Skip to content

Updating anonymous user's passwords revoke session #1584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
thibauddavid opened this issue Apr 21, 2016 · 3 comments
Closed

Updating anonymous user's passwords revoke session #1584

thibauddavid opened this issue Apr 21, 2016 · 3 comments
Labels
type:question Support or code-level question

Comments

@thibauddavid
Copy link

thibauddavid commented Apr 21, 2016
edited
Loading

Hi,

I've figured out that when converting anonymous user to "normal" user by associating an username and a password, saveInBackround deletes current user session. As a result, subsequent calls to server aren't properly authentified. This is getting fixed by login-in user again, which is an unnecessary call to server

Environment Setup

Parse-Server v2.2.7

Steps to reproduce

[PFUser enableAutomaticUser];
[PFAnonymousUtils logInWithBlock:^(PFUser * _Nullable anonymousUser, NSError * _Nullable error)
{
    NSLog(@"Anonymous user id %@", anonymousUser.objectId);

    PFObject *object = [PFObject objectWithClassName:@"test"];
    [object setACL:[PFACL ACLWithUser:anonymousUser]];
    [object saveInBackgroundWithBlock:^(BOOL succeeded, NSError * _Nullable error)
     {
         NSLog(@"Saved object %@", object.objectId);

         [object fetch:&error];
         NSLog(@"This error should be nil %@", error);

         anonymousUser.username = @"foo";
         anonymousUser.password = @"bar";
         [anonymousUser saveInBackgroundWithBlock:^(BOOL succeeded, NSError * _Nullable error)
          {
              NSLog(@"Anonymous user id after saving should be equal %@", anonymousUser.objectId);

              [object fetch:&error];
              NSLog(@"This error should be nil too, but isn't  %@", error);

              [PFUser logInWithUsernameInBackground:@"foo" password:@"bar" block:^(PFUser * _Nullable user, NSError * _Nullable error)
              {
                  [object fetch:&error];
                  NSLog(@"This time no error : %@, the session is properly setup", error);
              }];
          }];
     }];
}];

Logs/Trace

--> Anonymous user id StojNuKD0v
--> Saved object tCutJBW281
--> This error should be nil (null)
--> Anonymous user id after saving should be equal StojNuKD0v
--> [Error]: Object not found. (Code: 101, Version: 1.13.0)
--> This error should be nil too, but isn't Error Domain=Parse Code=101 "Object not found." UserInfo={code=101, temporary=0, error=Object not found., NSLocalizedDescription=Object not found.}
--> This time no error : (null), the session is properly setup

This is also seenable in databrowser as the session gets deleted after anonymousUser saveInBackgroundWithBlock

Edit: removed dates from log for clarity
@drew-gross
Copy link
Contributor

This is the "Revoke Session on Password Reset" behaviour that can be turned off in Parse.com, but is mandatory in Parse Server. I'll work on a PR to add this feature.

@thibauddavid
Copy link
Author

The only information I found about this is Revoke session on password change - This is not yet available in Parse Server. here , which I interpreted as "disabled by default".

Maybe this page should be updated for more clarity ?

@drew-gross
Copy link
Contributor

Yep. Done.

@mtrezza mtrezza added type:question Support or code-level question and removed 🔧 troubleshooting labels Jul 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:question Support or code-level question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@flovilmart @drew-gross @mtrezza @thibauddavid