Skip to content

Commit

Permalink
Test to show that you can't login with a old facebook user when anony…
Browse files Browse the repository at this point in the history 
…mous
  • Loading branch information
@Scoup
Scoup committed Mar 10, 2016
1 parent 2300b21 commit 0f3116e
Showing 1 changed file with 51 additions and 0 deletions.
51 changes: 51 additions & 0 deletions spec/RestCreate.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,57 @@ describe('rest create', () => {
});
});

it('test facebook login that is already have account and is logged with a anonymous user', (done) => {
var dataAnonymous = {
authData: {
anonymous: {
id: '00000000-0000-0000-0000-000000000001'
}
}
};
var data = {
authData: {
facebook: {
id: '8675309',
access_token: 'jenny'
}
}
};
var newUserSignedUpByFacebookObjectId;
var anonymousResponse;
rest.create(config, auth.nobody(config), '_User', data)

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 10, 2016

Contributor

there you create a Facebook logged in user, not an anon user

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

This test reproduce the client flow.
The user already have a facebook user, then the user logout. After he opens the app (or install a new one), he create a anonymous user (bellow) and try to login with facebook, but the client already have the anonymous user, that is the bug.

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 11, 2016

Contributor

Yeah but here, this is the Facebook user that gets created first as data is the data that have the Facebook ID!
This should be dataAnonymous if that what you want to reproduce

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

Here I just created the user, because this bug just happens when the facebook user already exists, this part is just to be sure that the user already exists before try to login again with the anonymous user.
.then((r) => {
console.log('facebook user', r.response);
// facebook user sign up
newUserSignedUpByFacebookObjectId = r.response.objectId;
return rest.create(config, auth.nobody(config), '_User', dataAnonymous);

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 10, 2016

Contributor

here you create a second user, that has anon auth data

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

This simulates the user with a fresh install. The client create a anonymous user after you open the app and start the parse sdk.
}).then((r) => {
console.log('anonymous user:', r.response);
// logged anonymous
var anonymousResponse = r.response;
data.authData.objectId = r.response.objectId;

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 11, 2016

Contributor

this is wrong, should be data.objectId = r.response.objectId;

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

I did that, because that is what the android-sdk do.

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 11, 2016

Contributor

This is not what's in the android SDK as you can see in the request that is passed:

{ authData: { 
    facebook: { access_token: 'XXXX', 
                       expiration_date: '2016-05-08T18:19:20.000Z',
                       id: '10207247385845217' } 
}, 

objectId: '5DeGfe43PC' }

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

True, my mistake, I will fix it. But I was testing with the device to check all the flow.
data.authData.anonymous = null;
return rest.update(config, auth.nobody(config), '_User', data.authData.objectId, data);

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 10, 2016

Contributor

here you try to update the anon user with Facebook auth data, but this user already exists, that should fail obviously as a user already has a hold on this Facebook id, also,
we don't as you set null to data.authData.anonymous and objectId, we reject the command for multiple reasons:

  1. only 1 key is supported in auth data, each operation (linking, unlinking has to be isolated in a different request)
  2. objectId is not a valid key for an authData provider

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

This is what happens with client login. I just reproduced in the test what is happening with android and ios. But the same code works with parse official server. I'm not sure if is a client bug or the server should work with that.

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 11, 2016

Contributor

I'm really not sure about authData.objectId. I've never seen that anywhere. And that seems plain wrong given the general spec of the authData. If you can back it up with a dump from the request that would help.
This should be

data.objectId = r.response.objectId
data.authData.anonymous = null;

given:

{ authData: { 
    facebook: { access_token: 'XXXX', 
                       expiration_date: '2016-05-08T18:19:20.000Z',
                       id: '10207247385845217' } 
}, 

objectId: '5DeGfe43PC' }

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

That exactly what I got from Android request with the client flow described above:

{ authData: { 
    anonymous: null,
    facebook: { access_token: 'XXXX', 
                       expiration_date: '2016-05-08T18:19:20.000Z',
                       id: '10207247385845217' } 
}, 

objectId: '5DeGfe43PC' }

But this '5DeGfe43PC' is the anonymous user trying to login with this facebookId '10207247385845217', but this id is already related to another user.

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 11, 2016

Contributor

So what happens? In your test, you start logging in with Facebook, so that create a user, any attempt to link a user that has the same Facebook id should fail.

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

That is the problem, always fail, because can't link a user with the same facebook id. I know that, the problem that is this is what happens with Android with parse-server. But the same code works with official parse server. So I don't know if this is problem is related with the parse-server or parse-android-sdk

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

If that is the right flow the server needs to be fixed, if the flow is wrong, so need to fix the sdk.

This comment has been minimized.

Sign in to view

Copy link
@flovilmart

flovilmart Mar 11, 2016

Contributor

because can't link a user with the same Facebook id

Obviously you can't! That's how it should be. However, you should be able to login with that Facebook authData.
Can you post the android code somewhere so I see what you're doing?

This comment has been minimized.

Sign in to view

Copy link
@Scoup

Scoup Mar 11, 2016

Author

Yeah, I'm not the Android developer, but I will get the code for you.
}).then((r) => {
console.log('login', r);
expect(typeof r.response.objectId).toEqual('string');
expect(typeof r.response.createdAt).toEqual('string');
expect(typeof r.response.username).toEqual('string');
expect(typeof r.response.updatedAt).toEqual('string');
expect(r.response.objectId).toEqual(newUserSignedUpByFacebookObjectId);
return rest.find(config, auth.master(config),
'_Session', {sessionToken: r.response.sessionToken});
}).then((response) => {
expect(response.results.length).toEqual(1);
var output = response.results[0];
expect(output.user.objectId).toEqual(newUserSignedUpByFacebookObjectId);
done();
})
.catch((err) => {
console.log('err', err);
});
});

it('stores pointers with a _p_ prefix', (done) => {
var obj = {
foo: 'bar',
Expand Down

8 comments on commit 0f3116e

@luizfelipetx
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with old sdk facebook and old ParseFBUtils...
ParseFacebookUtils.logIn(activity, new LogInCallback() { @Override public void done(ParseUser user, ParseException err) { onFacebookParseRegistrationEnded(err); } });

// the new sdk Parse new ParseFBUtils
ParseFacebookUtils.logInInBackground(AccessToken.getCurrentAccessToken(), new LogInCallback() { @Override public void done(ParseUser parseUser, ParseException e) { onFacebookParseRegistrationEnded(e); } }); return;

@flovilmart the weird thing is when we point to the cloud parse works fine. When we point to our server does not work.

@flovilmart
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And you can confirm that the anonUser objectId is sent along the login request?

@luizfelipetx
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we using ParseUser.enableAutomaticUser(); before the login request.
enableAutomaticUser() Enables automatic creation of anonymous users.
You can try login with sample app using facebook in Parse-server, login will work , after login. Try logout and login again. Here this flow fail.
I believe the server is not differentiating if I'm trying to make a login or sign in with facebook.

@flovilmart
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you get your server in VERBOSE so I can see what requests are sent?

@Scoup
Copy link
Author

@Scoup Scoup commented on 0f3116e Mar 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @flovilmart, here is the log:

http://pastebin.com/GB9TThv1

I printed all the request so you can see what was sent.
When he started he didn't have account, he login anonymous, after facebook, then logout and tries to login again and then fails.

Thank you for your help.

Edit: I'm using the lastest version of parse-server in npm

@flovilmart
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I can see the logs, I know what's going on and this will fixed by #952.

@Scoup
Copy link
Author

@Scoup Scoup commented on 0f3116e Mar 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is great!!! I will start working with your branch.
Thank you.

@luizfelipetx
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much @flovilmart .

Please sign in to comment.