Parse OS X Client and Cloud Code Disagree About User Being Logged In

[iosdev-republicofapps]

Hi,

I have code that checks the user locally in my OS X client before making a cloud code call and:

// Returns non-nil
[PFUser currentUser]

// Returns YES
[PFUser currentUser].isAuthenticated

So from the client code's perspective, the user is clearly known, authenticated and logged in.

However, when I call the rateTheme method from the client code, the cloud code on the server claims the request has no user:

Parse.Cloud.define("rateTheme", function(request, response) {
  var user = request.user;
  console.log("rateTheme: user is '" + user + "'");
  if (!user) {
    // This gets executed, because the cloud code thinks the user is not authenticated.
    // Returns error 141
    response.error("You must be signed in to rate a theme.");
  }
 else
{
  // This does NOT get executed
}

So why does the server cloud code think the user is not logged in when the client code does think it is logged in? This is 100% reproducible. I haven't used my app for some time, so is it possible that the client user session "expired" somehow and just didn't realize it?

From lldb:

(bool) $4 = true
(lldb) po [PFUser currentUser]
<PFUser: 0x600000103720, objectId: 1u4IWxELXr, localId: (null)> {
    email = "joeltest54@test.com";
    myThemes =     (
        r6CAi8vPxj,
        Nq86u49Qcv,
        uCBFZRejA5,
        D7uRmfD77b,
        Vce5TTXI7M
    );
    username = joeltest54;
}

(lldb) p [(PFUser *)[PFUser currentUser] isAuthenticated] == YES
(bool) $6 = true

I also did a clean build and re-ran and then this happened, in Xcode debug build. Any chance something odd is happening there?

This seems like a Parse bug. I have no way of verifying if the user is logged in locally if I can't trust the client and server to agree if the user is logged in.

Also, trying to save the user (by adding a theme to the user's list of themes, stored on the user) returns an error, error

Error 206: Parse::UserCannotBeAlteredWithoutSessionError

Any ideas?

Thanks!

[nlutsenko]

Hey @iosdev-republicofapps, this would happen on the server, if your client session token was revoked (if you have revokable sessions enabled).
Cloud Code won't treat it as logged in user, since the session token is invalid.
The error that you get on saving your user also specifies exactly this.

[PFUser currentUser].authenticated call is there to validate the local assumption about the user (whether it was logged in or not), but it doesn't make a network call and can't validate the fact that the session token was revoked.

One note about revokable session tokens - they don't expire in a reasonable amount of time (they do after 1 year of inactivity).

I would double check your logic on logging in/signing up.
Let me know if there is any more info that we can go from.

[parse-github-bot]

Thank you for your feedback. We prioritize issues that have clear and concise repro steps. Please see our Bug Reporting Guidelines about what information should be added to this issue.

Please try the latest SDK. Our release notes have details about what issues were fixed in each release.

In addition, you might find the following resources helpful:

• Documentation: https://www.parse.com/docs
• Google Groups: https://groups.google.com/forum/#!forum/parse-developers
• Stack Overflow: http://stackoverflow.com/tags/parse.com

[iosdev-republicofapps]

@nlutsenko - I don't use revocable sessions. All of "Require revocable sessions, Expire inactive sessions after 1 year and Revoke existing session tokens when user changes password" are all set to No.

I haven't revoked any sessions. I wouldn't even know how to revoke a session.

I don't have any special logic for logging in or signing up. I just follow the examples you give in your tutorials. I'm only using your Parse functions for login and signup. Nothing special.

I am definitely not messing with the sessions on either the client or server end. I have seen this issue before with other versions of your SDK.

Any idea what could be going on?

Would doing a clean build in Xcode possibly cause this? Or blowing away the derived data dir for Xcode? I have done clean builds but haven't messed with derived data.

[nlutsenko]

This might be related to issues with Keychain storage.
Could you try logging a sessionToken from your [PFUser currentUser]?
Cleaning derived data + deleting the app locally on the phone would be a good troubleshooting step.

Let me know how it goes for you.

[nlutsenko]

Ow... Also, since it's a OS X app - could you make sure that you have access to keychain from that app? (denying access would void storage of session token for the user).

[iosdev-republicofapps]

@nlutsenko I did have a sessionToken in my debug window but it got cleared out when I rebuilt. Any way to recover that?

Also, is there a programmatic way to ensure keychain access for an OS X app, or do you mean I should allow the keychain access if the OS prompts me for it the first time Parse tries to use the keychain? I don't recall seeing that dialog asking for keychain access, but I would not have said no to the dialog if it did ask for permission.

[nlutsenko]

The item that we store content should look like this: $APP_BUNDLE_ID.com.parse.sdk.

• Look for it in the Keychain Access.app
• Open
• Access Control
• Is your app listed in the list below?
• If not - try testing with the change for Access Control to Allow all applications to access this item

[nlutsenko]

@iosdev-republicofapps If you can't seem to figure it out - could you share your app with me? I might be able to help you if i see the code closely. Running our sample app and agreeing to the keychain prompt seems to work great for me.

[iosdev-republicofapps]

Checked all this. The parse keychain element is there.

Any other ideas?

[parse-github-bot]

This issue has not been updated for 7 days. If you have additional information to help pinpoint this issue as an SDK bug, please comment on this issue. We will close this issue in 7 days if no additional information is provided. Thank you for your feedback.

[nlutsenko]

Not quite at this point, no. If you add the small project where you can reproduce the issue here, I might be able to help you further, but at this point - the only thing that comes to my mind is wrong entitlements specified on the application.

[parse-github-bot]

This issue has not been updated for 7 days. If you have additional information to help pinpoint this issue as an SDK bug, please comment on this issue. We will close this issue in 7 days if no additional information is provided. Thank you for your feedback.

[parse-github-bot]

We are closing this issue due to another 7 days of inactivity. If you have additional information to help pinpoint this issue as an SDK bug, please reopen it with the additional information.Thank you for your feedback.

[bourquep]

I am experiencing the exact same problem in an iOS application. Same circumstances:

• I am not using revocable session tokens
• PFUser.currentUser is non-nil
• isAuthenticated returns true
• My Cloud Function's request.user is null

Since you mention the keychain, could this start happening to a user after restoring a device backup from iCloud or iTunes on a different device? I'll need to dig a little more into the iOS keychain docs to know for sure, but I believe that when restoring to a different device, keychain data is not preserved.

Will keep you posted.

[nlutsenko]

@bourquep, please do. I am very interested in what you find.

[mseijas]

I'm experiencing the exact same issue. Has anyone been able to find a solution for this?

[joeyslack]

My request.user is null in my aftersave hook in my cloud code. The strangest part is, in the same aftersave hook, in a different conditional, the request.user works fine. Something is broken. Hate to see these threads continuously closed.