Parse api password reset

[srinivasagopalan]

Hi All,

I have parse server set up in my own domain. I am trying the custom password reset functionality like below using rest api. Every other field update works other than the password field. Could you guide me how i can resolve this. I am using the master key.

app.get("/updatepassword", function(req, res) {

var options = {
    host : '<mydomian>',
    port : '<portno>',
    method: 'PUT',
    path : '/parse/classes/_User/' + req.query.userId,
    headers : { 'X-Parse-Application-Id' : 'testappid' , 'X-Parse-Master-Key' : 'testmasterkey', 'Content-Type' : 'application/json' }
}

var data = JSON.stringify({
  password: req.query.password
});
var req = http.request(options, function(response) {
    // Continuously update stream with data
    var body = '';
    response.on('data', function(d) {
        body += d;
    });
    response.on('end', function() {

    });
});

req.write(data);
req.end();

});

[sdf611097]

Javascript sdk have same problem, so does cloud function.

Here is Javascript code, run on node.js 4.2.4

var Parse = require('parse/node').Parse;
Parse.initialize("myAppId", "myJavascriptKey","masterKey");
Parse.serverURL = 'http://xxxx:1337/parse'

var query = new Parse.Query(Parse.User);
query.equalTo("email", "myEmail");
query.first().then(function(user){
console.log(user.get('name'));
user.setPassword("12345689");
user.save(null,{useMasterKey:true}).then(console.log,console.log);
},console.log);

I get { code: 101, message: 'Object not found.' }

I can query this user, but cannot setPassword with masterKey.
Changing other field is work as expected.
This code is work on the original API server (host on Parse).

My api server log with VERBOSE=1

PUT /parse/classes/User/userId { 'user-agent': 'node-XMLHttpRequest, Parse/js1.7.0 (NodeJS 4.2.4)',
accept: '/_',
'content-type': 'text/plain',
host: 'myhostxxx:1337',
'content-length': '175',
connection: 'close' } {
"password": "12345689"
}
error: ParseError { code: 101, message: 'Object not found.' }

[srinivasagopalan]

I get the same error as well

[sdf611097]

Once change password, it will clear all sessions. If no session found, will get object not found.
If login first, and then change password seems work.

Can I use legacy token and without any _Session?

[flovilmart]

@drew-gross trouble shooter, see the related PR, seems that the use case is actually not failing.

[drew-gross]

That PR doesn't use user.setPassword with master key so I don't think it's the issue seen by @srinivasagopalan and @sdf611097. Could you two look at that PR and see if it's close to what you are trying to do?

[flovilmart]

set("password", pass) is different from setPassword(pass) in the client SDK?

[flovilmart]

@drew-gross updated with setPassword(password)  to match

var query = new Parse.Query(Parse.User);
query.equalTo("email", "myEmail");
query.first().then(function(user){
   console.log(user.get('name'));
   user.setPassword("12345689");
   user.save(null,{useMasterKey:true}).then(console.log,console.log);
},console.log);

still not failing...

[sdf611097]

@flovilmart PR 476 will avoid it failed.
@drew-gross
We are trying to do is changing password, and it is different to modify other field.
Password is special, and I found that failed by clear no _Session.
I have PR 476 and it have been merged.
All I want to do is setting random password for user, and user use it to login.
Before setting password, the _Session may not exist.

BTW.
The original purpose is use masterKey to get session token, and then pass to client.
Client use that token with ParseUser.become to login.
It is failed. I think it is due to API server required revocable session, but myApp does not use that.
So I try to use a random password with it account instead legacy token functionality.
(MyApp use my custom 3rd login, password is saved on other place. My cloud function just verify it and let user login with ParseUser)

[flovilmart]

OK I'm closing the PR as the troubleshoot really don't get us anywhere near the problem.

[drew-gross]

This does sound like an issue caused by not having revocable sessions in your original parse app. Parse Server currently doesn't support old-style sessions. We would welcome any PRs that help work around that problem, though.