Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

default _SCHEMA for _User don't hold password #1355

Closed
jon1010hill opened this issue Apr 4, 2016 · 5 comments
Closed

default _SCHEMA for _User don't hold password #1355

jon1010hill opened this issue Apr 4, 2016 · 5 comments
Labels
type:bug Impaired feature or lacking behavior that is likely assumed

Comments

@jon1010hill
Copy link

When I request the User Schema the password field is NOT returned.
If I use api.parse.com the password field IS returned.

curl -X GET \ -H "X-Parse-Application-Id: 1234" \ -H "X-Parse-Master-Key: 56789" \ http://localhost:1337/parse/schemas/_User

I noticed this when trying to create a new user with:

curl -X POST \ -H "X-Parse-Application-Id: 1234" \ -H "X-Parse-Master-Key: 56789" \ -H "Content-Type: application/json" \ -d '{"password":"test100","username":"somenewuser"}' \ http://localhost:1337/parse/users

returns: {"code":101,"error":"Permission denied for this action."}

I have stepped through the code with a node debugger and I can see that the exception is thrown because as 'password' is not in the _SCHEMA collection it is treated as a new field and my permissions don't allow me to create a new field. Of course, I don't want it to store 'password' in the _User collection but also as I am using X-Parse-Master-Key the class level permissions shouldn't be taken into account. (I think this part has been tackled here

Environment Setup

Parse Server 2.2.4
@flovilmart flovilmart added type:bug Impaired feature or lacking behavior that is likely assumed in-process labels Apr 4, 2016
@flovilmart flovilmart changed the title Requests for User Schema do not return password field default _SCHEMA for _User don't hold password Apr 4, 2016
@flovilmart
Copy link
Contributor

Thanks for reporting, I'll have a look!

@flovilmart
Copy link
Contributor

I've had a look, funny thing is that when you set the CLP from the new dashboard, you should have no issue as we inject the default schema. I believe you had the CLP set and the migration did not transfer properly the schema.

This should be solved by the proposed PR

@jon1010hill
Copy link
Author

So I've just checked again and queried the mongo database directly with 'db.getCollection("_SCHEMA").find()'

The field 'password' is definitely missing. I guess you are right that it didn't get created during the migration process.

It is strange the REST service at api.parse.com still returns the 'password' field when querying for /schemas/_User. I guess that it must be using obtaining the default schema for _User and merging it with what it finds on the DB Collection. The open Parse Server doesn't do the same.

@jon1010hill
Copy link
Author

Perhaps it isn't a database migration issue. Perhaps these fields are not stored in the DB Schema Collection but just exist in the api.parse.com resource?

@flovilmart
Copy link
Contributor

In any case the PR will solve the issue

@dependabot-preview dependabot-preview bot mentioned this issue Jan 28, 2019
Closed
@dependabot-preview dependabot-preview bot mentioned this issue Feb 16, 2019
Closed
This was referenced Jul 12, 2021
Open
Open
Open
Open
Open
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:bug Impaired feature or lacking behavior that is likely assumed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@flovilmart @jon1010hill