Live Query not firing any event under User ACL

[yanuarizalk]

New Issue Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.
• I can reproduce the issue with the latest version of Parse Server.

Issue Description

Live Query not firing any event under ACL permission of Specified user, even though the authenticated one is granted.
It can only fired if the object has ACL permission set to public read.
I've tried to use Javascript SDK & Flutter SDK, and the outcome is still same, so i thought the issue is belong here.
Flutter SDK test

Steps to reproduce

Client JS

var Parse = require('parse')
Parse.serverURL = "http://localhost:1337/parse"
Parse.initialize('app', 'forasgalarond')

const lq = new Parse.LiveQueryClient({
    applicationId: 'app',
    serverURL: 'ws://localhost:1337/parse',
    javascriptKey: 'forasgalarond',
})
lq.open()

const user = await Parse.User.logIn('lord_rizael1', 'iErbc03MhNhmONaYxFJH', {
    error: (exc) => {
        console.log('exc', exc)
    },
    success: (data) => console.log('login', data)
})
console.log('user', user.getSessionToken())

const query = new Parse.Query('Chat')
query.equalTo('objectId', 'Wy3Q1ETktu')
console.log('query result', (await query.find()).length)

const subscription = await lq.subscribe(query, user.getSessionToken())

subscription.on('update', (obj) => 
    console.log('on update', obj)
)
subscription.on('create', (obj) => 
    console.log('on create', obj)
)
subscription.on('enter', (obj) => 
    console.log('on enter', obj)
)
subscription.on('leave', (obj) => 
    console.log('on leave', obj)
)
subscription.on('delete', (obj) => 
    console.log('on delete', obj)
)
subscription.on('close', (obj) => 
    console.log('on close', obj)
)

Actual Outcome

No logged event.

Expected Outcome

Fired event get logged.

Failing Test Case / Pull Request

• 🤩 I submitted a PR with a fix and a test case.
• 🧐 I submitted a PR with a failing test case.

Environment

Server

• Parse Server version: 4.5.0+
• Operating system: Docker based
• Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): Local

Database

• System (MongoDB or Postgres): MongoDB (Percona)
• Database version: 4.0.23
• Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): Local

Client JS

• SDK (iOS, Android, JavaScript, PHP, Unity, etc): Javascript
• SDK version: 3.1.0

Client Flutter

• SDK (iOS, Android, JavaScript, PHP, Unity, etc): Flutter
• SDK version: 2.1.0

Variable

• PARSE_SERVER_APPLICATION_ID=app
• PARSE_SERVER_HOST=172.20.1.7
• PARSE_SERVER_PORT=1337
• PARSE_SERVER_MASTER_KEY=fleshoilmargarine
• PARSE_SERVER_JAVASCRIPT_KEY=forasgalarond
• PARSE_SERVER_DATABASE_URI=mongodb://172.20.1.8
• PARSE_SERVER_REST_API_KEY=onedoesnotsimply
• PARSE_SERVER_CLIENT_KEY=mordorwalker

Logs

Client

user token r:0ad6b47fd4664a25d2263615b986afca
query result 1

Server

parse | verbose: Current clients 0
parse | verbose: Current subscriptions 0
parse | verbose: Request: {"op":"connect","applicationId":"app","javascriptKey":"forasgalarond"}
parse | info: Create new client: 5005b69a-35a0-4f90-bd32-8ecc7ec0ccc9
parse | verbose: Push Response : "{"op":"connected","clientId":"5005b69a-35a0-4f90-bd32-8ecc7ec0ccc9"}"
parse | verbose: REQUEST for [POST] /parse/login: {
parse | "username": "lord_rizael1",
parse | "password": "********"
parse | } {"method":"POST","url":"/parse/login","headers":{"host":"localhost:1337","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:81.0) Gecko/20100101 Firefox/81.0","accept":"/","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"text/plain","content-length":"260","origin":"http://localhost:3000","connection":"keep-alive","referer":"http://localhost:3000/","pragma":"no-cache","cache-control":"no-cache"},"body":{"username":"lord_rizael1","password":"********"}}
parse | verbose: RESPONSE from [POST] /parse/login: {
parse | "response": {
parse | "objectId": "0928Lax1jO",
parse | "username": "lord_rizael1",
parse | "email": "rizal@rekadigi.id",
parse | "createdAt": "2021-03-24T11:08:54.388Z",
parse | "updatedAt": "2021-03-24T11:08:54.618Z",
parse | "personalId": "Wy3Q1ETktu",
parse | "ACL": {
parse | "0928Lax1jO": {
parse | "read": true,
parse | "write": true
parse | }
parse | },
parse | "sessionToken": "r:cfab75144e6e6ecff45a61ea4b8edc64"
parse | }
parse | } {"result":{"response":{"objectId":"0928Lax1jO","username":"lord_rizael1","email":"rizal@rekadigi.id","createdAt":"2021-03-24T11:08:54.388Z","updatedAt":"2021-03-24T11:08:54.618Z","personalId":"Wy3Q1ETktu","ACL":{"0928Lax1jO":{"read":true,"write":true}},"sessionToken":"r:cfab75144e6e6ecff45a61ea4b8edc64"}}}
parse | verbose: REQUEST for [GET] /parse/classes/Chat: {
parse | "where": {
parse | "objectId": "Wy3Q1ETktu"
parse | }
parse | } {"method":"GET","url":"/parse/classes/Chat","headers":{"host":"localhost:1337","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:81.0) Gecko/20100101 Firefox/81.0","accept":"/","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"text/plain","content-length":"250","origin":"http://localhost:3000","connection":"keep-alive","referer":"http://localhost:3000/","pragma":"no-cache","cache-control":"no-cache"},"body":{"where":{"objectId":"Wy3Q1ETktu"}}}
parse | verbose: RESPONSE from [GET] /parse/classes/Chat: {
parse | "response": {
parse | "results": [
parse | {
parse | "objectId": "Wy3Q1ETktu",
parse | "u": "0928Lax1jO",
parse | "ls": {
parse | "__type": "Date",
parse | "iso": "2021-03-24T18:08:54.557Z"
parse | },
parse | "s": {},
parse | "r": {},
parse | "createdAt": "2021-03-24T11:08:54.561Z",
parse | "updatedAt": "2021-03-24T11:08:54.561Z",
parse | "ACL": {
parse | "0928Lax1jO": {
parse | "read": true,
parse | "write": true
parse | }
parse | }
parse | }
parse | ]
parse | }
parse | } {"result":{"response":{"results":[{"objectId":"Wy3Q1ETktu","u":"0928Lax1jO","ls":{"__type":"Date","iso":"2021-03-24T18:08:54.557Z"},"s":{},"r":{},"createdAt":"2021-03-24T11:08:54.561Z","updatedAt":"2021-03-24T11:08:54.561Z","ACL":{"0928Lax1jO":{"read":true,"write":true}}}]}}}
parse | verbose: Request: {"op":"subscribe","requestId":1,"query":{"className":"Chat","where":{"objectId":"Wy3Q1ETktu"}},"sessionToken":"r:cfab75144e6e6ecff45a61ea4b8edc64"}
parse | verbose: Push Response : "{"op":"subscribed","clientId":"5005b69a-35a0-4f90-bd32-8ecc7ec0ccc9","requestId":1}"
parse | verbose: Create client 5005b69a-35a0-4f90-bd32-8ecc7ec0ccc9 new subscription: 1
parse | verbose: Current client number: 1

[dblythy]

In your logs the "subscribe" request comes way after the POST request which saves the object.

Perhaps make sure .subscribe is called before any other "chat" object is updated or created?

Finally, are you using any Cloud code livequery triggers?

[yanuarizalk]

In your logs the "subscribe" request comes way after the POST request which saves the object.

Perhaps make sure .subscribe is called before any other "chat" object is updated or created?

Thank you for your reply @dblythy.
The POST request i use is intended to authenticate the user, and i write the query to make sure there's data exist or not to be logged.

Finally, are you using any Cloud code livequery triggers?

No i am not

[yanuarizalk]

Turn out the one that caused issue is my misconfiguration of HOST, in which i set it to docker static ip address instead of the default one (0.0.0.0).
I am sorry for not attaching my env variable before.