Fix: properly pass req.user to liveQuery triggers

[dblythy]

New Pull Request Checklist

• I am not disclosing a vulnerability.
• I am creating this PR in reference to an issue.

Issue Description

When I replaced the LQ triggers auth lookup with getAuthForSessionToken, I forgot to destructure auth. My bad.

This results in req.user always being undefined for LQ triggers. This only affects the master branch.

First commit is failing test.

Closes: #7318

[dplewis]

Can you write a test case? Looks good

[codecov]

Codecov Report

Merging #7296 (4065882) into master (3638b0e) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #7296   +/-   ##
=======================================
  Coverage   93.91%   93.92%           
=======================================
  Files         181      181           
  Lines       13195    13210   +15     
=======================================
+ Hits        12392    12407   +15     
  Misses        803      803           

Impacted Files	Coverage Δ
src/LiveQuery/ParseLiveQueryServer.js	95.50% <100.00%> (+0.17%)	⬆️
...dapters/Storage/Postgres/PostgresStorageAdapter.js	95.36% <0.00%> (-0.16%)	⬇️
src/Adapters/Files/GridFSBucketAdapter.js	80.32% <0.00%> (+0.81%)	⬆️
src/ParseServerRESTController.js	98.50% <0.00%> (+1.49%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3638b0e...4065882. Read the comment docs.

[dblythy]

Tests for this seem to be very flaky. Not sure why. Sometimes sesssionToken is passed, sometimes it's not. I think it's possibly because client is cached across request by the JS SDK. Any pointers appreciated!

Test also work with fit but not without it.

[dblythy]

@mtrezza @davimacedo just noting that this will have to be solved before next release otherwise LQ triggers won’t have .user available to them

[mtrezza]

Test also work with fit but not without it.

This is usually an indication that the test is influenced by other tests that run previously. It may have to do with the recent restructuring of tests. It may also be that your added tests influence each other when not run with fit.

[mtrezza]

I classified this as a bug with severity S2, because there is no known workaround.

I just noticed that this is a PR and it doesn't seem to have a referenced open issue.

@dblythy How is this PR and your finding related to the issue #7295, which has been closed by the author who wrote that the issue was just a misconfiguration. If this is unrelated to the issue, can you please open a new one and correct the reference?

[dblythy]

I discovered this bug during the investigation for #7295, and I assumed that this was the bug that @yanuarizalk had found. It appears now that it wasn't. I've reopened an issue.

[ghost]

	Warnings
⚠️	Please add a changelog entry for your changes.

Generated by 🚫 dangerJS

[dblythy]

New Issue: #7318

[mtrezza]

Thanks, so we can apply the bug label and remind us to address this before new release.

[dblythy]

Should be good to go. Do you want me to add a changelog? This bug was introduced in the master and fixed in the master so I don't see the purpose of the changelog imo.

[mtrezza]

Yes, I also think no changelog entry is necessary.

Are the tests still flaky?

[dblythy]

Are the tests sill flaky?

Nope! The issue was using client.sessionToken over client.getSubscriptionInfo(requestId).sessionToken.

It seems as though client.sessionToken gets cached between tests, which can make it flaky. Using client.getSubscriptionInfo(requestId).sessionToken seems to be 100% solid as it matches requestId, not just client. I've tested this approach around 10 times and tests are consistently passing fine.

[mtrezza]

Could you look at the codecov? It says some added lines are not covered by tests.

[dblythy]

Getting an error:

Failures:
1) OAuth Should fail a GET request
  Message:
    Uncaught exception: SyntaxError: Unexpected end of JSON input
  Stack:
        at <Jasmine>
        at IncomingMessage.<anonymous> (/home/runner/work/parse-server/parse-server/lib/Adapters/Auth/OAuth1Client.js:3:462)
        at IncomingMessage.emit (events.js:327:22)
        at endReadableNT (internal/streams/readable.js:1327:12)
        at processTicksAndRejections (internal/process/task_queues.js:80:21)

Any pointers appreciated!

[mtrezza]

Clever!

[mtrezza]

I restarted the test to make sure it's not just flaky - it still occurs.

My guess, it's probably the refactoring of the auth object in this PR. Did you try to debug step through the test?

[dblythy]

Thanks @mtrezza, it appears this error is thrown on #7365 as well, so I'm assuming this error exists on the master branch. I've changed the twitter endpoint that the failing test checks for and seems to be all fine. What do you think?

[mtrezza]

The master branch passes currently, it could be flaky? I just restarted the jobs on master, let's see.

Edit: You were right, same error on master, even though the build passed 3 days ago. Maybe something has changed externally.

There was likely a change in the Twitter API, as you said the test checks an endpoint. It's possible that the test points to an obsolete API version and it has been force-upgraded.

I would just debug the test to get a hint why it fails. This should be fixed in a separate issue / PR though.

[dblythy]

The test performs a GET request on this url, which now returns an empty page. I'm assuming this is a change on Twitter's end.

The test is expecting a response of {"errors":[{"code":215,"message":"Bad Authentication data."}]}. When the path is changed to /1.1/oauth/request_token, the correct error is thrown.

Will create a new issue and PR.

[mtrezza]

Looks good! Thanks for fixing this.

[dblythy]

Thank you for the review Manuel!

[parseplatformorg]

🎉 This change has been released in version 5.0.0-beta.1

[parseplatformorg]

🎉 This change has been released in version 5.0.0