Reputation: 1503
Parse can't retrieve user email
I'm using the latest version of Parse Server, with Typescript compilation before shipping the .js files. Mind that this whole question is specific to Cloud Code, and not client implementations.
This has been working quite well this far, but now I found a problem which I seriously have no idea how to solve. Consider a class for handling email events, which has a method for finding a user's email for a given ID, and sending him a message:
async sendEmailToUserID(userId: string, subject: string, text: string){
const res = await new Parse.Query("User").equalTo("objectId", userId).find();
if(res){
const user = res[0];
const email = user.get("email");
return await this.sendEmail(email, subject, text);
}
}
I think the function is quite straightforward and easily explains itself. Well, thing is, that the find() function can properly retrieve the user's object, but the .get("email") thing won't ever work: it always returns "undefined".
Anyone's got an idea on why this happens?
PD: yes, the "email" fields exists for any given user.
Upvotes: 2
Views: 1871
Answers (2)
Reputation: 1503
Okay, took a while to realise how to find it since Parse doesn't have any errors dedicated to this. The problem is that I was trying to access a User class object, which is protected, without using the master key.
Mind that the following solution is intended for Cloud Code only; it's definitely not safe when used from the client code:
Just add {useMasterKey: true} to the .find() method and it will work:
const res = await new Parse.Query("User").equalTo("objectId", userId).find({useMasterKey: true});
Upvotes: 2
Reputation: 1602
email is a sensitive field that is stripped from the server before being sent to the client for anonymous requests.
As you note, you can add the 'userMasterKey' to the client query, but you should never do this as the masterKey is a secret that the entire security of your parse server depends on keeping secret (like a password).
It is ok to do queries, on the server, in cloud code, or on a php server with the master key, but it is never ok to use the master key in client side code (ios, js in the browser, android, etc.)
You can make email and other sensitive fields available to authenticated users. This is a new feature and not well documented yet, but you can see how it is used from the tests: https://github.com/parse-community/parse-server/blob/f2c332ea6a984808ad5b2e3ce34864a20724f72b/spec/UserPII.spec.js#L526
Upvotes: 3
Related Questions
- How get users emails in though query
- Can't get users email in Rest api used parse dashboard
- User fields empty in parse-server server.js mail adapter
- Parse js - unable to receive user fields
- Parse.com unable to get username from Parse.User.current?
- Parse User Query Only Retrieves Current user
- Unable to get user's email with Parse Facebook login
- Retrieve email address from Parse User class
- Get user from parse in Javascript
- How can I get user email when logging in through Facebook in parse.com