解析node.js中的登录-登录成功，但是“没有当前用户”

Question

I'm having trouble interacting with my Parse data in node.js. I'm able to login successfully, but Parse.User.current() returns null. After running the below code, I'd like to query data that has ACL read/write only for that user. Currently, that query returns empty, but if I change that data to public read/write, I can see the results of the query output in the terminal.

Here is my node.js code:

Prompt.get([{
name: 'username', 
required: true}, {
name: 'password',
hidden: true}], function (err, result) {
    if (err) {
        console.log('Error: ' + err);
    } else {
        Parse.User.logIn(result.username, result.password, {
        success: function(user) {
            console.log('LOGGED IN');
            console.log(user);
            console.log(Parse.Session.current());
            console.log(Parse.User.current());

            ... (query happens below this)

And my console output:

prompt: username:  pablo
prompt: password:  
LOGGED IN
ParseUser { _objCount: 0, className: '_User', id: 'EXyg99egkv' }
ParsePromise {
  _resolved: false,
  _rejected: true,
  _resolvedCallbacks: [],
  _rejectedCallbacks: [],
  _error: 'There is no current user.' }
null

Thanks in advance.

Answer 1

Is this not a usecase for Parse.User.become()? From the parse docs:

If you've created your own authentication routines, or otherwise logged in a user on the server side, you can now pass the session token to the client and use the become method. This method will ensure the session token is valid before setting the current user.

Parse.User.become("session-token-here").then(function (user) {
  // The current user is now set to user.
}, function (error) {
  // The token could not be validated.
});

Answer 2

I had similar problems and found this Parse blog that explains the issue:

Also in Cloud Code, the concept of a method that returns the current user makes sense, as it does in JavaScript on a web page, because there's only one active request and only one user. However in a context like node.js, there can't be a global current user, which requires explicit passing of the session token. Version 1.6 and higher of the Parse JavaScript SDK already requires this, so if you're at that version, you're safe in your library usage.

You can execute queries with user credentials in a node.js environment like this:

query.find({ sessionToken: request.user.getSessionToken() }).then(function(data) {
// do stuff with data
}, function(error) {
// do stuff with error
});

If you wish to validate that token before using it, here's an explanation of how you could go about doing that:

one way would be to query for an object known to be only readable by the user. You could have a class that stores such objects, and have each one of them use an ACL that restricts read permissions to the user itself. If running a find query over this class returns 0 objects with a given sessionToken, you know it's not valid. You can take it a step further and also compare the user object id to make sure it belongs to the right user.

Session tokens cannot be queried even with the master key.