Description
New Issue Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
- I can reproduce the issue with the latest version of Parse Server.
Issue Description
Live Query not firing any event under ACL permission of Specified user, even though the authenticated one is granted.
It can only fired if the object has ACL permission set to public read.
I've tried to use Javascript SDK & Flutter SDK, and the outcome is still same, so i thought the issue is belong here.
Flutter SDK test
Steps to reproduce
Client JS
var Parse = require('parse')
Parse.serverURL = "http://localhost:1337/parse"
Parse.initialize('app', 'forasgalarond')
const lq = new Parse.LiveQueryClient({
applicationId: 'app',
serverURL: 'ws://localhost:1337/parse',
javascriptKey: 'forasgalarond',
})
lq.open()
const user = await Parse.User.logIn('lord_rizael1', 'iErbc03MhNhmONaYxFJH', {
error: (exc) => {
console.log('exc', exc)
},
success: (data) => console.log('login', data)
})
console.log('user', user.getSessionToken())
const query = new Parse.Query('Chat')
query.equalTo('objectId', 'Wy3Q1ETktu')
console.log('query result', (await query.find()).length)
const subscription = await lq.subscribe(query, user.getSessionToken())
subscription.on('update', (obj) =>
console.log('on update', obj)
)
subscription.on('create', (obj) =>
console.log('on create', obj)
)
subscription.on('enter', (obj) =>
console.log('on enter', obj)
)
subscription.on('leave', (obj) =>
console.log('on leave', obj)
)
subscription.on('delete', (obj) =>
console.log('on delete', obj)
)
subscription.on('close', (obj) =>
console.log('on close', obj)
)
Actual Outcome
No logged event.
Expected Outcome
Fired event get logged.
Failing Test Case / Pull Request
- 🤩 I submitted a PR with a fix and a test case.
- 🧐 I submitted a PR with a failing test case.
Environment
Server
- Parse Server version:
4.5.0+
- Operating system:
Docker based
- Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc):
Local
Database
- System (MongoDB or Postgres):
MongoDB (Percona)
- Database version:
4.0.23
- Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc):
Local
Client JS
- SDK (iOS, Android, JavaScript, PHP, Unity, etc):
Javascript
- SDK version:
3.1.0
Client Flutter
- SDK (iOS, Android, JavaScript, PHP, Unity, etc):
Flutter
- SDK version:
2.1.0
Variable
- PARSE_SERVER_APPLICATION_ID=app
- PARSE_SERVER_HOST=172.20.1.7
- PARSE_SERVER_PORT=1337
- PARSE_SERVER_MASTER_KEY=fleshoilmargarine
- PARSE_SERVER_JAVASCRIPT_KEY=forasgalarond
- PARSE_SERVER_DATABASE_URI=mongodb://172.20.1.8
- PARSE_SERVER_REST_API_KEY=onedoesnotsimply
- PARSE_SERVER_CLIENT_KEY=mordorwalker
Logs
Client
user token r:0ad6b47fd4664a25d2263615b986afca
query result 1
Server
parse | verbose: Current clients 0
parse | verbose: Current subscriptions 0
parse | verbose: Request: {"op":"connect","applicationId":"app","javascriptKey":"forasgalarond"}
parse | info: Create new client: 5005b69a-35a0-4f90-bd32-8ecc7ec0ccc9
parse | verbose: Push Response : "{"op":"connected","clientId":"5005b69a-35a0-4f90-bd32-8ecc7ec0ccc9"}"
parse | verbose: REQUEST for [POST] /parse/login: {
parse | "username": "lord_rizael1",
parse | "password": "********"
parse | } {"method":"POST","url":"/parse/login","headers":{"host":"localhost:1337","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:81.0) Gecko/20100101 Firefox/81.0","accept":"/","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"text/plain","content-length":"260","origin":"http://localhost:3000","connection":"keep-alive","referer":"http://localhost:3000/","pragma":"no-cache","cache-control":"no-cache"},"body":{"username":"lord_rizael1","password":"********"}}
parse | verbose: RESPONSE from [POST] /parse/login: {
parse | "response": {
parse | "objectId": "0928Lax1jO",
parse | "username": "lord_rizael1",
parse | "email": "[email protected]",
parse | "createdAt": "2021-03-24T11:08:54.388Z",
parse | "updatedAt": "2021-03-24T11:08:54.618Z",
parse | "personalId": "Wy3Q1ETktu",
parse | "ACL": {
parse | "0928Lax1jO": {
parse | "read": true,
parse | "write": true
parse | }
parse | },
parse | "sessionToken": "r:cfab75144e6e6ecff45a61ea4b8edc64"
parse | }
parse | } {"result":{"response":{"objectId":"0928Lax1jO","username":"lord_rizael1","email":"[email protected]","createdAt":"2021-03-24T11:08:54.388Z","updatedAt":"2021-03-24T11:08:54.618Z","personalId":"Wy3Q1ETktu","ACL":{"0928Lax1jO":{"read":true,"write":true}},"sessionToken":"r:cfab75144e6e6ecff45a61ea4b8edc64"}}}
parse | verbose: REQUEST for [GET] /parse/classes/Chat: {
parse | "where": {
parse | "objectId": "Wy3Q1ETktu"
parse | }
parse | } {"method":"GET","url":"/parse/classes/Chat","headers":{"host":"localhost:1337","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:81.0) Gecko/20100101 Firefox/81.0","accept":"/","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"text/plain","content-length":"250","origin":"http://localhost:3000","connection":"keep-alive","referer":"http://localhost:3000/","pragma":"no-cache","cache-control":"no-cache"},"body":{"where":{"objectId":"Wy3Q1ETktu"}}}
parse | verbose: RESPONSE from [GET] /parse/classes/Chat: {
parse | "response": {
parse | "results": [
parse | {
parse | "objectId": "Wy3Q1ETktu",
parse | "u": "0928Lax1jO",
parse | "ls": {
parse | "__type": "Date",
parse | "iso": "2021-03-24T18:08:54.557Z"
parse | },
parse | "s": {},
parse | "r": {},
parse | "createdAt": "2021-03-24T11:08:54.561Z",
parse | "updatedAt": "2021-03-24T11:08:54.561Z",
parse | "ACL": {
parse | "0928Lax1jO": {
parse | "read": true,
parse | "write": true
parse | }
parse | }
parse | }
parse | ]
parse | }
parse | } {"result":{"response":{"results":[{"objectId":"Wy3Q1ETktu","u":"0928Lax1jO","ls":{"__type":"Date","iso":"2021-03-24T18:08:54.557Z"},"s":{},"r":{},"createdAt":"2021-03-24T11:08:54.561Z","updatedAt":"2021-03-24T11:08:54.561Z","ACL":{"0928Lax1jO":{"read":true,"write":true}}}]}}}
parse | verbose: Request: {"op":"subscribe","requestId":1,"query":{"className":"Chat","where":{"objectId":"Wy3Q1ETktu"}},"sessionToken":"r:cfab75144e6e6ecff45a61ea4b8edc64"}
parse | verbose: Push Response : "{"op":"subscribed","clientId":"5005b69a-35a0-4f90-bd32-8ecc7ec0ccc9","requestId":1}"
parse | verbose: Create client 5005b69a-35a0-4f90-bd32-8ecc7ec0ccc9 new subscription: 1
parse | verbose: Current client number: 1