User.linkWith doesn't remove anonymous auth #1353
Comments
|
Thanks for reporting! Would you want to submit a PR with a failing test case for this, so we can verify the issue? |
|
Currently, the server isn't designed to handle this and the Client SDKs are expected to strip anonymous when linking: Objective-C SDK: https://github.com/parse-community/Parse-SDK-iOS-OSX/blob/2e4242c683e645a7d78ff37dd34398119178c0c5/Parse/Parse/PFUser.m#L862-L884 I think React-Native and Cloud Code depends on the JS SDK (I don't use React-Native, so I'm guessing). If so, it looks like the JS SDK is where the PR is needed as I currently only see it stripping anonymous when the username field is changed. It should do something similar to the name striping when linking occurs (you can use one of the aforementioned SDKs as a reference): JS SDK: Lines 338 to 346 in a1995ba |
|
React Native does use the JS SDK, but I'm referring to the Cloud Code in general in this case (since it is the same for whatever client-side is). I did observe the behavior of setUsername(...) clearing the anonymous field before, so I've been using a setUsername() call right after linking authData for a while as a sort of hack to clear the anonymous field, and that has been functional and stable so far 😅. I just pointed this issue out since it seems unintuitive. I was inspecting the cloud code repository before, but didn't know it was based on the JS SDK. That is new knowledge to me. As for the failing test case.. I'm not sure where to write it.. Also I don't think providing my own authToken would be a good idea. I don't know if this helps the test case thing though // Client side: Example with apple authentication
async function AppleSignInWithCredentials(creds: AppleAuthenticationCredential) {
const authData = { id: creds.user, token: creds.identityToken };
await Parse.Cloud.run('linkWithAccount', { provider: 'apple', authData });
}
// Server side: The linking function
Parse.Cloud.define('linkWithAccount', async (request) => {
const user = request.user;
if (!user) throw 'NoUser';
const provider = request.params.provider as string;
const authData = request.params.authData as any;
if (!provider) { throw 'NoProvider'; } else if (!authData) { throw 'NoAuthData'; }
await user.linkWith(provider, { authData }, {
useMasterKey: true,
sessionToken: user.getSessionToken()
});
/** This block of code solves the problem
* user.setUsername(user.getUsername() || user.id);
* await user.save(null, { useMasterKey: true });
*/
return { ok: true };
});
|
|
The change would then be necessary in the JS SDK.
You don't need a real token but can just mock the server response in the test. Or you can use an integration test which spins up a server. There are 2 tests necessary. Expect that auth field is stripped before calling
I will transfer this issue to the JS SDK for the PR to be made there. Thanks @cbaker6 for the in-depth analysis. |
mtrezza
changed the title
mtrezza
added
the
type:bug
New Issue Checklist
Issue Description
Calling user.linkWith() server-side doesn't remove the "anonymous" field from the authData object field, causing Parse.AnonymousUtils to still report the user as an Anonymous user.
Steps to reproduce
Actual Outcome
The authData field on Parse Database still has the "anonymous" field, resulting in Parse.AnonymousUtils to still report the user as an Anonymous user
Expected Outcome
Inpecting the authData field on Parse Database not have the anonymous field (should only have..)
Failing Test Case / Pull Request
Environment
Server
4.5.0Mac OS X Mojave 10.14.6HerokuDatabase
MongoDBFILL_THIS_OUTMongoDB AtlasClient
Javascript (React-Native)2.19.0Logs
The text was updated successfully, but these errors were encountered: