Writing a Parse Cloud Function (which uses Parse Javascript SDK) and I am having trouble checking to see if the current user has role "Admin". I'm looking at the web view of the Role class and a role with the name "Admin" exists, if I click "View Relations" for users, it shows the current user. I doubt it should matter, but "Admin" is the only role and the current user is the only user with a role. Lastly, the "Admin" role has an ACL of Public Read, so that shouldn't be causing any issues either.
Code is as follows:
...
var queryRole = new Parse.Query(Parse.Role);
queryRole.equalTo('name', 'Admin');
queryRole.equalTo("users", Parse.User.current());
queryRole.first({
success: function(result) { // Role Object
var role = result;
role ? authorized = true : console.log('Shiet, user not Admin');
},
error: function(error) {
console.log("Bruh, queryRole error");
}
})
console.log('After test: Auth = ' + authorized);
if (!authorized) {
response.error("You ain't no admin, measly user");
return;
}
...
This results in the following in the log:
Before test: Auth = false
After test: Auth = false
Give this a shot:
var authorized = false;
console.log('Before test: Auth = ' + authorized);
var queryRole = new Parse.Query(Parse.Role);
queryRole.equalTo('name', 'Admin');
queryRole.first({
success: function(result) { // Role Object
console.log("Okay, that's a start... in success 1 with results: " + result);
var role = result;
var adminRelation = new Parse.Relation(role, 'users');
var queryAdmins = adminRelation.query();
queryAdmins.equalTo('objectId', Parse.User.current().id);
queryAdmins.first({
success: function(result) { // User Object
var user = result;
user ? authorized = true : console.log('Shiet, user not Admin');
}
});
},
error: function(error) {
console.log("Bruh, can't find the Admin role");
}
}).then(function() {
console.log('After test: Auth = ' + authorized);
});
I got a simpler solution, give this a try:
var adminRoleQuery = new Parse.Query(Parse.Role);
adminRoleQuery.equalTo('name', 'admin');
adminRoleQuery.equalTo('users', req.user);
return adminRoleQuery.first().then(function(adminRole) {
if (!adminRole) {
throw new Error('Not an admin');
}
});
For those of you looking for a Parse Server (2018) answer, see below:
Parse.Cloud.define('authorizedUserTest', function(request, response) {
if(!request.params.username){
//response.error('no username');
response.error(request.params);
}
var queryRole = new Parse.Query(Parse.Role);
queryRole.equalTo('name','Admin');
queryRole.first({ useMasterKey: true }).then(function(promise){
var role = promise;
var relation = new Parse.Relation(role, 'users');
var admins = relation.query();
admins.equalTo('username', request.user.get('username'));
admins.first({ useMasterKey: true }).then(function(user){
if(user){
response.success(true)
}
else {
response.success(false)
}
}, function(err){
response.error('User is not an admin')
})
}, function(err){
response.error(err)
})
});
request.params is equal to a dictionary {"username":inputUsernameHere}.
Feel free to comment if you have questions.
Related
My Parse cloud code is not responding with an error or success. It just times out, I don't know what I'm doing wrong. It should save multiple values in different tables, and finish with sending a push message to a user.
The push message and user table are adjusted and send, but the street and the ledger objects are not being saved correctly. Also the response is not being called.
I did work in the past (or I was just lucky). Any thought on what I'm doing wrong?
var buyerId = request.params.buyerid;
var sellerName = request.params.sellername;
var streetId = request.params.streetid;
var amount = request.params.amount;
var pushMessageTemplate = request.params.pushMessage;
var log = request ? request.log : console;
var Streets = Parse.Object.extend('SHStreets');
var streetQuery = new Parse.Query(Streets);
streetQuery.equalTo("objectId", streetId);
streetQuery.first({
useMasterKey: true,
success: function (street) {
var streetName = street.get("name");
var query = new Parse.Query(Parse.User);
query.equalTo("objectId", buyerId);
query.first({
useMasterKey: true,
success: function (user) {
var promises = [];
var now = new Date();
var buyerName = user.get("username");
// Set and save the change
user.set("balance", user.get("balance") - amount);
user.set("streets", user.get("streets") + 1);
street.set("current_owner", user);
street.set("owned_since", now);
street.set("for_sale", false);
street.set("price_bought", amount);
var acl = new Parse.ACL();
acl.setPublicReadAccess(true);
acl.setWriteAccess(user, true);
street.setACL(acl);
//update ledger
var Ledger = Parse.Object.extend("Ledger");
var ledger = new Ledger();
ledger.set("type", "buy");
ledger.set("amount", amount);
ledger.set('ledger_time', now);
ledger.set("user", user);
ledger.set("description", "x");
promises.push(Parse.Object.saveAll([street, user, ledger], { useMasterKey: true }));
// Find users with a given email
var userQuery = new Parse.Query(Parse.User);
userQuery.equalTo("objectId", user.id);
var pushQuery = new Parse.Query(Parse.Installation);
pushQuery.exists("user"); // filter out installations without users
pushQuery.include('user'); // expand the user pointer
pushQuery.matchesQuery("user", userQuery);
// Send push notification to query
promises.push(Parse.Push.send({
where: pushQuery, // Set our installation query
data: {
alert: _.template(pushMessageTemplate)({
sellername: sellerName,
streetname: streetName,
amount: amount
})
}
}, {
useMasterKey: true,
}));
return Parse.Promise.when(promises).then(function () {
response.success("success");
});
},
error: function (error) {
log.error('buy-street error', error.message);
response.error("Uh oh, buy request success failed." + error.message);
}
});
},
error: function (error) {
log.error('buy-street error', error.message);
response.error("Uh oh, buy request success failed." + error.message);
}
});
It looks like your first query's success function doesn't return anything:
streetQuery.first({
useMasterKey: true,
success: function (street) { // this function doesn't return anything
// ...
query.first({ // You probably want to return this promise
useMasterKey: true,
success: function (user) { // this is the function that you're returning to
// ...
return Parse.Promise.when(promises).then(function () {
response.success("success");
});
},
});
}
});
Javascript will return undefined by default if you don't have a return statement.
I was missing a function error for the return of the promises.
return Parse.Promise.when(promises).then(function () {
// Set the job's sucess status
response.success('success');
},function(error) {
response.error(error);
});
I want to create API that allow other app to insert(create) new data. But so far I tried, this not work with error message "User id is required", I know that happen because no login user found when insert new data. Is it possible to insert new data without login or any possible way to login from server side if using accounts-password's package or any possible way to make this work?
code on server
Picker.route('/createFood/:title', function(params, req, res, next) {
console.log('-> params : ',params);
let username = (new Date()).getTime().toString();
function createFood() {
Fiber(function() {
console.log("-> username : ",username);
let acc = Accounts.createUser({
username: username,
email: username +'#foodie.com',
password: username
});
if (acc) {
console.log("-> acc : ",acc);
// Meteor.call("setUserId", acc);
Menus.insert({
title: params.title,
}, function(err, foodId) {
console.log("-> abs : ",Meteor.absoluteUrl());
console.log("-> err : ",err.message);
console.log("-> foodId : ",foodId);
let code, result;
if (err) {
code = 500;
result = {
error: err.message
}
} else {
code = 200;
result = {
foodId: foodId,
}
}
res.setHeader( 'Content-Type', 'application/json' );
res.statusCode = code;
res.end( JSON.stringify( result ) );
})
}
}).run();
}
if (params.title)
createFood();
});
code food model, there is userId owner here
if (Meteor.isServer) {
Menus.allow({
insert: function() {
return true;
},
update: function() {
return true;
},
remove: function() {
return true;
},
fetch: ['foodId'],
});
Menus.after.insert((userId, doc) => {
....
})
}
There is no reason why you can't insert to the database without logging in. You don't even have to include the accounts package if you don't want to .
Your current code doesn't insert unless a user is present, you can simplify it to this...
function createFood() {
Menus.insert({
title: params.title,
I tried setting up cloud code on my new parse server (on AWS EB) to send push notifications with the following code:
Parse.Cloud.define("sendPush", function(request, response) {
var currentUser = request.user;
var recipient = request.params.recipient;
if (!currentUser) {
response.error("Must be logged in.");
return;
}
if (!recipient) {
response.error("Must specify recipient.");
return;
}
var userQuery = new Parse.Query(Parse.User);
userQuery.equalTo('objectId', recipient);
response.success(userQuery.get('name'))
var pushQuery = new Parse.Query(Parse.Installation);
pushQuery.matchesQuery('user', userQuery);
Parse.Push.send({
where: pushQuery,
data: {
alert: "Hello, World",
badge: "Increment"
}
}, {
success: function() {
response.success("Push sent to " + recipient + " from " + request.user.get("username"));
},
error: function(error) {
response.error('Not working')
}
});
});
It doesn't return back an error but the notification doesn't go through either. Instead, I get the following error:
Optional({
"_rejected" = 0;
"_rejectedCallbacks" = (
);
"_resolved" = 0;
"_resolvedCallbacks" = (
);
})
Any idea why this is happening?
EDIT
I decided to change the code to see if the function is even retrieving results, but looks like it doesn't. Here's the new code:
Parse.Cloud.define("sendPush", function(request, response) {
var currentUser = request.user;
var recipient = request.params.recipient;
if (!currentUser) {
response.error("Must be logged in.");
return;
}
if (!recipient) {
response.error("Must specify recipient.");
return;
}
var userQuery = new Parse.Query(Parse.User);
userQuery.equalTo('objectId', recipient);
userQuery.find
({
success: function(results)
{
if (results.length > 0)
{
var objectId = results[0].id;
var gate = results[0].get("name");
response.success(JSON.stringify(results[0]));
}
else
{
response.error("wont work");
};
}
})
});
and get the following error:
Optional(Error Domain=NSCocoaErrorDomain Code=3840 "The operation couldn’t be completed. (Cocoa error 3840.)" (No value.) UserInfo=0x7ff163c587d0 {NSDebugDescription=No value.})
I'm having quite a hard time understanding how to chain promises. I'm writing login function for my app, leverating Loopback's Angular SDK. The objective, upon validating a user's credentials, is to confirm that the user's account is active, then fetch some additional properties including the user's role and set a flag to true if the user has admin privileges.
Here's my code...
$scope.login = function (user) {
User.login(user).$promise.then(
function (data) {
$rootScope.activeUser = data;
$rootScope.user_id = $rootScope.activeUser.user.username;
console.log('Active User: ', $rootScope.activeUser.user.email);
console.log('Status: ', $rootScope.activeUser.user.status);
if ($rootScope.activeUser.user.status === 'Y') {
$scope.loginError = false;
function checkAdmin(eid) {
Se_user.findById({
id: eid
}).$promise.then(
function (data1) {
var user_properties = data1;
if (user_properties.role === 'Admin') {
$rootScope.isAdmin = true;
console.log('isAdminInside: ', $rootScope.isAdmin);
return true;
} else {
//$rootScope.isAdmin = false;
return false;
}
});
};
var isAdmin = checkAdmin($rootScope.user_id);
console.log('isAdminOutside: ', $rootScope.isAdmin);
$state.go('home');
} else {
$scope.loginError = true;
$scope.loginErrorMessage = "Your account has been disabled. Please contact BMT Support for assistance";
}
},
function (err) {
console.log('Error: ', err)
$scope.loginError = true;
$scope.loginErrorMessage = "You've entered an invalid User ID or Password. Please try again.";
});
};
I've been troubleshooting by writing to the console, here's a sample of the output...
Active User: user#email.com
Status: Y
isAdminOutside: undefined
isAdminInside: true
How should I restructure so that the result of checkAdmin is properly returned after a successful login of an active user?
Try changing this part of code :
function checkAdmin(eid) {
return Se_user.findById({
id: eid
}).$promise.then(
function(data1) {
var user_properties = data1;
if (user_properties.role === 'Admin') {
$rootScope.isAdmin = true;
console.log('isAdminInside: ', $rootScope.isAdmin);
return true;
} else {
//$rootScope.isAdmin = false;
return false;
}
});
};
var isAdmin = checkAdmin($rootScope.user_id)
.then(function(val) {
console.log('isAdminOutside: ', val);
$state.go('home');
});
I'm using NodeJS, with bcrypt-nodejs (https://github.com/shaneGirish/bcrypt-nodejs) and Bluebird for promises. Came up with this code and been wondering if there is better way to do the same thing. I have module with:
var Promise = require("bluebird"),
bcrypt = Promise.promisifyAll(require('bcrypt-nodejs'));
// ....[some othe code here]
Users.prototype.setPassword = function(user) {
return bcrypt.genSaltAsync(10).then(function(result) {
return bcrypt.hashAsync(user.password, result);
});
};
then from another module I call users.setPassword as below:
app.post('/api/v1/users/set-password', function(req, res, next) {
users.setPassword(req.body).then(function(result) {
// Store hash in your password DB.
console.log(result[1]);
res.json({
success: true
})
})
.catch(function(err) {
console.log(err);
});
});
It always ends up with "[Error: No callback function was given.]" message as bcrypt.hashAsync seems to require 4 parameters. Original, non-promisified hash method requires 3 only though. When I add empty callback to hashAsync, it works fine:
Users.prototype.setPassword = function(user) {
return bcrypt.genSaltAsync(10).then(function(result) {
return bcrypt.hashAsync(user.password, result,function() {});
});
};
Is there any better way to do this, without providing empty callback as above?
EDIT:
In response to Bergi's comment.. the function will set password eventually, I just didn't get that far when posted the question. Now got this far, please let me know if something is not quite right though:
Users.prototype.setPassword = function(user) {
return bcrypt.genSaltAsync(10).then(function(result) {
return bcrypt.hashAsync(user.password, result, null);
})
.then(function(result) {
// store in database
console.log("stored in database!");
return result;
});
};
bcrypt.hashAsync seems to require 4 parameters. Original, non-promisified hash method requires 3 only though.
It's the other way round rather. From the docs:
hash(data, salt, progress, cb)
data - [REQUIRED] - the data to be encrypted.
salt - [REQUIRED] - the salt to be used to hash the password.
progress - a callback to be called during the hash calculation to signify progress
callback - [REQUIRED] - a callback to be fired once the data has been encrypted.
The original method took 4 arguments, hashAsync will take 3 and return a promise.
However, in your code you were only passing two. You don't need to pass an empty function though, that the parameter is not [REQUIRED] means you can pass null (or any other falsy value) for it. bcrypt will create such an empty function itself. So use
function (data) {
return bcrypt.genSaltAsync(10).then(function(result) {
return bcrypt.hashAsync(data.password, result, null);
});
}
This is my promisified bcrypt from a project I did a while back. Bluebird isn't really necessary for such a small, simple library.
module.exports = {
makeUser: function(username, password){
return new Promise(function(resolve, reject) {
bcrypt.genSalt(10, function(err, salt){
bcrypt.hash(password, salt, null, function(err, hash) {
if (err) {
console.log("hashing the password failed, see user.js " + err);
reject(err);
}
else {
console.log("hash was successful.");
resolve(hash);
}
})
})
})
.then(function(hash){
return db.createUser(username, hash)
})
},
login: function(username, password){
return db.userFind(username)
.then(function(userObj){
if(!userObj){
console.log("did not find " + username + " in database.");
return new Promise(function(resolve, reject){
resolve({login:false, message:"Your username and/or password are incorrect."})
}
}
else {
console.log("found user: " + userObj._id, userObj);
return new Promise(function(resolve, reject){
bcrypt.compare(password, userObj.hashword, function(err, bool) {
resolve({bool:bool,
user:userObj._id,
mindSeal: userObj
})
})
})
}
})
}
}
Example Usage:
app.post('/signup', function(req, res) {
var username = req.body.username;
var password = req.body.password;
var user = handler.userExists(username)
.then(function(answer){
if (answer !== null){
console.log(req.body.username + " was taken")
res.send({login: false, message: req.body.username + " is taken"});
return null;
} else if (answer === null) {
console.log("username not taken")
return handler.makeUser(username, password);
}
})
.catch(function(err){
console.log("error during user lookup:", err);
res.status(404).send({message:"database error:", error:err});
})
if (user !== null){
user
.then(function(x){
console.log("this is returned from handler.makeUser: ", x)
console.log(x.ops[0]._id)
req.session.user = x.ops[0]._id;
var mindSeal = {
userSettings: {
username: x.ops[0]._id,
newCardLimit: null,
tValDefault: 128000000,
lastEdit: req.body.time,
todayCounter: 0,
allTimeCounter: 0,
cScaleDefault: {0: 0.9, 1: 1.2, 2: 1.8, 3: 2.5},
accountMade: req.body.time
},
decks: {}
};
handler.setMindSeal(req.session.user, mindSeal, req.body.time);
res.send({
login: true,
mindSeal: mindSeal
});
})
.catch(function(error){
console.log("make user error: " + error);
res.status(401).send({message:"failed.",error:error,login:false});
})
}
});
app.post('/login', function(req, res) {
var username = req.body.username;
var password = req.body.password;
handler.login(username, password)
.then(function(obj){
if (obj.bool){
console.log("username and password are valid. login granted.");
req.session.user = obj.user;
console.log("obj is:", obj)
var mindSeal = {decks:obj.mindSeal.decks, userSettings:obj.mindSeal.userSettings};
console.log("mindSeal sending:", mindSeal);
res.status(200).send({
login: true,
message:"Login Successful",
mindSeal: obj.mindSeal
});
}
else {
console.log("password invalid")
res.status(401).send({login: false, message:"Your username and/or password are incorrect."})
}
})
.catch(function(error){
console.log(error);
res.status(404).send({message:"database error:", error:err});
})
});
conceptual example only; borrowed and slightly modified some old code of mine on the fly. Working code (I see things I'd like to improve in it now, but it works) here: https://github.com/finetype/mindseal/blob/master/server.js
Maybe you could use another bcrypt library, with a better API which removes the need for promises.
Users.prototype.setPassword = function(user) {
return TwinBcrypt.hashSync(user.password, 10);
};
Or, with progress tracking :
Users.prototype.setPassword = function(user) {
function progress(p) {
console.log( Math.floor(p*100) + '%' );
}
TwinBcrypt.hash(user.password, 10, progress, function(result) {
// store in database
console.log("stored in database!");
return result;
});
};