I'm having an issue when running a function in Cloud Code. It is supposed to check the existence of an object and, if it does exist, create a new user:
Parse.Cloud.define("createUser", function(request, response) {
// Query the existing company by id
var query = new Parse.Query(Parse.Object.extend("Company"));
query.equalTo("objectId", request.params.company.existing.id);
query.find().then(function(result){
var user = new Parse.User();
user.set("username", request.params.username);
user.set("password", request.params.username);
user.set("email", request.params.email);
user.set("permissions", ["User"]);
var company = result[0];
user.signUp(null, {
success: function(user){
// Asign company ACL for User write permission
var cACL = company.getACL();
cACL.setWriteAccess(user.id, true);
company.setACL(cACL);
// Save company
company.save();
console.log(company);
// Establish user-company relationship
var cRelation = user.relation("associated");
cRelation.add(company);
// Save user
user.save();
console.log(user);
// Finish
response.success(user);
},
error: function(user, error){
response.error(JSON.stringify({code: -8000, message: "User creation failed"}));
}
});
}, function(error){
response.error(JSON.stringify({code: -8001, message: "Invalid company"}));
});
});
I first query Parse for the existence of said object. If it does exist I create a new user with the parameters received. In the completion block of the user creation I assign the proper ACLs (to the company object) and later on save them. That's when I encounter the first issue: the ACLs are not saved (checked in the dashboard). I console.log the company for debugging purposes and it shows the ACLs are correctly set. So I assume it must be a saving problem.
NOTE: The user is created, but whatever I try to do later doesn't work.
Later on I add this object to a relationship previously defined in the dashboard, but I have the same problem with that: the relationship does not come up in the dashboard, even though when I console.log the object it shows that the relationship was properly set.
I'm lost here. I don't understand why this isn't working and I've read tons of online documentation and still can't find the answer.
Okay, after a day of work I finally found out my problem. I had ACLs set everywhere and I had no privilege for saving the objects I was trying to save. So saving was indeed failing.
I should note that if you are having the same problem I did, you can easily solve it using the Master Key. To do so, you need to call Parse.Cloud.useMasterKey() before executing any requests that must be authenticated.
This only works in Cloud Code, and you should definitely know what you are doing when you use the Master Key because it basically gives read and write privileges to anyone, everywhere, for everything. So make sure your logic is flawless because you might get big security problems if it's not used wisely. As Uncle Ben said: With great power comes great responsibility.
Hope this helps someone.
Related
I have 5 users, they all look the same in Office 365 (from what I can see anyway) and have Teams Exploratory licences. I am able to create online meetings (OnlineMeetingProvider="teamsForBusiness" and IsOnlineMeeting=true) for 2 of them. For the other 3 users it doesn't error but doesn't create an online meeting (creates an event?), the response OnlineMeetingProvider is "unknown" and the OnlineMeeting is null. It is the same code so has to be a setting somewhere (all i do is change the id of the user).
The code used to create the request:
// Create client
var graphServiceClient = CreateGraphClient();
// Build event
var newEvent = new Event()
{
Subject = subject,
Body = new ItemBody() { ContentType = BodyType.Text, Content = body },
Start = startDate,
End = endDate,
IsOnlineMeeting = true,
Attendees = attendees == null ? null : GetAttendees(attendees),
OnlineMeetingProvider = OnlineMeetingProviderType.TeamsForBusiness
};
The erroneous response:
Anyone have any idea what is going on?
Had the same problem, I had to add these permissions to the app I was using to create the meeting events:
TeamSettings.Read.All, TeamSettings.ReadWrite.All
As soon as I added them, isOnlineMeeting was correctly set to true, and onlineMeetingProvider was set to teamsForBusiness, as specified in the request.
onlineMeetingUrl is always null, but it's possible to get the meeting url from the "onlineMeeting.joinUrl" property, which is automatically populated by the API.
UPDATE:
As #lokusking pointed out, even if this is correct, it looks like it does not completely solve the problem. According to my tests, creating a Team event for a new user and getting isOnlineMeeting=true and onlineMeeting properly populated in the response will work only a couple of hours after the user account is created. Note that even with a fresh user the event IS created, just those properties won't contain the right values.
You can change an existing event to make it available as an online meeting, by setting isOnlineMeeting to true, and onlineMeetingProvider to one of the online meeting providers supported by the parent calendar. The response includes the updated event with the corresponding online meeting information specified in the onlineMeeting property.
https://learn.microsoft.com/en-us/graph/outlook-calendar-online-meetings?tabs=http#example-update-a-meeting-to-make-it-available-as-an-online-meeting
I am currently in the process of migrating all user accounts of my parse-server backend to a 3rd-party SSO provider. The provider allows me to import users with pre-hashed passwords, allowing me to do the transition without needing the users to sign-in to finish the migration process.
I have been having issues trying to obtain the hashed password from the ParseUser object. I can see it in the MongoDB (the _hashed_password field), however I have been unable to extract the password field from the queried object.
I obtain the ParseUser object via the following query (simplified, removed async/await)
const query = new Parse.Query(Parse.User)
query.find({useMasterKey: true}).then(users => {
users.forEach(user => {
// obtain password here + do migration
})
});
I have attempted to get the password via
user.getPassword()
user.get("password")
user.get("_hashed_password")
query.select(["_hashed_password", "password"]).find({useMasterKey: true}).then(...)
The getPassword() function does not exist, but I wanted to try it anyway. the get("password") and get("_hashed_password) returns undefined.
The query.select(...) returns the entire user (except the password), even though I thought it would return either the password or an empty object.
My question is: How can I programatically get the hashed password of a user on the parse platform?
Currently for debugging purposes I am developing this migration as a cloud function. Once I have it working I was planning to move it as a job. I believe this should have no effect on the way the code works, but am leaving this note here just in case anyway.
Thanks in advance for your help.
Thanks to Davi Macêdo, I figured it out.
One has to use aggregate query, however the field _hashed_password gets filtered out by Parse even in aggregate queries, so we need to compute additional field based on the _hashed_password. The following code works:
new Parse.Query(Parse.User).aggregate({
"project": {
"myPassword": "$_hashed_password"
}
})
This is an issue where parse-server behaves differently from Parse.com.
I have anonymous users in my app, and when using ParseUser.signUp (Android SDK) there's an important difference between parse-server and Parse.com. Parse.com would first check for username conflicts, and if there is one, the beforeSave function wouldn't even be called. This allowed me to make some assumptions in the beforeSave code.
Now in parse-server, the beforeSave is always called, and only after I response.success() does it fail to save it.
The problem is that there is some code that shouldn't happen if the internal signUp fails (e.g. duplicate username) but happens anyway since I assume that if beforeSave is called, the username is unique. My solution was to do the check myself via a ParseQuery on the username, but now there's another issue - how do I differentiate between an anonymous user and a new user?
In my app, every new user is automatically saved as an anonymous user. For an anonymous user, there's some things you can't do (change username for example). Now after a while, when he wants to sign up, he enters a username, and in the beforeSave I can't tell if he is trying to change only the username, or is he signing up? If he is trying to sign up, I should allow him to set the username, but if he is just trying to change his username, then I'm suppose to reject the change.
So to summarize: How can I tell in the User class beforeSave if signUp was called or a regular save?
Can you try using the .existed() function in your beforeSave?
Parse.Cloud.afterSave(Parse.User, function(request) {
if(!(request.object.existed())){
//Not sure what anonymous user would return here...
}
});
I couldn't find anything obvious in the documentation, but after analysing the request object of the beforeSave hook, I found a solution:
Verifying if the authData object contains the anonymous key tells us if an anonymous user is saved. Once signed up, authData is undefined:
var authData = request.object.get("authData");
if (authData != undefined && authData.anonymous != undefined) {
console.log("#### User is anonymous");
response.success(); // save and return
return;
}
To figure out if the user has just signed up, you'd compare if the email address was set (not changed but that it was undefined before). You do that by asking request.original for the email:
// object now has an email for the first time
if (request.object.get("email") != undefined &&
request.original.get("email") == undefined) {
console.log("#### User signed up");
…
}
I'm not sure what the recommended way is, but this seems to work to distinguish the anonymous user from the real, signed up user.
I want to hide posts in the feed that have a #joined hashtag. I tried to create a GreaseMonkey script with jQuery in the past, but it couldn't detect any posts that have the #joined text.
Am I using the wrong library? A starting point, or an existing library/plug-in would be helpful.
OFF-TOPIC: At the moment, Yammer does not have any feature to hide posts with a specific hashtag, although it has a feature to follow a hashtag.
I know that this is a pretty old question but I too was trying to create a Chrome based Add-on that hides these #joined posts (or any post with a specific hashtag). I came across this blog https://you.stonybrook.edu/thebaron/2014/10/06/hiding-joined-yammer-posts-in-chrome/ where the author of the post has shared his work (https://gist.github.com/thicknrich/e4cc2871462a6850fe8c). This is a simple javascript and does the job.
//Script from https://gist.github.com/thicknrich/e4cc2871462a6850fe8c
//load jQuery based on this SO Post:
//http://stackoverflow.com/questions/2246901/how-can-i-use-jquery-in-greasemonkey-scripts-in-google-chrome
// a function that loads jQuery and calls a callback function when jQuery has finished loading
function addJQuery(callback) {
var script = document.createElement("script");
script.setAttribute("src", "//ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js");
script.addEventListener('load', function() {
var script = document.createElement("script");
script.textContent = "window.jQ=jQuery.noConflict(true);(" + callback.toString() + ")();";
document.body.appendChild(script);
}, false);
document.body.appendChild(script);
}
// the guts of this userscript
function main() {
// Note, jQ replaces $ to avoid conflicts.
setInterval(function() {
//if a item thread contains #joined, hide it
//check every 5 second.
jQ('.yj-thread-list-item:contains("#joined")').css("display", "none");
}, 5000);
}
// load jQuery and execute the main function
addJQuery(main);
You can find all joined messages with the following endpoint, based upon the #joined topic:
GET https://www.yammer.com/api/v1/messages/about_topic/[:id].json
But you can only delete messsages that you own:
DELETE https://www.yammer.com/api/v1/messages/[:id]
Source: https://developer.yammer.com/restapi/
Note that this is a conscious decision by the product team, although joined messages can get spammy when a network becomes viral, it is a great opportunity to engage users right away once they join. It makes them feel welcome. As a community manager, I'd encourage you to welcome that user in and also encourage other yammer champions to welcome these users also. As a side effect, it also encourages people to follow the groups they are interested in and use the Top or Following feeds instead of the all (firehose) feed which has all these joined messages.
Just want to note that the statement in a reply here "But you can only delete messsages that you own" is not entirely correct it is possible to delete message that do not belong to you if you are a network admin. I just ran a little experiment after reading this post and deleting #joined messages that don't belong to me worked just fine.
My app requires facebook login, so it is supposed I have all facebook ids from my users. What I want to o in cloud code is a function that given a facebook id (a string), returns the user (or null if no exists). The problem I see is that it seems the facebook id is inside a json structure in the authData column, but I have no idea how to create a query to access to that information. I found this: https://www.parse.com/questions/how-to-get-the-facebook-id-of-an-pfuser-from-a-pfquery-in-ios but no idea about how to use it.
Can you help me with the function I want to create? Thanks in advance.
My comment on Eric's answer expresses my concerns around security, but the cloud-code BeforeSave() function to address my concerns really isn't difficult... for simple use-cases:
Parse.Cloud.beforeSave("MyObject", function(request, response) {
request.object.set("owner_facebook_id", request.user.get("authData").facebook.id);
response.success();
});
In your case, MyObject is the user class, and as long as no users can modify properties on another user object, than this will work pretty well.
However, for the app I was working on, we allowed any user to "like" an object, which incremented a "number_of_likes" property on the object. At that point, this became more tricky, because the user making that request was not, in fact, the owner of the object, so their Facebook_id properties wouldn't have matched.
The work-around was to try and detect whether or not the object had previously existed, and then just make sure the Facebook_id never changed after it was originally created.
We had to access the ORIGINAL object and make sure the newly-saving object had the same Facebook id... it was not exactly trivial, and that lookup actually counts against your request limit. This, combined with a few more edge-cases, caused us to ultimately abandon Parse for that project.
The problem with using authData is that you need a valid active session of that user (or use your master key) to access the data.
If you don't already have a large amount of users, I would recommend creating a new column in your User class that stores the Facebook ID so you can query for it later. That way, you could do something like:
var query = new Parse.Query("User");
query.equalTo("facebookId", request.params.facebookId);
query.find({
success: function(results) {
// do something with the resulting user at results[0], if found
},
error: function() {
response.error("lookup failed");
}
});