Facebook link and unlink overwrites username field

[mnearents]

Running Parse-Server 2.2.7, Facebook SDK, 4.10.1. Environment: Heroku + MongoLab.

In my app, when a user signs up, I set their username equal to their email address.

My app doesn't have facebook login, so users use their email address to log in. But it does have a Connect to Facebook feature (available once logged in) where I call [PFFacebookUtils linkUserInBackground: user withReadPermissions: permissions]

When I do this, the user's username field is overwritten with a random string of characters. At first I thought this must be for Facebook authentication and I'll just have to create a workaround since my users always log in with an email and password (without the workaround, login then fails). So when I link a user with facebook, I call a cloud code function to set their username equal to their email address again.

However, when I unlink the user from facebook, the username field is again overwritten with a string of random characters. Now it doesn't make any sense. I could write another cloud code function to set the fields equal to each other, but I first wanted to ask if this is normal, or is it a bug?

The string of random characters is not the user's facebook id, nor is it their access token. I have no idea what it is. It's 32 characters long. The string when I link is not the same as when I unlink.

[tanmays]

Definitely seems like a bug, the link method should not replace username. Username should only be set by oAuth if it's asignUp function.

[drew-gross]

I wrote a regression test to check for this issue, and the test passes: #1538

Can you either check out that PR and tell me any differences between what you are doing to see this issue and what the test case does? Either that or provide your own test case that reproduces the issue, as a series of cURL requests or JS SDK calls.

[mnearents]

You'll have to forgive me, I am not much of a developer (hence my use of Parse.com). What is PR? And can I just copy the JS SDK calls you wrote into a cloud code function? I am not really familiar with writing test cases.

[drew-gross]

PR is "Pull Request", basically a proposed change to the codebase. The JS SDK calls in that PR have a little bit a special code that makes them work in the test environment.

The best way to write a test case is to provide some JS code that I can run on a blank database that demonstrates the issue.

[mnearents]

I'm not sure how to write JS code that reproduces the issue when I was seeing the issue while using the iOS SDK. This is the code I used in my app:

- (void)connectFacebook
{
if([PFFacebookUtils isLinkedWithUser:[PFUser currentUser]]) {
    //disconnect facebook
    UIAlertController *fbAlert = [UIAlertController alertControllerWithTitle:@"Disconnect Facebook" message:@"Are you sure you want to disconnect facebook? You will no longer see Facebook friends in your contacts list." preferredStyle:UIAlertControllerStyleAlert];

    UIAlertAction *proceed = [UIAlertAction actionWithTitle:@"Disconnect" style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {

        [PFFacebookUtils unlinkUserInBackground:[PFUser currentUser] block:^(BOOL succeeded, NSError *error) {
            if (succeeded) {
                [self.tableView reloadData];
            }
        }];
        [self dismissViewControllerAnimated:YES completion:nil];
    }];

    UIAlertAction *cancel = [UIAlertAction actionWithTitle:@"Nevermind" style:UIAlertActionStyleCancel handler:^(UIAlertAction * _Nonnull action) {
        [self dismissViewControllerAnimated:YES completion:nil];
    }];

    [fbAlert addAction:proceed];
    [fbAlert addAction:cancel];

    [self presentViewController:fbAlert animated:YES completion:nil];
}
else {
    //connect facebook
    [PFFacebookUtils linkUserInBackground:[PFUser currentUser] withReadPermissions:@[@"public_profile", @"user_friends"] block:^(BOOL succeeded, NSError *error) {
        if (succeeded) {
            NSLog(@"user is linked with Facebook!");
            [self.tableView reloadData];
        }
    }];
}
}

And then I call this to store the facebookId as a field on the User object:

- (void)setFacebookIdOnProfile
{
[PFUser currentUser][@"facebookId"] = self.facebookId;
[[PFUser currentUser] pinInBackground];
[[PFUser currentUser] saveInBackgroundWithBlock:^(BOOL succeeded, NSError * _Nullable error) {
    if(succeeded) {
        NSLog(@"saved user in background with facebookId: %@", self.facebookId);
    }
}];
}

So do I just try replicating this with javascript code? Your regression test looks like you already replicated this. I'm not doing anything special here, just calling linkUserInBackground and unlinkUserInBackground. So I'm not sure what I would do different than what you've done. I apologize for my noobie-ness here.

[drew-gross]

In that case you could enable verbose logging in your server, and run through this code once with a link + unlink. Then, go to your server logs and paste the requests and responses here.

[mnearents]

I hope I sanitized these properly.
logs-facebook-link.docx

[flovilmart]

Closing due to lack of activity, please reopen if the issue persist with the latest version.

Don't forget to include your current:

• node version
• npm version
• parse-server version
• any relevant logs (VERBOSE=1 will enable verbose logging)