Skip to content

fix: Server crash from unhandled promise rejection when multiple Cloud Code validator fields fail#10540

Open
dblythy wants to merge 1 commit into
parse-community:alphafrom
dblythy:fix/validator-multiple-field-crash
Open

fix: Server crash from unhandled promise rejection when multiple Cloud Code validator fields fail#10540
dblythy wants to merge 1 commit into
parse-community:alphafrom
dblythy:fix/validator-multiple-field-crash

Conversation

@dblythy

@dblythy dblythy commented Jul 4, 2026

Copy link
Copy Markdown
Member

Closes #8826

Summary by CodeRabbit

  • Bug Fixes
    • Fixed an issue where validation failures involving multiple fields could trigger an unhandled rejection.
    • Invalid input now reliably returns a validation error without leaving behind unexpected async errors.

@parse-github-assistant

Copy link
Copy Markdown

🚀 Thanks for opening this pull request! We appreciate your effort in improving the project. Please let us know once your pull request is ready for review.

Tip

  • Keep pull requests small. Large PRs will be rejected. Break complex features into smaller, incremental PRs.
  • Use Test Driven Development. Write failing tests before implementing functionality. Ensure tests pass.
  • Group code into logical blocks. Add a short comment before each block to explain its purpose.
  • We offer conceptual guidance. Coding is up to you. PRs must be merge-ready for human review.
  • Our review focuses on concept, not quality. PRs with code issues will be rejected. Use an AI agent.
  • Human review time is precious. Avoid review ping-pong. Inspect and test your AI-generated code.

Note

Please respond to review comments from AI agents just like you would to comments from a human reviewer. Let the reviewer resolve their own comments, unless they have reviewed and accepted your commit, or agreed with your explanation for why the feedback was incorrect.

Caution

Pull requests must be written using an AI agent with human supervision. Pull requests written entirely by a human will likely be rejected, because of lower code quality, higher review effort and the higher risk of introducing bugs. Please note that AI review comments on this pull request alone do not satisfy this requirement. Our CI and AI review are safeguards, not development tools. If many issues are flagged, rethink your development approach. Invest more effort in planning and design rather than using review cycles to fix low-quality code.

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Fixes a server crash caused by an unhandled promise rejection when multiple Cloud Code validated fields fail simultaneously. Refactors field validation in builtInTriggerValidator to collect validation inputs before invoking Promise.all, and adds a regression test verifying no unhandled rejection occurs.

Changes

Validation rejection fix

Layer / File(s) Summary
Refactor field validation scheduling
src/triggers.js
Replaces immediate validateOptions promise creation with collection of [opt, key, val] tuples into optionValidations, then runs Promise.all(optionValidations.map(...)) after the loop.
Regression test for unhandled rejection
spec/CloudCode.Validator.spec.js
Adds a test that attaches an unhandledRejection listener, triggers a function with multiple invalid fields, asserts the rejection is a Parse.Error.VALIDATION_ERROR, verifies no unhandled rejections were captured, and removes the listener in finally.

Estimated code review effort: 2 (Simple) | ~10 minutes

Sequence Diagram(s)

sequenceDiagram
  participant CloudFunction
  participant builtInTriggerValidator
  participant validateOptions

  CloudFunction->>builtInTriggerValidator: invoke with multiple invalid fields
  loop for each field in options.fields
    builtInTriggerValidator->>builtInTriggerValidator: collect [opt, key, val] into optionValidations
  end
  builtInTriggerValidator->>validateOptions: Promise.all(optionValidations.map(validateOptions))
  validateOptions-->>builtInTriggerValidator: rejection reasons
  builtInTriggerValidator-->>CloudFunction: reject with VALIDATION_ERROR (no unhandled rejection)
Loading
🚥 Pre-merge checks | ✅ 5 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description only says "Closes #8826" and omits the required Issue, Approach, and Tasks sections. Fill in the template sections for Issue, Approach, and Tasks, and note the test/documentation/security checklist status as applicable.
Engage In Review Feedback ❓ Inconclusive Repo diff shows the fix and tests, but no review-thread history is available to verify discussion before resolving feedback. Provide the PR review comments or discussion history showing feedback was discussed and either implemented in a commit or retracted by the reviewer.
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title starts with the required "fix:" prefix and accurately describes the server crash fix.
Linked Issues check ✅ Passed The changes address #8826 by preventing unhandled rejections in multi-field validation failures and adding a regression test.
Out of Scope Changes check ✅ Passed The diff stays focused on the reported validation crash and its regression test with no unrelated code changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Security Check ✅ Passed Patch only changes validation scheduling and adds a regression test; no new auth, injection, or sensitive-data paths, and it reduces an unhandled-rejection crash risk.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Biome (2.5.1)
src/triggers.js

File contains syntax errors that prevent linting: Line 230: Type annotations are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 230: Type annotations are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 230: Type annotations are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 230: return types can only be used in TypeScript files


Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/triggers.js (1)

903-912: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Same latent pattern remains in the requireUserKeys branch.

This block still invokes validateOptions(...) immediately inside the loop before Promise.all, the same pattern that caused #8826 in the options.fields branch. It's not currently exploitable here since no other statement in this loop throws synchronously, but it's structurally fragile — any future addition of a synchronous check (e.g. a required validation) in this loop would reintroduce the same unhandled-rejection risk. Consider applying the same input-deferral pattern here for consistency.

♻️ Suggested consistency fix
   } else if (typeof userKeys === 'object') {
-    const optionPromises = [];
+    const optionValidations = [];
     for (const key in options.requireUserKeys) {
       const opt = options.requireUserKeys[key];
       if (opt.options) {
-        optionPromises.push(validateOptions(opt, key, reqUser.get(key)));
+        optionValidations.push([opt, key, reqUser.get(key)]);
       }
     }
-    await Promise.all(optionPromises);
+    await Promise.all(optionValidations.map(([o, k, v]) => validateOptions(o, k, v)));
   }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/triggers.js` around lines 903 - 912, The `requireUserKeys` branch in
`src/triggers.js` has the same eager-promise pattern as the earlier
`options.fields` fix: `validateOptions(...)` is being invoked directly inside
the loop before `Promise.all`, which can reintroduce unhandled-rejection risk if
a future synchronous check is added. Update the logic in this branch to defer
execution the same way as the `options.fields` path, collecting functions/thunks
(or equivalent deferred work) and only invoking `validateOptions` during the
`Promise.all` phase, keeping `userKeys` handling consistent and safe.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/triggers.js`:
- Around line 903-912: The `requireUserKeys` branch in `src/triggers.js` has the
same eager-promise pattern as the earlier `options.fields` fix:
`validateOptions(...)` is being invoked directly inside the loop before
`Promise.all`, which can reintroduce unhandled-rejection risk if a future
synchronous check is added. Update the logic in this branch to defer execution
the same way as the `options.fields` path, collecting functions/thunks (or
equivalent deferred work) and only invoking `validateOptions` during the
`Promise.all` phase, keeping `userKeys` handling consistent and safe.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4d4e34ea-7b2f-4ebd-a9aa-6101770f1c21

📥 Commits

Reviewing files that changed from the base of the PR and between 7e9d53a and 6a047b4.

📒 Files selected for processing (2)
  • spec/CloudCode.Validator.spec.js
  • src/triggers.js

@dblythy dblythy requested review from a team and mtrezza July 4, 2026 16:33
@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.66%. Comparing base (cce91e5) to head (6a047b4).
⚠️ Report is 1 commits behind head on alpha.

Additional details and impacted files
@@           Coverage Diff           @@
##            alpha   #10540   +/-   ##
=======================================
  Coverage   92.66%   92.66%           
=======================================
  Files         193      193           
  Lines       16981    16981           
  Branches      248      248           
=======================================
  Hits        15736    15736           
  Misses       1224     1224           
  Partials       21       21           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Multiple Validation failures causes server crash

1 participant