parse-community · mtrezza · Nov 18, 2023 · Mar 6, 2024 · Mar 6, 2024 · Mar 6, 2024
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -49,7 +49,7 @@
     "mongodb": "5.9.0",
     "mustache": "4.2.0",
     "otpauth": "9.2.2",
-    "parse": "4.1.0",
+    "parse": "5.0.0-alpha.2",
     "path-to-regexp": "6.2.1",
     "pg-monitor": "2.0.0",
     "pg-promise": "11.5.4",

diff --git a/src/RestWrite.js b/src/RestWrite.js
@@ -524,8 +524,7 @@ RestWrite.prototype.handleAuthData = async function (authData) {
   const results = this.filteredObjectsByACL(r);
 
   if (results.length > 1) {
-    // To avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5
-    // Let's run some validation before throwing
+    // Run validation before throwing to avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5
     await Auth.handleAuthDataValidation(authData, this, results[0]);
     throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED, 'this auth is already used');
   }
@@ -546,6 +545,10 @@ RestWrite.prototype.handleAuthData = async function (authData) {
   if (results.length === 1) {
     const userId = this.getUserId();
     const userResult = results[0];
+
+    // Run validation to avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5
+    await Auth.handleAuthDataValidation(authData, this, userResult);
+
     // Prevent duplicate authData id
     if (userId && userId !== userResult.objectId) {
       throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED, 'this auth is already used');