Parse-SDK-Android
Parse-SDK-Android copied to clipboard
Failed signup attempt with anonymous ParseUser leaves it in inconsistent state
Hi,
Whenever a signup fails with an anonymous ParseUser, I've noticed a couple of things:
- The app will still have a session token for that user which has been invalidated by the server (any CloudFunction call will error with an "invalid session token" message).
- The user is not considered anonymous anymore! Calling
ParseAnonymousUtils.isLinked(ParseUser.current())
returns false.
Reproduction steps:
- Enable anonymous users.
- Save the current (anonymous) user to the backend. (Not sure if this is important, but this is what our app will do).
- Trigger a failed signup attempt. I've only tried signing up with a username that already exists.
- Read the value of
ParseAnonymousUtils.isLinked(ParseUser.current())
.
From my understanding, the last value should be true, but is actually false.
These things are troubling because we are using ParseAnonymousUtils.isLinked(ParseUser.current())
to determine if the user is currently ~~logged in~~ registered (user is ~~logged in~~ registered iff that returns false).
Two questions:
- Is
!ParseAnonymousUtils.isLinked(ParseUser.current())
the right way to determine if a previously anonymous user is ~~logged in~~ registered? - If not, what is the right way? If so, is the current behavior I'm seeing in fact a bug?
Did some more investigating into the source code:
- Looks like saving the user to the backend before attempting signup is important to triggering this issue: https://github.com/ParsePlatform/Parse-SDK-Android/blob/7d908f3d1cbed3c89addfac49419c6c2f1859d62/Parse/src/main/java/com/parse/ParseUser.java#L604
- And removing anonymity before signup is intentional: https://github.com/ParsePlatform/Parse-SDK-Android/blob/7d908f3d1cbed3c89addfac49419c6c2f1859d62/Parse/src/main/java/com/parse/ParseUser.java#L420
Seems like the answer to my first question is no. My current workaround is to have custom client-side state to keep track of whether the user is ~~logged in~~ registered or not. Is there a better way?
Closing this as no one has reported this issue recently, and we don't have the resources to investigate these historic reports.
Please ask me to reopen if you experience this issue in the latest version of this SDK.
This is still a problem in the latest version.
- Setting
username
on aParseUser
will callstripAnonymity
. - This is supposed to remove the
anonymous
key in theauthData
dictionary of the object. - It is only supposed to do that in the map
estimatedData
. - If saving fails, we are meant to be able to call
revert()
to revert the estimatedData back to the server data fromstate
. - However since
authData
is a Map, and estimatedData is unfortunately a shallow copy of state, the Map pointed to by both maps IS THE SAME OBJECT. - Modifying
estimatedData["authData"]["anonymous"]
makes the same changes appear instate["authData"]["anonymous"]
. Hence reverting is impossible.
I suspect rather than modifying the content of the authData
key, we should replace it with a new modified map.
Thanks for opening this issue!
- ❌ Please edit your post and use the provided template when creating a new issue. This helps everyone to understand your post better and asks for essential information to quicker review the issue.
The label type:bug
cannot be used in combination with type:improvement
.
The label severity:medium
can only be used in combination with type:bug
.