feat: Added autosignuponlogin by swittk · Pull Request #9873

feat: Added autosignuponlogin by swittk · Pull Request #9873 · parse-community/parse-server

📝 Walkthrough

Walkthrough

Adds a new server option autoSignupOnLogin, wires it into config, options, docs and typings, updates UsersRouter to automatically create a user on login-if-not-found, and adds tests (including a duplicated test block) and validation for the new option.

Changes

Cohort / File(s)	Summary
Tests: Auto-signup on login `spec/ParseUser.spec.js`	Adds a test "auto signs up user on login when enabled" that enables `autoSignupOnLogin`, performs REST login for a new username/password, asserts returned `username` and `sessionToken`, verifies login via `Parse.User.logIn`, then resets config. The test block is added twice (duplicate).
Config validation `src/Config.js`	Adds `autoSignupOnLogin` to options validation: introduces `validateAutoSignupOnLogin` and calls it from `validateOptions`.
Options definitions and docs `src/Options/Definitions.js`, `src/Options/docs.js`, `src/Options/index.js`	Adds public option `autoSignupOnLogin` (`PARSE_SERVER_AUTO_SIGNUP_ON_LOGIN`, boolean, default `false`) to definitions and docs; also exposes `emailVerifyTokenValidityDuration` in `index.js`.
Login flow: auto-signup `src/Routers/UsersRouter.js`	Extends `handleLogIn` to attempt auto-signup on `OBJECT_NOT_FOUND` when enabled: adds helpers `_getLoginPayload`, `_prepareAutoSignupCredentials`, `_autoSignupOnLogin`; creates temporary signup session, retries authentication, and attempts cleanup of the temp session token.
Type definitions `types/Options/index.d.ts`	Adds optional boolean `autoSignupOnLogin?: boolean` to `ParseServerOptions` typings.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Client
  participant UR as UsersRouter
  participant AU as AuthService
  participant UC as UserCreate
  participant SS as Sessions

  C->>UR: POST /login {username/email, password}
  UR->>AU: authenticate(credentials)
  AU-->>UR: Error OBJECT_NOT_FOUND
  alt autoSignupOnLogin enabled & username/password present
    UR->>UC: createUser(minimalCredentials)
    UC-->>UR: {userId, tempSessionToken}
    UR->>AU: authenticate(credentials)  -- retry after signup
    AU-->>UR: {sessionToken, user}
    UR->>SS: revoke(tempSessionToken)  -- best-effort cleanup
    SS-->>UR: OK / NOT_FOUND
    UR-->>C: 200 {sessionToken, user}
  else disabled or missing credentials
    UR-->>C: Error OBJECT_NOT_FOUND
  end

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Review UsersRouter changes carefully: new control flow, race conditions, and cleanup of temporary signup session token.
Confirm security/validation in _prepareAutoSignupCredentials to avoid unintended auto-creation (authData checks, email vs username handling).
Verify tests: duplicated test block should be deduplicated or justified.

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: Added autosignuponlogin' is specific to the feature being added and accurately describes the primary change in the changeset.
Description check	✅ Passed	The description includes the required Issue section with a linked issue, an Approach section explaining the changes, and marks the tasks checkbox. However, it lacks explicit mention of documentation updates and security checks that the template indicates as important.
Linked Issues check	✅ Passed	The PR implements the core requirement from issue #9560: an optional autoSignupOnLogin flag that creates users on login when no matching user exists. Configuration, validation, routing logic, tests, and type definitions have been added.
Out of Scope Changes check	✅ Passed	All changes are scoped to the autoSignupOnLogin feature as specified in issue #9560. The addition of emailVerifyTokenValidityDuration in Options/index.js appears incidental but does not conflict with the stated objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ast-grep (0.40.0)

spec/ParseUser.spec.js

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}