
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Determine branch name
+        id: branch
+        run: echo "::set-output name=branch_name::${GITHUB_REF#refs/*/}"
+
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Log into Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=${{ steps.branch.outputs.branch_name == 'master' }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

CHANGELOG.md

@@ -4,15 +4,23 @@
 [Full Changelog](https://github.com/parse-community/parse-dashboard/compare/2.2.0...master)
 
 ## New Features
+- Add multi-factor authentication to dashboard login. To use one-time password, run `parse-dashboard --createMFA` or `parse-dashboard --createUser`. (Daniel Blyth) [#1624](https://github.com/parse-community/parse-dashboard/pull/1624)
+
 ## Improvements
+- Update sass to 5.0.0 and make docker image use node:lts-alpine (Corey Baker) [#1792](https://github.com/parse-community/parse-dashboard/pull/1792)
+- Docker image use now node 12 version [#1788](https://github.com/parse-community/parse-dashboard/pull/1788)
+- CI now pushes docker images to Docker Hub (Corey Baker) [#1781](https://github.com/parse-community/parse-dashboard/pull/1781)
 - Add CI check to add changelog entry (Manuel Trezza) [#1764](https://github.com/parse-community/parse-dashboard/pull/1764)
 - Refactor: uniform issue templates across repos (Manuel Trezza) [#1767](https://github.com/parse-community/parse-dashboard/pull/1767)
 - fix: date cell value not selected on double clicks (fn-faisal) [#1730](https://github.com/parse-community/parse-dashboard/pull/1730)
 
 ## Fixes
+- Fixed bug after creating new class, wrong CLP was shown for that class [#1784](https://github.com/parse-community/parse-dashboard/issues/1784)  (Prerna Mehra) [#1785](https://github.com/parse-community/parse-dashboard/pull/1785)
 - Fixed bug when opening a big modal, modal content is not visible due to Sidebar (Prerna Mehra) [#1777](https://github.com/parse-community/parse-dashboard/pull/1778)
 - Fixed UI for a field containing an array of pointers (Prerna Mehra) [#1776](https://github.com/parse-community/parse-dashboard/pull/1776)
 - Fixed bug when editing or copying a field containing an array of pointers [#1770](https://github.com/parse-community/parse-dashboard/issues/1770) (Prerna Mehra) [#1771](https://github.com/parse-community/parse-dashboard/pull/1771)
+- Modernize CI (Manuel Trezza) [#1789](https://github.com/parse-community/parse-dashboard/pull/1789)
+- ci: Remove parse-server dev dependency (Manuel Trezza) [#1796](https://github.com/parse-community/parse-dashboard/pull/1796)
 
 # 2.2.0
 [Full Changelog](https://github.com/parse-community/parse-dashboard/compare/2.1.0...2.2.0)

Dockerfile

@@ -1,6 +1,6 @@
 #
 # --- Base Node Image ---
-FROM node:8-alpine AS base
+FROM node:lts-alpine AS base
 
 RUN apk update; \
   apk add git;
@@ -23,7 +23,7 @@ RUN npm run prepare && npm run build
 
 #
 # --- Production Image ---
-FROM node:8-alpine AS release
+FROM node:lts-alpine AS release
 WORKDIR /src
 
 # Copy production node_modules

Parse-Dashboard/Authentication.js

@@ -3,6 +3,7 @@ var bcrypt = require('bcryptjs');
 var csrf = require('csurf');
 var passport = require('passport');
 var LocalStrategy = require('passport-local').Strategy;
+const OTPAuth = require('otpauth')
 
 /**
  * Constructor for Authentication class
@@ -21,14 +22,22 @@ function initialize(app, options) {
   options = options || {};
   var self = this;
   passport.use('local', new LocalStrategy(
-    function(username, password, cb) {
+    {passReqToCallback:true},
+    function(req, username, password, cb) {
       var match = self.authenticate({
         name: username,
-        pass: password
+        pass: password,
+        otpCode: req.body.otpCode
       });
       if (!match.matchingUsername) {
         return cb(null, false, { message: 'Invalid username or password' });
       }
+      if (match.otpMissing) {
+        return cb(null, false, { message: 'Please enter your one-time password.' });
+      }
+      if (!match.otpValid) {
+        return cb(null, false, { message: 'Invalid one-time password.' });
+      }
       cb(null, match.matchingUsername);
     })
   );
@@ -82,6 +91,8 @@ function authenticate(userToTest, usernameOnly) {
   let appsUserHasAccessTo = null;
   let matchingUsername = null;
   let isReadOnly = false;
+  let otpMissing = false;
+  let otpValid = true;
 
   //they provided auth
   let isAuthenticated = userToTest &&
@@ -91,6 +102,22 @@ function authenticate(userToTest, usernameOnly) {
     this.validUsers.find(user => {
       let isAuthenticated = false;
       let usernameMatches = userToTest.name == user.user;
+      if (usernameMatches && user.mfa && !usernameOnly) {
+        if (!userToTest.otpCode) {
+          otpMissing = true;
+        } else {
+          const totp = new OTPAuth.TOTP({
+            algorithm: user.mfaAlgorithm || 'SHA1',
+            secret: OTPAuth.Secret.fromBase32(user.mfa)
+          });
+          const valid = totp.validate({
+            token: userToTest.otpCode
+          });
+          if (valid === null) {
+            otpValid = false;
+          }
+        }
+      }
       let passwordMatches = this.useEncryptedPasswords && !usernameOnly ? bcrypt.compareSync(userToTest.pass, user.pass) : userToTest.pass == user.pass;
       if (usernameMatches && (usernameOnly || passwordMatches)) {
         isAuthenticated = true;
@@ -99,13 +126,14 @@ function authenticate(userToTest, usernameOnly) {
         appsUserHasAccessTo = user.apps || null;
         isReadOnly = !!user.readOnly; // make it true/false
       }
-
       return isAuthenticated;
     }) ? true : false;
 
   return {
     isAuthenticated,
     matchingUsername,
+    otpMissing,
+    otpValid,
     appsUserHasAccessTo,
     isReadOnly,
   };