_linkWith fails to create a session for existing users

elios264 commented 5 years ago

Issue Description

_linkWith on an existing user returns user with no sessionToken

Steps to reproduce

1.- have an user in db 2.- fetch it with a query 3.- call _linkWith on it

Expected Results

for the user object to have a sessionToken prop just like new users.

Actual Outcome

_linkWith returns no sessionToken

Environment Setup

Server
- parse-server version (Be specific! Don't say 'latest'.) : 3.4.4
- Operating System: windows
- Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): everywhere
Database
- MongoDB version: mongo atlas db OUT]

Logs/Trace

Screen Shot 2019-07-09 at 15 20 26

dplewis commented 5 years ago

Have you tried using MasterKey on _linkWith?

https://github.com/ParsePlatform/parse-server/pull/2348

elios264 commented 5 years ago

I'm using the master key

const masterPermissions = { useMasterKey: true };

dplewis commented 5 years ago

I'm unable to reproduce this. Can you write a failing test here? or Post server logs VERBOSE=1

elios264 commented 5 years ago

these are the logs, let my try to create a failing test, the cloud fn is called: authorize-ids-user

{"level":"verbose","message":"Support key pairs","timestamp":"2019-07-09T23:15:03.376Z"}
{"level":"info","message":"Parse LiveQuery Server starts running","timestamp":"2019-07-09T23:15:03.389Z"}
{"method":"POST","url":"/api/functions/authorize-ids-user","headers":{"host":"localhost","connection":"keep-alive","content-length":"1224","origin":"http://localhost","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","content-type":"text/plain","accept":"*/*","referer":"http://localhost/admin/login","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9,es;q=0.8,fr;q=0.7","cookie":"_ga=GA1.1.1560418375.1553189120; session=eyJjc3JmU2VjcmV0IjoiOXhpNGNHY3gzRG1mMi1BUTA1TWlXSzY1IiwiZmxhc2giOnt9LCJwYXNzcG9ydCI6eyJ1c2VyIjoicm9vdCJ9fQ==; session.sig=MZ1uGW_jxkKS9QmUXUgieqYRDZs"},"body":{"access_token":"thetoken","expires_in":"9000000","scope":"protectedData","token_type":"Bearer"},"level":"verbose","message":"REQUEST for [POST] /api/functions/authorize-ids-user: {\n  \"access_token\": \"thetoken\",\n  \"expires_in\": \"9000000\",\n  \"scope\": \"protectedData\",\n  \"token_type\": \"Bearer\"\n}","timestamp":"2019-07-09T23:15:44.225Z"}
{"method":"GET","url":"/api/classes/_User","headers":{"user-agent":"node-XMLHttpRequest, Parse/js2.4.0 (NodeJS 12.4.0)","accept":"*/*","content-type":"text/plain","host":"localhost:80","content-length":"263","connection":"close"},"body":{"where":{"authData.ids.id":"siomara@altomobile.io"},"limit":1},"level":"verbose","message":"REQUEST for [GET] /api/classes/_User: {\n  \"where\": {\n    \"authData.ids.id\": \"siomara@altomobile.io\"\n  },\n  \"limit\": 1\n}","timestamp":"2019-07-09T23:15:44.238Z"}
{"result":{"response":{"results":[{"objectId":"tdm5YXuzNe","name":"Siomara Jimenez","username":"yGoB5FDosi9bdGw1X6kyahOnm","authData":{"ids":{"id":"siomara@altomobile.io","token":"thetoken"}},"createdAt":"2019-07-05T22:42:06.317Z","updatedAt":"2019-07-09T23:14:04.772Z","lastActivity":{"__type":"Date","iso":"2019-07-09T23:12:24.706Z"},"ACL":{"*":{"read":true},"tdm5YXuzNe":{"read":true,"write":true}}}]}},"level":"verbose","message":"RESPONSE from [GET] /api/classes/_User: {\n  \"response\": {\n    \"results\": [\n      {\n        \"objectId\": \"tdm5YXuzNe\",\n        \"name\": \"Siomara Jimenez\",\n        \"username\": \"yGoB5FDosi9bdGw1X6kyahOnm\",\n        \"authData\": {\n          \"ids\": {\n            \"id\": \"siomara@altomobile.io\",\n            \"token\": \"thetoken.\"\n          }\n        },\n        \"createdAt\": \"2019-07-05T22:42:06.317Z\",\n        \"updatedAt\": \"2019-07-09T23:14:04.772Z\",\n        \"lastActivity\": {\n          \"__type\": \"Date\",\n          \"iso\": \"2019-07-09T23:12:24.706Z\"\n        },\n        \"ACL\": {\n          \"*\": {\n            \"read\": true\n          },\n          \"tdm5YXuzNe\": {\n            \"read\": true,\n            \"write\": true\n          }\n        }\n      }\n    ]\n  }\n}","timestamp":"2019-07-09T23:15:44.395Z"}
{"method":"PUT","url":"/api/classes/_User/tdm5YXuzNe","headers":{"user-agent":"node-XMLHttpRequest, Parse/js2.4.0 (NodeJS 12.4.0)","accept":"*/*","content-type":"text/plain","host":"localhost:80","content-length":"1262","connection":"close"},"body":{"authData":{"ids":{"id":"siomara@altomobile.io","token":"thetoken"}}},"level":"verbose","message":"REQUEST for [PUT] /api/classes/_User/tdm5YXuzNe: {\n  \"authData\": {\n    \"ids\": {\n      \"id\": \"siomara@altomobile.io\",\n      \"token\": \"thetoken\"\n    }\n  }\n}","timestamp":"2019-07-09T23:15:44.406Z"}
{"className":"_User","triggerType":"beforeSave","level":"info","message":"beforeSave triggered for _User for user undefined:\n  Input: {\"name\":\"Siomara Jimenez\",\"username\":\"yGoB5FDosi9bdGw1X6kyahOnm\",\"authData\":{\"ids\":{\"id\":\"siomara@altomobile.io\",\"token\":\"thetokeneh... (truncated)\n  Result: {\"object\":{\"authData\":{\"ids\":{\"id\":\"siomara@altomobile.io\",\"token\":\"thetoken... (truncated)","timestamp":"2019-07-09T23:15:45.230Z"}
{"className":"_User","triggerType":"afterSave","level":"info","message":"afterSave triggered for _User for user undefined:\n  Input: {\"name\":\"Siomara Jimenez\",\"username\":\"yGoB5FDosi9bdGw1X6kyahOnm\",\"authData\":{\"ids\":{\"id\":\"siomara@altomobile.io\",\"token\":\"thetoken... (truncated)","timestamp":"2019-07-09T23:15:45.399Z"}
{"className":"_User","triggerType":"afterSave","level":"info","message":"afterSave triggered for _User for user undefined:\n  Input: {\"name\":\"Siomara Jimenez\",\"username\":\"yGoB5FDosi9bdGw1X6kyahOnm\",\"authData\":{\"ids\":{\"id\":\"siomara@altomobile.io\",\"token\":\"thetoken... (truncated)\n  Result: {}","timestamp":"2019-07-09T23:15:45.400Z"}
{"level":"verbose","message":"Raw request from cloud code current : %j | original : %j","timestamp":"2019-07-09T23:15:45.401Z"}
{"level":"verbose","message":"Subscribe messsage %j","timestamp":"2019-07-09T23:15:45.402Z"}
{"level":"verbose","message":"5933b96b444448abb9e6c07aa0477541afterSave is triggered","timestamp":"2019-07-09T23:15:45.403Z"}
{"level":"verbose","message":"ClassName: %s | ObjectId: %s","timestamp":"2019-07-09T23:15:45.403Z"}
{"level":"verbose","message":"Current client number : %d","timestamp":"2019-07-09T23:15:45.403Z"}
{"result":{"response":{"updatedAt":"2019-07-09T23:15:44.552Z"}},"level":"verbose","message":"RESPONSE from [PUT] /api/classes/_User/tdm5YXuzNe: {\n  \"response\": {\n    \"updatedAt\": \"2019-07-09T23:15:44.552Z\"\n  }\n}","timestamp":"2019-07-09T23:15:45.404Z"}
{"functionName":"authorize-ids-user","params":{"access_token":"thetoken","expires_in":"9000000","scope":"protectedData","token_type":"Bearer"},"level":"info","message":"Ran cloud function authorize-ids-user for user undefined with:\n  Input: {\"access_token\":\"thetoken.... (truncated)\n  Result: {\"success\":true,\"user\":{\"name\":\"Siomara Jimenez\",\"username\":\"yGoB5FDosi9bdGw1X6kyahOnm\",\"authData\":{\"ids\":{\"id\":\"siomara@altomobile.io\",\"token\":\"thetoken... (truncated)","timestamp":"2019-07-09T23:15:45.412Z"}
{"result":{"response":{"result":{"success":true,"user":{"name":"Siomara Jimenez","username":"yGoB5FDosi9bdGw1X6kyahOnm","authData":{"ids":{"id":"siomara@altomobile.io","token":"thetoken"}},"createdAt":"2019-07-05T22:42:06.317Z","updatedAt":"2019-07-09T23:15:44.552Z","lastActivity":{"__type":"Date","iso":"2019-07-09T23:12:24.706Z"},"ACL":{"*":{"read":true},"tdm5YXuzNe":{"read":true,"write":true}},"objectId":"tdm5YXuzNe"}}}},"level":"verbose","message":"RESPONSE from [POST] /api/functions/authorize-ids-user: {\n  \"response\": {\n    \"result\": {\n      \"success\": true,\n      \"user\": {\n        \"name\": \"Siomara Jimenez\",\n        \"username\": \"yGoB5FDosi9bdGw1X6kyahOnm\",\n        \"authData\": {\n          \"ids\": {\n            \"id\": \"siomara@altomobile.io\",\n            \"token\": \"thetoken\"\n          }\n        },\n        \"createdAt\": \"2019-07-05T22:42:06.317Z\",\n        \"updatedAt\": \"2019-07-09T23:15:44.552Z\",\n        \"lastActivity\": {\n          \"__type\": \"Date\",\n          \"iso\": \"2019-07-09T23:12:24.706Z\"\n        },\n        \"ACL\": {\n          \"*\": {\n            \"read\": true\n          },\n          \"tdm5YXuzNe\": {\n            \"read\": true,\n            \"write\": true\n          }\n        },\n        \"objectId\": \"tdm5YXuzNe\"\n      }\n    }\n  }\n}","timestamp":"2019-07-09T23:15:45.415Z"}
{"method":"POST","url":"/api/functions/set-last-activity-now","headers":{"host":"localhost","connection":"keep-alive","content-length":"137","origin":"http://localhost","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","content-type":"text/plain","accept":"*/*","referer":"http://localhost/admin/managers","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9,es;q=0.8,fr;q=0.7","cookie":"_ga=GA1.1.1560418375.1553189120; session=eyJjc3JmU2VjcmV0IjoiOXhpNGNHY3gzRG1mMi1BUTA1TWlXSzY1IiwiZmxhc2giOnt9LCJwYXNzcG9ydCI6eyJ1c2VyIjoicm9vdCJ9fQ==; session.sig=MZ1uGW_jxkKS9QmUXUgieqYRDZs"},"body":{},"level":"verbose","message":"REQUEST for [POST] /api/functions/set-last-activity-now: {}","timestamp":"2019-07-09T23:15:45.536Z"}
{"functionName":"set-last-activity-now","params":{},"level":"info","message":"Ran cloud function set-last-activity-now for user undefined with:\n  Input: {}\n  Result: false","timestamp":"2019-07-09T23:15:45.536Z"}
{"result":{"response":{"result":false}},"level":"verbose","message":"RESPONSE from [POST] /api/functions/set-last-activity-now: {\n  \"response\": {\n    \"result\": false\n  }\n}","timestamp":"2019-07-09T23:15:45.537Z"}
{"method":"GET","url":"/api/classes/_User","headers":{"host":"localhost","connection":"keep-alive","content-length":"164","origin":"http://localhost","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","content-type":"text/plain","accept":"*/*","referer":"http://localhost/admin/managers","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9,es;q=0.8,fr;q=0.7","cookie":"_ga=GA1.1.1560418375.1553189120; session=eyJjc3JmU2VjcmV0IjoiOXhpNGNHY3gzRG1mMi1BUTA1TWlXSzY1IiwiZmxhc2giOnt9LCJwYXNzcG9ydCI6eyJ1c2VyIjoicm9vdCJ9fQ==; session.sig=MZ1uGW_jxkKS9QmUXUgieqYRDZs"},"body":{"where":{}},"level":"verbose","message":"REQUEST for [GET] /api/classes/_User: {\n  \"where\": {}\n}","timestamp":"2019-07-09T23:15:45.539Z"}
{"level":"verbose","message":"Request: %j","timestamp":"2019-07-09T23:15:45.542Z"}
{"level":"info","message":"Create new client: 6edb2f8b-1ff8-4c85-ba0e-c29db14ee179","timestamp":"2019-07-09T23:15:45.545Z"}
{"level":"verbose","message":"Push Response : %j","timestamp":"2019-07-09T23:15:45.546Z"}
{"level":"verbose","message":"Request: %j","timestamp":"2019-07-09T23:15:45.547Z"}
{"level":"info","message":"Create new client: 4f6321c4-8560-47db-9c38-eb6d8fdfcd4b","timestamp":"2019-07-09T23:15:45.547Z"}
{"level":"verbose","message":"Push Response : %j","timestamp":"2019-07-09T23:15:45.547Z"}
{"method":"GET","url":"/api/classes/Resource","headers":{"host":"localhost","connection":"keep-alive","content-length":"164","origin":"http://localhost","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","content-type":"text/plain","accept":"*/*","referer":"http://localhost/admin/managers","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9,es;q=0.8,fr;q=0.7","cookie":"_ga=GA1.1.1560418375.1553189120; session=eyJjc3JmU2VjcmV0IjoiOXhpNGNHY3gzRG1mMi1BUTA1TWlXSzY1IiwiZmxhc2giOnt9LCJwYXNzcG9ydCI6eyJ1c2VyIjoicm9vdCJ9fQ==; session.sig=MZ1uGW_jxkKS9QmUXUgieqYRDZs"},"body":{"where":{}},"level":"verbose","message":"REQUEST for [GET] /api/classes/Resource: {\n  \"where\": {}\n}","timestamp":"2019-07-09T23:15:45.553Z"}
{"level":"verbose","message":"Request: %j","timestamp":"2019-07-09T23:15:45.554Z"}
{"level":"verbose","message":"Push Response : %j","timestamp":"2019-07-09T23:15:45.555Z"}
{"level":"verbose","message":"Create client 6edb2f8b-1ff8-4c85-ba0e-c29db14ee179 new subscription: 1","timestamp":"2019-07-09T23:15:45.555Z"}
{"level":"verbose","message":"Current client number: %d","timestamp":"2019-07-09T23:15:45.555Z"}
{"level":"verbose","message":"Request: %j","timestamp":"2019-07-09T23:15:45.556Z"}
{"level":"verbose","message":"Push Response : %j","timestamp":"2019-07-09T23:15:45.556Z"}
{"level":"verbose","message":"Create client 4f6321c4-8560-47db-9c38-eb6d8fdfcd4b new subscription: 1","timestamp":"2019-07-09T23:15:45.556Z"}
{"level":"verbose","message":"Current client number: %d","timestamp":"2019-07-09T23:15:45.556Z"}
{"message":"Parse error: Permission denied for action find on class _User.","code":119,"level":"error","stack":"Error: Permission denied for action find on class _User.\n    at Function.validatePermission (/Users/elios264/Desktop/alto/promo-panel/node_modules/parse-server/lib/Controllers/SchemaController.js:1223:11)\n    at SchemaController.validatePermission (/Users/elios264/Desktop/alto/promo-panel/node_modules/parse-server/lib/Controllers/SchemaController.js:1228:29)\n    at /Users/elios264/Desktop/alto/promo-panel/node_modules/parse-server/lib/Controllers/DatabaseController.js:1053:65\n    at processTicksAndRejections (internal/process/task_queues.js:89:5)","timestamp":"2019-07-09T23:15:45.626Z"}
{"message":"Parse error: Permission denied for action find on class Resource.","code":119,"level":"error","stack":"Error: Permission denied for action find on class Resource.\n    at Function.validatePermission (/Users/elios264/Desktop/alto/promo-panel/node_modules/parse-server/lib/Controllers/SchemaController.js:1223:11)\n    at SchemaController.validatePermission (/Users/elios264/Desktop/alto/promo-panel/node_modules/parse-server/lib/Controllers/SchemaController.js:1228:29)\n    at /Users/elios264/Desktop/alto/promo-panel/node_modules/parse-server/lib/Controllers/DatabaseController.js:1053:65\n    at processTicksAndRejections (internal/process/task_queues.js:89:5)","timestamp":"2019-07-09T23:15:45.628Z"}

elios264 commented 5 years ago

How do I config the mongo db uri to enable testing?

davimacedo commented 5 years ago

You need to have a mongo running at mongodb://localhost:27017. The test will create/use two databases: parse and parseServerMongoAdapterTestDatabase

dplewis commented 5 years ago

@elios264 In your logs I see a permission denied error.

elios264 commented 5 years ago

that’s the consequence of parse-server not returning a sessionToken, the client app tries to make some requests after linking but fails since linkwith returned no sessionToken

dplewis commented 5 years ago

I was able to reproduce this issue.

Calling _linkWith on an existing user is like doing object.set('authData', authData) with validation. I think it should be alright to generate a sessionToken in this case.

@acinader @davimacedo Thoughts?

davimacedo commented 5 years ago

Yes. I think we should as described here.

elios264 commented 5 years ago

also if you don't want to have to make a breaking change, is there a way to create a session for a user in cloud code?

acinader commented 5 years ago

this could be a textbook example of opensource bug triage and fixing. wow.

parse-github-assistant[bot] commented 2 years ago

The label type:feature cannot be used in combination with type:bug.

parse-community / parse-server