In beforeSave, when creating a new object, dirty(:key) returns a different value than expected from dirtyKeys

[natanrolnik]

• You've met the prerequisites: https://github.com/ParsePlatform/parse-server/wiki/Parse-Server-Guide#prerequisites.
• You're running the latest version of Parse Server: https://github.com/ParsePlatform/parse-server/releases
• You've searched through existing issues: https://github.com/ParsePlatform/Parse-Server/issues?utf8=%E2%9C%93&q=is%3Aissue Chances are that your issue has been reported or resolved before.

Environment Setup

• Server: 2.2.10 running on Dokku on AWS
• Database: Remote, Mongo 3.0, also on AWS

Steps to reproduce

• Setup a beforeSave hook for some class, let's say Event;
• Create/Save an object, without setting the properties foo and otherKey with no changes, but setting a third one, thirdKey for example, to some value.
• Add the following code sample:

Code sample

Parse.Cloud.beforeSave("Event", function(request, response)  {

  var event = request.object;
  console.log(event.dirtyKeys());

  if(!request.master) {
    var protectedKeys = ["foo", "otherKey"]; //only masterKey can change the protectedKeys
    for (i = 0; i < protectedKeys.length; i++) {
      var key = protectedKeys[i];
      if (event.dirty(key)) {
        response.error("External users are not authorized to change the key '" + key + "'. It's value is: (" + event.get(key) + "). Dirty keys are: " + event.dirtyKeys());
        return;
      }
    }
  }
});

Result

This same code works totally fine in the hosted Parse.com Cloud Code.
Unfortunately, event.dirty('foo') returns true, while dirtyKeys() does not contain the property 'foo'. I show an alert in my app when this error happens, and we can see the error:

Mentioning @nlutsenko as he worked on dirtyKeys and beforeSave on #614 and @drew-gross on beforeSave on #1884

[natanrolnik]

Confirmed also in 2.2.11

[drew-gross]

I just tried this function in Parse.com cloud code:

Parse.Cloud.beforeSave('DirtyTest', function(request, response) {
  console.log('Protected key is dirty: ' + request.object.dirty('protectedKey'));
  console.log('Dirty keys: ' + request.object.dirtyKeys());
  response.success();
});

triggered using this cURL:

curl -X POST \
 -H "X-Parse-Application-Id: my-id" \
 -H "X-Parse-REST-API-Key: my-key" \
 -H "Content-Type: application/json" \
 -d '{"shouldBeString":7}' \
 https://api.parse.com/1/classes/DirtyTest

and this is the results:

I2016-06-02T04:57:38.276Z] - Dirty keys: nonProtectedKey
I2016-06-02T04:57:38.275Z] - Protected key is dirty: true

Could you provide more complete reproduction steps? The beforeSave, and a cURL request (or series of cURL requests) should be sufficient to repro the problem.

[natanrolnik]

So with the help of @drew-gross I figured out what was the reason.

My Parse.com Cloud Code was running the version 1.2.19 of the Parse JS SDK. At some point, in the dirty(key) method, this change was introduced, and for new objects being saved, any key passed to the dirty(key) method will return true, even though the key wasn't defined at all.