Cloud code 141 unauthorized even after setting useMasterKey:true

[itsbalamurali]

Issue Description

I Have the following cloud code which I am trying to execute without session token on android i am getting unauthorized even after setting useMasterKey as mentioned in docs. Am i missing something?

Parse.Cloud.define("sendotp", function (request, response) {
    var mobile_no = request.params.mobile_no;
    var Usr = new Parse.Query(Parse.User)
    Usr.equalTo("phone", mobile_no);
    Usr.first({ useMasterKey: true,
      success: function (usr) {
        // The object was retrieved successfully.
        if (usr.id != null) {
          Parse.Cloud.httpRequest({
              method: 'POST',
              headers: {
                'Content-Type': 'application/json;charset=utf-8',
                'application-Key': 'KEYREMOVED'
              },
              url: 'https://sendotp.msg91.com/api/generateOTP',
              body: {
                countryCode: "91",
                mobileNumber: mobile_no,
                getGeneratedOTP: true
              },
              sucess: function (httpResponse) {
                // success
                var otpres = JSON.parse(httpResponse.text);
                usr.set("newOTP", otpres.response.oneTimePassword);
                usr.save(null, { useMasterKey: true,
                    success: function (user) {
                        response.success('OTP Sent Successfully!')
                    },
                    error: function () {
                        response.error('Sending OTP Failed! Please try again!');
                    }
                });
              },
              error: function (httpResponse) {
                // error
                response.error('Sending OTP Failed! Please try again!');
              }
            });
        }
      },
      error: function (error) {
        response.error("No such user is found, kindly check your mobile no!");
      }
    });
});

Expected Results

{
  "message": "OTP Sent Successfully!"
}

Actual Outcome

{
  "code": 141,
  "error": "unauthorized"
}

Environment Setup

• Server

  • parse-server version : 2.3.6
  • parse node module version: 1.9.2
  • Operating System: Linux on Heroku
  • Hardware: Heroku
  • Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): Heroku

• Database

  • Hosted on: mLab

Logs/Trace

Heroku Logs

2017-03-11T21:38:30.762860+00:00 heroku[router]: at=info method=POST path="/api/functions/sendotp" host=******.herokuapp.com request_id=a22f5699-093f-4b15-a5fe-b121e0cf2ebe fwd="54.196.45.207" dyno=web.1 connect=0ms service=3ms status=403 bytes=466 protocol=https
2017-03-11T21:38:30.725571+00:00 app[web.1]: warn: Making outgoing webhook request without webhookKey being set!
2017-03-11T21:38:30.764286+00:00 app[web.1]: error: Failed running cloud function sendotp for user undefined with:
2017-03-11T21:38:30.764290+00:00 app[web.1]:   Input: {"mobile_no":"9908640059"}
2017-03-11T21:38:30.764292+00:00 app[web.1]:   Error: {"code":141,"message":"unauthorized"} functionName=sendotp, code=141, message=unauthorized, mobile_no=9908640059, user=undefined
2017-03-11T21:38:30.765000+00:00 app[web.1]: error: Error generating response. ParseError { code: 141, message: 'unauthorized' } code=141, message=unauthorized
2017-03-11T21:38:30.765999+00:00 app[web.1]: error: unauthorized code=141, message=unauthorized

[flovilmart]

In your code, you seem to handle all errors inside your cloud function

Can you make sure:

1. The function is actually run
2. What part of the code is actually yielding an error

Can you provide the parse-server logs when running with VERBOSE=1 ? That may help finding the issue.

[itsbalamurali]

@flovilmart

Here are the Logs after setting verbose=1

2017-03-14T07:40:02.886299+00:00 heroku[web.1]: Restarting
2017-03-14T07:40:02.887373+00:00 heroku[web.1]: State changed from up to starting
2017-03-14T07:40:03.578746+00:00 heroku[web.1]: Stopping all processes with SIGTERM
2017-03-14T07:40:03.706102+00:00 heroku[web.1]: Process exited with status 143
2017-03-14T07:40:06.973809+00:00 heroku[web.1]: Starting process with command `node ./index.js`
2017-03-14T07:40:09.868950+00:00 app[web.1]: API is running on port 32008.
2017-03-14T07:40:10.332227+00:00 heroku[web.1]: State changed from starting to up
2017-03-14T07:40:39.467890+00:00 heroku[router]: at=info method=POST path="/api/functions/sendotp" host=******.herokuapp.com request_id=5c256d32-36bf-45d9-b150-6aa209669eaf fwd="54.145.62.96" dyno=web.1 connect=0ms service=5ms status=403 bytes=466 protocol=https
2017-03-14T07:40:39.491347+00:00 heroku[router]: at=info method=POST path="/api/functions/sendotp" host=******.herokuapp.com request_id=29015a1e-d74b-4c4a-9ebb-92cd8a570e14 fwd="49.206.56.169" dyno=web.1 connect=1ms service=82ms status=400 bytes=563 protocol=https
2017-03-14T07:40:39.433493+00:00 app[web.1]: verbose: REQUEST for [POST] /api/functions/sendotp: {
2017-03-14T07:40:39.433503+00:00 app[web.1]:   "mobile_no": "9908640059"
2017-03-14T07:40:39.433511+00:00 app[web.1]: } method=POST, url=/api/functions/sendotp, host=*******.herokuapp.com, connection=close, origin=chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop, postman-token=09bf1b69-0522-2d0c-5607-b0b01034514f, cache-control=no-cache, x-parse-master-key=<REMOVED>, x-parse-application-id=<REMOVED>, user-agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36, content-type=text/plain;charset=UTF-8, accept=*/*, dnt=1, accept-encoding=gzip, deflate, br, accept-language=en-US,en;q=0.8,te;q=0.6,hi;q=0.4, x-request-id=29015a1e-d74b-4c4a-9ebb-92cd8a570e14, x-forwarded-for=49.206.56.169, x-forwarded-proto=https, x-forwarded-port=443, via=1.1 vegur, connect-time=1, x-request-start=1489477239406, total-route-time=0, content-length=29, mobile_no=9908640059
2017-03-14T07:40:39.435640+00:00 app[web.1]: warn: Making outgoing webhook request without webhookKey being set!
2017-03-14T07:40:39.478430+00:00 app[web.1]: error: Failed running cloud function sendotp for user undefined with:
2017-03-14T07:40:39.478433+00:00 app[web.1]:   Input: {"mobile_no":"9908640059"}
2017-03-14T07:40:39.478435+00:00 app[web.1]:   Error: {"code":141,"message":"unauthorized"} functionName=sendotp, code=141, message=unauthorized, mobile_no=9908640059, user=undefined
2017-03-14T07:40:39.482549+00:00 app[web.1]: error: Error generating response. ParseError { code: 141, message: 'unauthorized' } code=141, message=unauthorized
2017-03-14T07:40:39.485998+00:00 app[web.1]: error: unauthorized code=141, message=unauthorized

[flovilmart]

I can see the masterKey is set when you make the request to /api/functions/sendotp ? And that request originates from the client? You should remove the masterKey, it should NEVER be set on clients.

[itsbalamurali]

@flovilmart

No change in response even if I don't send master key from the client.

[flovilmart]

if I don't send master key from the client.

You should remove the masterKey from the clients, that's all.

Also you're using an external server for your web hooks right? If your cloud code is deployed with your parse-server you don't need to set those up. Are you able to create a simple function correctly? What kind of checks are you performing on the webhooks side? Are you using a module to wrap your Parse.Cloud.define ?

AFAICS, parse-server is creating the web hook request correctly, and your heroku server is 'responding' but I don't see any logs, so I'm not even sure your function is run.

[itsbalamurali]

Yeah actually deleting webhooks worked :) thank you.