parse-server icon indicating copy to clipboard operation
parse-server copied to clipboard

Published 20 hours ago verified publisher icon parse-community

Disabling the masterkey IP filter doesn't work

Open EhsanParsania opened this issue 1 year ago • 10 comments

New Issue Checklist

Issue Description

According to issue #8421 , I tried to disable IP filter manually by using masterKeyIPs: ['0.0.0.0/0', '::0'] , however, as someone else mentioned in the #8421 , it is not working and it returns unauthorized error ParseError: unauthorized at handleError (/app/node_modules/parse/lib/node/RESTController.js:298:17) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async Object.startJob (/app/node_modules/parse/lib/node/Cloud.js:140:22) { code: undefined }

Steps to reproduce

Set the masterKeyIPs: ['0.0.0.0/0', '::0']

Actual Outcome

ParseError: unauthorized at handleError (/app/node_modules/parse/lib/node/RESTController.js:298:17) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async Object.startJob (/app/node_modules/parse/lib/node/Cloud.js:140:22) { code: undefined }

Expected Outcome

Expected disable the masterkey IP

Server

  • Parse Server version: 6.4.0

Database

  • System (MongoDB or Postgres): MongoDB

Client

  • SDK (iOS, Android, JavaScript, PHP, Unity, etc): JavaScript
  • SDK version: 4.3.1

EhsanParsania avatar Jan 04 '24 10:01 EhsanParsania

Thanks for opening this issue!

  • 🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.

parse-github-assistant[bot] avatar Jan 04 '24 10:01 parse-github-assistant[bot]

In your description that you are using masterKeyIPs: ['0.0.0.0/0', '::0'] but to allow "any IPv6 address" it should be masterKeyIPs: ['0.0.0.0/0', '::/0']. Could you try that?

mtrezza avatar Jan 13 '24 19:01 mtrezza

In your description that you are using masterKeyIPs: ['0.0.0.0/0', '::0'] but to allow "any IPv6 address" it should be masterKeyIPs: ['0.0.0.0/0', '::/0']. Could you try that?

It worked @mtrezza, thanks

EhsanParsania avatar Jan 16 '24 08:01 EhsanParsania

Issue resolved

mtrezza avatar Jan 16 '24 16:01 mtrezza

It seems it is not solved completely, we are still facing this problem!! even with using this config masterKeyIPs: ['0.0.0.0/0', '::/0'] @mtrezza

Screenshot 2024-02-12 185848

EhsanParsania avatar Feb 12 '24 15:02 EhsanParsania

You commented previously that it worked. Why does it not work now? We'd need a more detailed description of what has changed to investigate this further.

mtrezza avatar Feb 13 '24 16:02 mtrezza

You commented previously that it worked. Why does it not work now? We'd need a more detailed description of what has changed to investigate this further.

I had removed the using master key by mistake so it didn't return error, but as soon as I added it, it started returning MasterKeyIps error.

EhsanParsania avatar Feb 14 '24 09:02 EhsanParsania

Could you post step-by-step instructions on how to replicate what you are seeing, including the complete Parse Server config (excl. sensitive data like DB URL) and the IP of the server instance on which you are running, plus the DNS resolution config of your Node.js environment and using debugging, where in code this fails? We have investigated this extensively in the past and others were reporting that it works after an explanation of how IP ranges work. So to investigate this, the fastest way would simply be you setting a breakpoint in code where the IP addresses is checked to find out what is failing.

mtrezza avatar Feb 14 '24 18:02 mtrezza

Could you post step-by-step instructions on how to replicate what you are seeing, including the complete Parse Server config (excl. sensitive data like DB URL) and the IP of the server instance on which you are running, plus the DNS resolution config of your Node.js environment and using debugging, where in code this fails? We have investigated this extensively in the past and others were reporting that it works after an explanation of how IP ranges work. So to investigate this, the fastest way would simply be you setting a breakpoint in code where the IP addresses is checked to find out what is failing.

For the IP of the server instance is running: It is running on Heroku so it does not have a static IP address. DNS resolution is handled by Heroku.

Our code fails whenever we call a Job or call a cloud function the master key is used.

This is where we get error in the code: Screenshot 2024-02-12 185848

This is our Parse server config:

  var config = {
    databaseURI: databaseUri || "mongodb://localhost:27017/dev",
    cloud: process.env.CLOUD_CODE_MAIN || __dirname + "/cloud/main.js",
    appId: process.env.APP_ID || "********************",
    publicServerURL:
      process.env.PUBLIC_SERVER_URL || "http://localhost:1337/parse",
    masterKey: process.env.MASTER_KEY || "********************", //Add your master key here. Keep it secret!
    serverURL: process.env.SERVER_URL || "http://localhost:1337/parse", // Don't forget to change to https if needed
    liveQuery: {
      classNames: [], // List of classes to support for query subscriptions
      redisURL: process.env.REDISCLOUD_URL || process.env.REDIS_URL
    },
    filesAdapter: azureAdapter,
    allowClientClassCreation: false,
    allowCustomObjectId: false,
    cacheAdapter: redisCache,
    enableAnonymousUsers: false,
    jsonLogs: true,
    maxLimit: 150,
    verbose: process.env.NODE_ENV == 'dev' ? 1 : 0,
    silent: process.env.NODE_ENV == 'dev' ? 0 : 1,
    maxUploadSize: "150mb",
    restAPIKey: process.env.REST_API_KEY || "********************",
    javascriptKey:
      process.env.JAVASCRIPT_KEY || "********************",
    revokeSessionOnPasswordReset: true,
    protectedFields: {},
    masterKeyIPs: ['0.0.0.0/0', '::/0']
  };```

EhsanParsania avatar Feb 16 '24 10:02 EhsanParsania

Our code fails whenever we call a Job or call a cloud function the master key is used.

  1. Does this only occur when calling a job or cloud function, or also with class/object operations, like find objects, create object, etc?
  2. Could you try editing Parse Server so that it prints out the value of masterKeyIps as part of the error log?
  3. Could you try to run a local test with the specific IP address that you see in the error message ::ffff:10.1.19.209 by simply adding a test case to Parse Server? It's an IPv4-mapped IPv6 address with the ::ffff: prefix, which is a special case and may not be interpreted correctly by the Parse Server's internal logic or the package that is being used to compare an IP address with the ranges set in masterKeyIps.

mtrezza avatar Feb 16 '24 23:02 mtrezza

@mtrezza I edited Parse Server and with printing masterKeyIps I found that the problem was incorrect spelling of masterKeyIps, I had copied the key value from your comment, please edit the comment :) incorrect key: masterKeyIPs: ['0.0.0.0/0', '::/0'] Correct key: masterKeyIps: ['0.0.0.0/0', '::/0'] https://github.com/parse-community/parse-server/issues/8421#issuecomment-1890747230

EhsanParsania avatar Feb 21 '24 09:02 EhsanParsania

Great, so we can close this issue?

It may be a good feature to log a warning in case of a unknown option to prevent this. Could you open a new quick issue for this, so we can track this as a feature suggestion?

mtrezza avatar Feb 22 '24 10:02 mtrezza

Yes, we can close this issue, Sure opened a new issue for this. @mtrezza New issue: https://github.com/parse-community/parse-server/issues/8938

EhsanParsania avatar Feb 23 '24 07:02 EhsanParsania

@mtrezza I edited Parse Server and with printing masterKeyIps I found that the problem was incorrect spelling of masterKeyIps, I had copied the key value from your comment, please edit the comment :) incorrect key: masterKeyIPs: ['0.0.0.0/0', '::/0'] Correct key: masterKeyIps: ['0.0.0.0/0', '::/0'] #8421 (comment)

thank you. it work now.

ngockhanhbl avatar Aug 16 '24 14:08 ngockhanhbl