parse-community · dblythy · May 30, 2026 · May 30, 2026 · May 30, 2026
diff --git a/spec/Auth.spec.js b/spec/Auth.spec.js
@@ -114,20 +114,6 @@ describe('Auth', () => {
     expect(session.get('expiresAt') > expiry).toBeTrue();
   });
 
-  it('should load auth without a config', async () => {
-    const user = new Parse.User();
-    await user.signUp({
-      username: 'hello',
-      password: 'password',
-    });
-    expect(user.getSessionToken()).not.toBeUndefined();
-    const userAuth = await getAuthForSessionToken({
-      sessionToken: user.getSessionToken(),
-    });
-    expect(userAuth.user instanceof Parse.User).toBe(true);
-    expect(userAuth.user.id).toBe(user.id);
-  });
-
   it('should load auth with a config', async () => {
     const user = new Parse.User();
     await user.signUp({
@@ -146,29 +132,6 @@ describe('Auth', () => {
   describe('getRolesForUser', () => {
     const rolesNumber = 100;
 
-    it('should load all roles without config', async () => {
-      const user = new Parse.User();
-      await user.signUp({
-        username: 'hello',
-        password: 'password',
-      });
-      expect(user.getSessionToken()).not.toBeUndefined();
-      const userAuth = await getAuthForSessionToken({
-        sessionToken: user.getSessionToken(),
-      });
-      const roles = [];
-      for (let i = 0; i < rolesNumber; i++) {
-        const acl = new Parse.ACL();
-        const role = new Parse.Role('roleloadtest' + i, acl);
-        role.getUsers().add([user]);
-        roles.push(role);
-      }
-      const savedRoles = await Parse.Object.saveAll(roles);
-      expect(savedRoles.length).toBe(rolesNumber);
-      const cloudRoles = await userAuth.getRolesForUser();
-      expect(cloudRoles.length).toBe(rolesNumber);
-    });
-
     it('should load all roles with config', async () => {
       const user = new Parse.User();
       await user.signUp({

diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js
@@ -2673,6 +2673,19 @@ describe('beforeFind hooks', () => {
     });
   });
 
+  it('should preserve a falsy query override from beforeFind (limit 0)', async () => {
+    Parse.Cloud.beforeFind('MyObject', req => {
+      req.query.limit(0);
+    });
+
+    const obj0 = new Parse.Object('MyObject');
+    const obj1 = new Parse.Object('MyObject');
+    await Parse.Object.saveAll([obj0, obj1]);
+
+    const results = await new Parse.Query('MyObject').find();
+    expect(results.length).toBe(0);
+  });
+
   it('should have object found with nested relational data query', async () => {
     const obj1 = Parse.Object.extend('TestObject');
     const obj2 = Parse.Object.extend('TestObject2');

diff --git a/spec/ParseLiveQueryServer.spec.js b/spec/ParseLiveQueryServer.spec.js
@@ -1506,34 +1506,16 @@ describe('ParseLiveQueryServer', function () {
     };
     const requestId = 0;
 
-    spyOn(Parse, 'Query').and.callFake(function () {
-      let shouldReturn = false;
-      return {
-        equalTo() {
-          shouldReturn = true;
-          // Nothing to do here
-          return this;
+    // The user has the "liveQueryRead" role, but the ACL only grants read access
+    // to "otherLiveQueryRead", so it should not match.
+    spyOn(parseLiveQueryServer, 'getAuthForSessionToken').and.returnValue(
+      Promise.resolve({
+        userId: 'someUserId',
+        auth: {
+          getUserRoles: () => Promise.resolve(['role:liveQueryRead']),
         },
-        containedIn() {
-          shouldReturn = false;
-          return this;
-        },
-        find() {
-          if (!shouldReturn) {
-            return Promise.resolve([]);
-          }
-          //Return a role with the name "liveQueryRead" as that is what was set on the ACL
-          const liveQueryRole = new Parse.Role('liveQueryRead', new Parse.ACL());
-          liveQueryRole.id = 'abcdef1234';
-          return Promise.resolve([liveQueryRole]);
-        },
-      };
-    });
-
-    parseLiveQueryServer._matchesACL(acl, client, requestId).then(function (isMatched) {
-      expect(isMatched).toBe(false);
-      done();
-    });
+      })
+    );
 
     parseLiveQueryServer._matchesACL(acl, client, requestId).then(function (isMatched) {
       expect(isMatched).toBe(false);
@@ -1553,36 +1535,15 @@ describe('ParseLiveQueryServer', function () {
     };
     const requestId = 0;
 
-    spyOn(Parse, 'Query').and.callFake(function () {
-      let shouldReturn = false;
-      return {
-        equalTo() {
-          shouldReturn = true;
-          // Nothing to do here
-          return this;
-        },
-        containedIn() {
-          shouldReturn = false;
-          return this;
-        },
-        find() {
-          if (!shouldReturn) {
-            return Promise.resolve([]);
-          }
-          //Return a role with the name "liveQueryRead" as that is what was set on the ACL
-          const liveQueryRole = new Parse.Role('liveQueryRead', new Parse.ACL());
-          liveQueryRole.id = 'abcdef1234';
-          return Promise.resolve([liveQueryRole]);
-        },
-        each(callback) {
-          //Return a role with the name "liveQueryRead" as that is what was set on the ACL
-          const liveQueryRole = new Parse.Role('liveQueryRead', new Parse.ACL());
-          liveQueryRole.id = 'abcdef1234';
-          callback(liveQueryRole);
-          return Promise.resolve();
+    // The user has the "liveQueryRead" role, which the ACL grants read access to.
+    spyOn(parseLiveQueryServer, 'getAuthForSessionToken').and.returnValue(
+      Promise.resolve({
+        userId: 'someUserId',
+        auth: {
+          getUserRoles: () => Promise.resolve(['role:liveQueryRead']),
         },
-      };
-    });
+      })
+    );
 
     parseLiveQueryServer._matchesACL(acl, client, requestId).then(function (isMatched) {
       expect(isMatched).toBe(true);

diff --git a/spec/ParseRole.spec.js b/spec/ParseRole.spec.js
@@ -201,10 +201,6 @@ describe('Parse Role testing', () => {
     testLoadRoles(Config.get('test'), done);
   });
 
-  it('should recursively load roles without config', done => {
-    testLoadRoles(undefined, done);
-  });
-
   it('_Role object should not save without name.', done => {
     const role = new Parse.Role();
     role.save(null, { useMasterKey: true }).then(

diff --git a/spec/SessionTokenCache.spec.js b/spec/SessionTokenCache.spec.js
diff --git a/src/Auth.js b/src/Auth.js
@@ -154,32 +154,21 @@ const getAuthForSessionToken = async function ({
     }
   }
 
-  let results;
-  if (config) {
-    const restOptions = {
-      limit: 1,
-      include: 'user',
-    };
-    const RestQuery = require('./RestQuery');
-    const query = await RestQuery({
-      method: RestQuery.Method.get,
-      config,
-      runBeforeFind: false,
-      auth: master(config),
-      className: '_Session',
-      restWhere: { sessionToken },
-      restOptions,
-    });
-    results = (await query.execute()).results;
-  } else {
-    results = (
-      await new Parse.Query(Parse.Session)
-        .limit(1)
-        .include('user')
-        .equalTo('sessionToken', sessionToken)
-        .find({ useMasterKey: true })
-    ).map(obj => obj.toJSON());
-  }
+  const restOptions = {
+    limit: 1,
+    include: 'user',
+  };
+  const RestQuery = require('./RestQuery');
+  const query = await RestQuery({
+    method: RestQuery.Method.get,
+    config,
+    runBeforeFind: false,
+    auth: master(config),
+    className: '_Session',
+    restWhere: { sessionToken },
+    restOptions,
+  });
+  const results = (await query.execute()).results;
 
   if (results.length !== 1 || !results[0]['user']) {
     throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token');
@@ -267,29 +256,23 @@ Auth.prototype.getUserRoles = function () {
 Auth.prototype.getRolesForUser = async function () {
   //Stack all Parse.Role
   const results = [];
-  if (this.config) {
-    const restWhere = {
-      users: {
-        __type: 'Pointer',
-        className: '_User',
-        objectId: this.user.id,
-      },
-    };
-    const RestQuery = require('./RestQuery');
-    const query = await RestQuery({
-      method: RestQuery.Method.find,
-      runBeforeFind: false,
-      config: this.config,
-      auth: master(this.config),
-      className: '_Role',
-      restWhere,
-    });
-    await query.each(result => results.push(result));
-  } else {
-    await new Parse.Query(Parse.Role)
-      .equalTo('users', this.user)
-      .each(result => results.push(result.toJSON()), { useMasterKey: true });
-  }
+  const restWhere = {
+    users: {
+      __type: 'Pointer',
+      className: '_User',
+      objectId: this.user.id,
+    },
+  };
+  const RestQuery = require('./RestQuery');
+  const query = await RestQuery({
+    method: RestQuery.Method.find,
+    runBeforeFind: false,
+    config: this.config,
+    auth: master(this.config),
+    className: '_Role',
+    restWhere,
+  });
+  await query.each(result => results.push(result));
   return results;
 };
 
@@ -355,37 +338,24 @@ Auth.prototype.clearRoleCache = function (sessionToken) {
 Auth.prototype.getRolesByIds = async function (ins) {
   const results = [];
   // Build an OR query across all parentRoles
-  if (!this.config) {
-    await new Parse.Query(Parse.Role)
-      .containedIn(
-        'roles',
-        ins.map(id => {
-          const role = new Parse.Object(Parse.Role);
-          role.id = id;
-          return role;
-        })
-      )
-      .each(result => results.push(result.toJSON()), { useMasterKey: true });
-  } else {
-    const roles = ins.map(id => {
-      return {
-        __type: 'Pointer',
-        className: '_Role',
-        objectId: id,
-      };
-    });
-    const restWhere = { roles: { $in: roles } };
-    const RestQuery = require('./RestQuery');
-    const query = await RestQuery({
-      method: RestQuery.Method.find,
-      config: this.config,
-      runBeforeFind: false,
-      auth: master(this.config),
+  const roles = ins.map(id => {
+    return {
+      __type: 'Pointer',
       className: '_Role',
-      restWhere,
-    });
-    await query.each(result => results.push(result));
-  }
+      objectId: id,
+    };
+  });
+  const restWhere = { roles: { $in: roles } };
+  const RestQuery = require('./RestQuery');
+  const query = await RestQuery({
+    method: RestQuery.Method.find,
+    config: this.config,
+    runBeforeFind: false,
+    auth: master(this.config),
+    className: '_Role',
+    restWhere,
+  });
+  await query.each(result => results.push(result));
   return results;
 };