code: 206 error: cannot modify user ...

[drorsun]

Hi,
We're seeing today code 206 error saying "cannot modify user" . This happens for a specific existing user entry. With new user records we see no issues and we're checking if other users have the same issue.
We're using iOS SDK 1.12.0 and parse-server 2.2.7.

The below is taken from parse-server log - request to modify user that gets the error (the log is obfuscated for ip and other app details).

{"level":"verbose","message":"POST /parse/batch { host: 'my.parse.server',\n 'x-real-ip': '11.11.11.11',\n 'x-forwarded-for': '11.11.11.11, 11.11.11.11',\n 'content-length': '395',\n accept: '/',\n 'accept-encoding': 'gzip, deflate',\n 'accept-language': 'en-us',\n 'content-type': 'application/json; charset=utf-8',\n 'user-agent': 'OurApp/1.0.36 CFNetwork/758.3.15 Darwin/15.4.0',\n 'x-parse-app-build-version': '1.0.36',\n 'x-parse-app-display-version': '4.0.7',\n 'x-parse-application-id': '#######',\n 'x-parse-client-key': '#######',\n 'x-parse-client-version': 'i1.12.0',\n 'x-parse-installation-id': '90fd91e7-4242-4d4d-8955-3d0b1884b745',\n 'x-parse-os-version': '9.3 (15E65)',\n 'x-parse-session-token': 'DTKDknln9oHgI9PgP7pIHmuf9',\n 'x-forwarded-port': '443',\n 'x-forwarded-proto': 'https' } {\n "requests": [\n {\n "path": "/parse/classes/_User/tBWAwMXkUr",\n "method": "PUT",\n "body": {\n "locale": "en",\n "runCount": {\n "amount": 1,\n "__op": "Increment"\n },\n "lastSession": {\n "__type": "Date",\n "iso": "2016-05-09T11:36:37.843Z"\n },\n "authData": {\n "anonymous": {\n "id": "a9ba010b-f7b2-4349-8094-d0e315260db9"\n }\n },\n "deviceUUID": "6538277E-8851-4EC3-82C9-8CA8A1C8181C",\n "timezone": "Asia/Jerusalem",\n "countryCode": "IL",\n "songsPlayed": 11\n }\n }\n ]\n}","timestamp":"2016-05-09T11:37:15.311Z"}
{"level":"verbose","message":"{\n "response": [\n {\n "error": {\n "code": 206,\n "error": "cannot modify user tBWAwMXkUr"\n }\n }\n ]\n}","timestamp":"2016-05-09T11:37:15.367Z"}

Dror

[gfosco]

The session token I see in that log appears invalid. It does not start with r: meaning it could be an old, non-revocable, session token which is not supported by parse-server.

[drorsun]

That's a good lead I want to follow up on.
I am not familiar enough with our client side to be honest. Any idea how could our client use an old session token? Could this be related to anonymous users?

[gfosco]

If you had not turned on enable revocable sessions, and if the user has persisted this login for more than a year... is that possible in this case?...

[drorsun]

No, the user is 1-2 weeks old at most. It is an anonymous user.
We are busy these days with migration to our hosted parse. The specific user was most likely created after we migrated our data but possibly created using an older SDK with api.parse.com and not by using the new SDK and our hosted server. I am worried that if this is somehow connected then our current users may experience the same errors after the application is deployed.

[araskin]

+1 on this issue. Unfortunately for us it is slightly different

The session token does begin with an 'r'
It is both for existing and new user records.

Any attempt to update these users fails with a 206 error code.

[araskin]

Oh one more thing to add. Just before calling the save method to update the user record I added the following:

console.log('Current User record is ' + JSON.stringify(Parse.User.current()));

Unfortunately the result was null. So basically it looks like the 'current' user is null and hence why the save fails.

[araskin]

OK I resolved the issue by change our code from

aUserRecord.save({lastLogin:new Date()});

to

aUserRecord.save({lastLogin:new Date()}, { sessionToken: aUserRecord.get("sessionToken") })

[JeremyPlease]

+1 Same issue here.

request.user is set in Cloud Function, but calling request.user.set('name', 'Bob'); request.user.save() returns "cannot modify user" error.

[araskin]

Try passing in the sessionToken into the Save call.

aUserRecord.save({lastLogin:new Date()}, { sessionToken: aUserRecord.get("sessionToken") })

[JeremyPlease]

@araskin Yeah, that works, but I'd like to not have to do that on every function.

See issue #1773

[araskin]

I only had to do it for User. My guess is because of the ACL on that collection restricts it so that only that user can update their own record.Hope that makes sense. Sent from my BlackBerry - the most secure mobile device From:notifications@github.comSent:May 12, 2016 9:33 PMTo:parse-server@noreply.github.comReply-to:reply@reply.github.comCc:alon@trcked.com; mention@noreply.github.comSubject:Re: [ParsePlatform/parse-server] code: 206 error: cannot modify user ... (#1729) @araskin Yeah, that works, but I'd like to not have to do that on every function.

See issue #1773

—You are receiving this because you were mentioned.Reply to this email directly or view it on GitHub

[drorsun]

Hi again,
Please put attention into this, It is a change in behaviour with the hosted parse server compared to api.parse.com .

What we're trying to do is the operation [PFObject saveInBackgroundWithBlock]. This should save data for the user in another table.
With our hosted parse-server (2.2.7) we get the 206 error an unable to save.
We see that when we go back to use api.parse.com we can complete the operation successfully.

Things to note:

• The issue here is an anonymous user - i.e. it is not logged-in. The user was created about 4 weeks ago with api.parse.com. With other users we see no problem.
• As pointed before - the user is using an old sessionToken. With our app we never migrated session tokens (not sure why, I was not around at the time). We don't user PFSession but for the sake of experiment we tried [PFSession getCurrentSessionInBackgroundWithBlock:...] and with both servers we are getting back the 209 error code (session token not found) - also with api.parse.com where the save operation succeeds.

We may have thousands of users in this state and we're worried that they would loose their data if we switch them to the new server.

Help, please!
Dror

[drorsun]

@gfosco can you refer to my last comment here please. I think this is a bug or at least an undocumented change in behaviour.

[drew-gross]

You have until January 2017 before api.parse.com shuts down, so there is no need to worry about your users losing their data. I'd suggest moving to revocable sessions by following the migration guide here: https://parse.com/tutorials/session-migration-tutorial

There has been some progress in implementing non-revocable sessions in Parse Server here: #1749. I'm going to close this issue so we can consolidate all discussion of non-revocable sessions on that PR.

[drorsun]

@drew-gross Tx for this. I know you closed this issue but I have a specific question regarding what you wrote here.
Regarding migrating to non-revocable - is that a must to migrate or will we be able to set legacySessionTokens=true and continue as we did so far?

(Also regarding my worries 😄 - we're upgrading our apps to move out of using api.parse.com these days, ahead of Jan 17, so I am worried about these current users)

[drew-gross]

My suggestion if you want to migrate quickly is to go through the revocable session migration guide and then migrate after that. If you want to go even faster, you could try applying the patch in #1749 to your own Parse Server, or even help implement non-revocable sessions in Parse Server.

[cinder92]

@araskin your code is not working, i just passed the sessionToken and lastLogin and always receiving error can't modify user

[araskin]

@cinder92 Thats because lastLogin is a custom field which I added using the parse-dashboard. My guess is you have not added this field.

[rootux]

Still fails

[chrisli30]

Well, if you are sure the req.user is the User object you want, you could force save using master key in cloud code. A little hacky, but this is what worked for me.

await user.save(null, { useMasterKey: true });