Failed signup attempt with anonymous ParseUser leaves it in inconsistent state

[yuzeh]

Hi,

Whenever a signup fails with an anonymous ParseUser, I've noticed a couple of things:

• The app will still have a session token for that user which has been invalidated by the server (any CloudFunction call will error with an "invalid session token" message).
• The user is not considered anonymous anymore! Calling ParseAnonymousUtils.isLinked(ParseUser.current()) returns false.

Reproduction steps:

• Enable anonymous users.
• Save the current (anonymous) user to the backend. (Not sure if this is important, but this is what our app will do).
• Trigger a failed signup attempt. I've only tried signing up with a username that already exists.
• Read the value of ParseAnonymousUtils.isLinked(ParseUser.current()).

From my understanding, the last value should be true, but is actually false.

These things are troubling because we are using ParseAnonymousUtils.isLinked(ParseUser.current()) to determine if the user is currently logged in registered (user is logged in registered iff that returns false).

Two questions:

• Is !ParseAnonymousUtils.isLinked(ParseUser.current()) the right way to determine if a previously anonymous user is logged in registered?
• If not, what is the right way? If so, is the current behavior I'm seeing in fact a bug?

[yuzeh]

Did some more investigating into the source code:

• Looks like saving the user to the backend before attempting signup is important to triggering this issue: https://github.com/ParsePlatform/Parse-SDK-Android/blob/7d908f3d1cbed3c89addfac49419c6c2f1859d62/Parse/src/main/java/com/parse/ParseUser.java#L604
• And removing anonymity before signup is intentional: https://github.com/ParsePlatform/Parse-SDK-Android/blob/7d908f3d1cbed3c89addfac49419c6c2f1859d62/Parse/src/main/java/com/parse/ParseUser.java#L420

Seems like the answer to my first question is no. My current workaround is to have custom client-side state to keep track of whether the user is logged in registered or not. Is there a better way?

[TomWFox]

Closing this as no one has reported this issue recently, and we don't have the resources to investigate these historic reports.

Please ask me to reopen if you experience this issue in the latest version of this SDK.

[shlusiak]

This is still a problem in the latest version.

• Setting username on a ParseUser will call stripAnonymity.
• This is supposed to remove the anonymous key in the authData dictionary of the object.
• It is only supposed to do that in the map estimatedData.
• If saving fails, we are meant to be able to call revert() to revert the estimatedData back to the server data from state.
• However since authData is a Map, and estimatedData is unfortunately a shallow copy of state, the Map pointed to by both maps IS THE SAME OBJECT.
• Modifying estimatedData["authData"]["anonymous"] makes the same changes appear in state["authData"]["anonymous"]. Hence reverting is impossible.

I suspect rather than modifying the content of the authData key, we should replace it with a new modified map.

[parse-github-assistant]

Thanks for opening this issue!

• ❌ Please edit your post and use the provided template when creating a new issue. This helps everyone to understand your post better and asks for essential information to quicker review the issue.

[parse-github-assistant]

The label type:bug cannot be used in combination with type:improvement.

[parse-github-assistant]

The label severity:medium can only be used in combination with type:bug.