Querying User with master key is not returning session token

[techyrajeev]

Running a cloned repository from parse server example.

https://github.com/ParsePlatform/parse-server-example
I am try to fetch the session token associated with an existing user using master key.
I am providing a user parameter such as email and want to fetch that user with its session token.
My problem is that I am not able to get session token with the user object received. I tried a lot but couldn't figure out what is the problem.

curl -X GET \
  -H "X-Parse-Application-Id: app-id" \
  -H "X-Parse-REST-API-Key: rest-key" \
  -H "X-Parse-MASTER-Key: master-key" \
  -G \
  --data-urlencode 'where={"email":"test@gmail.com"}' \
  https://herokuapp.com/parse/classes/_User

Server setup:

var api = new ParseServer({
  databaseURI: databaseUri || 'mongodb://localhost:27017/dev',
  cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
  appId: process.env.APP_ID || 'myAppId',
  masterKey: process.env.MASTER_KEY || '', //Add your master key here. Keep it secret!
  serverURL: process.env.SERVER_URL',  // Don't forget to change to https if needed
  liveQuery: {
    classNames: ["Posts", "Comments"] // List of classes to support for query subscriptions
  }
});

Steps to reproduce:

Deploy Parse-Server to Heroku.

send curl request

curl -X GET \
  -H "X-Parse-Application-Id: app-id" \
  -H "X-Parse-REST-API-Key: rest-key" \
  -H "X-Parse-MASTER-Key: master-key" \
  -G \
  --data-urlencode 'where={"email":"test@gmail.com"}' \
  https://herokuapp.com/parse/classes/_User

or

curl -X GET \
  -H "X-Parse-Application-Id: app-id" \
  -H "X-Parse-REST-API-Key: rest-key" \
  -H "X-Parse-MASTER-Key: master-key" \
  https://herokuapp.com/parse/users/user_objectId

Expected Results

The code should run and data related to user along with session token should be present.

Actual Outcome

Data related to user is fetched but without sessionToken associated with user.
There is no sessionToken present.
Environment Setup

Server

express: "^4.14.0",
parse: "^1.9.1",
parse-server: "^2.2.18"

Operating System: Mac Os
Hardware: MacBook Pro
Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): Heroku
Database

MongoDB version: 3.0.12
Storage engine: AWS us-east-1
Localhost or remote server? (AWS, mLab, ObjectRocket, Digital Ocean, etc): mLab

[hramos]

Can you remove the X-Parse-REST-API-Key header and try again?

[techyrajeev]

Still the same issue.

[hramos]

The issue should have been fixed in 2.2.17, can you double check the Parse Server version you're using?

[techyrajeev]

I checked again I am using

    "parse": "^1.9.1",
    "parse-server": "^2.2.18"

Also Require revocable sessions is set to Yes on parse dashboard.

[techyrajeev]

Any one tried to recheck this issue yet? Is it in new version as well or only I am facing this issue?

[steven-supersolid]

How does this work on parse.com with revocable sessions?

I recommend in your dependencies that you use an exact version of parse-server - this will clarify in which version the bug occurs and also you won't get any surprises when a new version is released.

[techyrajeev]

How do check the exact version of parse-server being used?
This is the output of

$ npm outdate
Package              Current  Wanted  Latest  Location
babel-preset-es2015   6.14.0  6.16.0  6.16.0  wlparse
babel-register        6.14.0  6.16.3  6.16.3  wlparse
cors                   2.8.0   2.8.1   2.8.1  wlparse
node-ses               2.0.0   2.0.1   2.0.1  wlparse
parse                  1.9.1   1.9.2   1.9.2  wlparse
parse-server          2.2.18  2.2.22  2.2.22  wlparse

[steven-supersolid]

'Current' shows that 2.2.18 is currently being used but if you deploy to heroku or do npm install then you will get 2.2.22 which could lead to unpredictable behaviour. If you change your dependency to:

"parse":"1.9.1",
"parse-server": "2.2.22"

Then do npm install or deploy then you will always be on 2.2.22. I usually match my parse version to whatever parse-server uses, which can be seen in the parse-server package.json

If you want to see which version heroku is using then look at the Build Log on the Activity tab.

[techyrajeev]

You are right.It seems to be a good practice which should be followed. Using this at least we can be certain about which version is being used.

[danawhite]

I've been wrestling for a few days with getting LiveQuery to work properly within my React Native app. After reading the docs again, I was under the impression that it would only work for apps using JS SDK below 1.9.

It seems as if my config is proper:

server.use( '/parse', new ParseServer({ databaseURI: DATABASE_URI, cloud: path.resolve(__dirname, 'cloud.js'), appId: APP_ID, masterKey: MASTER_KEY, fileKey: 'xxxxxxxxx', serverURL:https://${SERVER_HOST}:${SERVER_PORT}/parse, liveQuery: { classNames: ['Request'], } }) );

var parseLivQueryServer = ParseServer.createLiveQueryServer(server);

However, I keep getting 'error on socket' when I create a subscription. Any idea why I am unable to connect successfully?

[Pietro89]

I have the same problem on parse-server 3.1.3

  `var email = request.params.email

    console.log("Email: "+email)

    var query = new Parse.Query(Parse.User);

    query.equalTo("email", email);

    var user = await query.first({ useMasterKey: true })

    // user.fetch({ useMasterKey: true })

    console.log("USER: "+user.id)

    console.log(await user.getSessionToken())

    return await user.getSessionToken()`

returns always indefined

I also tried to fetch the user with the master key and passing { useMasterKey: true } to getSessionToken()

[deelydian]

Has anyone found a solution for this? I am trying to retrieve a user's session token in the exact same manner as @Pietro89 but it always returns undefined. In cloud code, I need to be able to query objects a user is associated with, so, unless I'm mistaken, I need access to their session token. If I am mistaken, how would I go about retrieving objects this user has ACL access to from a specific table? The user won't always be the owner of the object, so I need another way to get these objects.