Improper encode of parameter error

[codebreach]

• You've met the prerequisites.
• You're running the latest version of Parse Server.
• You've searched through existing issues. Chances are that your issue has been reported or resolved before.

Environment Setup

• local server
• mongolab db
• Parse JS SDK 1.8.3

Steps to reproduce

Simple queries using JS SDK would work with parse hosted api and fail with {"code":102,"error":"Improper encode of parameter"}

Query generates following REST:
Request URL: http://localhost:5001/api/classes/Request
Request Method: POST

_ApplicationId: "REDACTED"
_ClientVersion: "js1.8.3"
_InstallationId: "REDACTED"
_JavaScriptKey: "REDACTED"
_RevocableSession: "1"
_SessionToken: "REDACTED"
_method: "GET"
include: "creator,chosen_venue"
order: "-request_time"
where: {}

Logs/Trace

::ffff:127.0.0.1 - - [19/Apr/2016:12:48:35 +0000] "GET /api/classes/Request HTTP/1.1" 400 51 "http://localhost:5000/manage/app/requests" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"
::ffff:127.0.0.1 - - [19/Apr/2016:12:48:35 +0000] "GET /api/classes/Request HTTP/1.1" 400 51 "http://localhost:5000/manage/app/requests" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

[drew-gross]

We have lots of passing test cases that cover these features. Can you post some code that reliably reproduces your issue? Ideally as a test case we can add to our test suite.

[codebreach]

Failing Test case:
drinklynk@2a7b779

Please note that it seems that the JS sdk and parse server expect differently formatted POST params.
See https://github.com/ParsePlatform/Parse-SDK-JS/blob/master/src/__tests__/RESTController-test.js#L130-L150

[codebreach]

@drew-gross any thoughts?

[codebreach]

I can try to fix it by handling the special params that the POST uses from the JS SDK, however I am not sure where the best place for this would be. So if you can guide me to the correct files it would be great.

[drew-gross]

I verified that this does indeed fail, but I haven't had time to make a fix yet.

[codebreach]

I have a fix, opening PR

[codebreach]

The test I had was wrong it seems
The _applicationId etc is handled in https://github.com/ParsePlatform/parse-server/blob/master/src/middlewares.js#L48-L52

I have fixed the test and it now passes
https://github.com/ParsePlatform/parse-server/compare/master...drinklynk:codebreach/js-sdk-testcase?expand=1

Going to investigate more why this is happening

[codebreach]

_RevocableSession is being set by the SDK which is causing the request to 400.
Is that expected behavior?

[drew-gross]

No, that shouldn't matter. Can you look as the logs and find the request that returns 400?

[jsdalton]

I'm having this same issue right now. It appears that request is failing in this block of code here:

https://github.com/ParsePlatform/parse-server/blob/a727e1ccd3fc8b14498ed0f813d6b473286ad40d/src/Routers/ClassesRouter.js#L14-L21

I inspected the body object at that point of execution in a request I had that was failing here, and the offending key that's not in the list of allowConstraints is _RevocableSession.

It looks like this block of code in the handleParseHeaders middleware is stripping out all of the various meta data headers, but it has nothing for _RevocableSession.

There are a few ways presumably this could be handled, e.g. pulling out the revocable session key in the middleware where the other keys are handled, or else adding it to the allowed constraints list.

[codebreach]

@drew-gross same query as mentioned in the initial bug report - that had _RevocableSession in it already

Just clearing it in handleParseHeaders as @jsdalton suggests should fix this.