Adds ability to disable anonymous users

[flovilmart]

Proposed fix for #327

• Adds enableAnonymousUsers to the config.
• Marks the service unsupported when enableAnonymousUsers !== true.
• Adds according tests.

[nitrag]

This is great! I didn't have the exact knowledge where to put the checks. My only comment is that this could break a lot of current installations and it might be best if it was "disableAnonymousUsers" so existing server installations wouldn't all of a sudden stop working for people.

[flovilmart]

@nitrag it defaults to true to prevent any breaking. As for why defaulting to true, it's because undefined, null and false work well with  || true; operator. and != is not the same as !== so it's safer that way.

[nitrag]

Ah, me dumb. Thanks for this!

On Mon, Feb 15, 2016 at 11:15 PM, Florent Vilmart [email protected]
wrote:

@nitrag https://github.com/nitrag it defaults to true to prevent any
breaking.

—
Reply to this email directly or view it on GitHub
#440 (comment)
.

[drew-gross]

Thanks! Looks awesome.

[nitrag]

@flovilmart

I just experienced an issue where the session token was bad (pre-revocable) and my app was not responding to a cloud function. Turns out request.user was null. Does your PR request include every single API hit to the database? Or just creating/update? Shouldn't we be throwing an error (Invalid login) or something. I need to have my users be forced back to the login screen.

I'm too amateur to tell if Parse is validating the user's session or not each time he accesses the app. Sigh...

[flovilmart]

That seems unrelated to that PR as this only affects the ability to disable anonymous users. Can you open an issue with the proper description of your bug?

[nitrag]

Okay so there is an issue related to anonymous access the request.user=null was a separate issue.

I don't believe every request that comes into the server is being session validated. For instance. I am able to make a curl request with a purposely made up session token and it happily returns the data.

I'll email you the curl request due to privacy concerns.

[flovilmart]

Can you please open an issue then as it's unrelated with the purpose of that PR.

thanks!

[rafapetter]

@flovilmart I'm setting enableAnonymousUsers to true but ParseUser.getCurrentUser() is still null. Is that normal? My idea is to begin working with the current user immediately when the application starts, not requiring the user to login/signup at first.

[flovilmart]

You have to enable it on the client, it's enabled by default on the server

[rafapetter]

Ok, got it. Thanks