Parse-server: GraphQL Logout mutation w/o `X-Parse-Session-Token` header causes internal server error

Created on 28 Nov 2020  路  5Comments  路  Source: parse-community/parse-server

New Issue Checklist

Issue Description

Performing the logout mutation from the documentation, without a session set in the headers, causes the following internal server error:

error: Uncaught internal server error. Cannot read property 'id' of undefined {"stack":"TypeError: Cannot read property 'id' of undefined
    at mutateAndGetPayload (/app/node_modules/parse-server/lib/GraphQL/loaders/usersMutations.js:231:122)
    at resolve (/app/node_modules/graphql-relay/lib/mutation/mutation.js:88:30)
    at field.resolve (/app/node_modules/graphql-extensions/dist/index.js:134:26)
    at field.resolve (/app/node_modules/apollo-server-core/dist/utils/schemaInstrumentation.js:52:26)
    at resolveFieldValueOrError (/app/node_modules/graphql/execution/execute.js:467:18)
    at resolveField (/app/node_modules/graphql/execution/execute.js:434:16)
    at /app/node_modules/graphql/execution/execute.js:244:18
    at /app/node_modules/graphql/jsutils/promiseReduce.js:23:10
    at Array.reduce (<anonymous>)
    at promiseReduce (/app/node_modules/graphql/jsutils/promiseReduce.js:20:17)"}

The throwing code seems to be here.

Steps to reproduce

1) Open the playground
2) Clear session header
3) Run the logout mutation from the docs:

mutation logOut {
        logOut(input: { clientMutationId: "logOut" }) {
          clientMutationId
          viewer {
            user {
              username
              email
            }
          }
        }
      }

Actual Outcome

Error message above

Expected Outcome

Logging out, without a session token should 400, or return empty user data. I don't think it should log or print a stack trace.

Environment

Server side:
"resolutions": {
"graphql": "^14.7.0"
},
"dependencies": {
"dotenv": "^8.2.0",
"express": "^4.17.1",
"graphql": "^14.7.0",
"graphql-tag": "^2.11.0",
"nodemon": "^2.0.6",
"parse-server": "^4.4.0"
}

Server

  • Parse Server version: 4.4.0
  • Operating system: Ubuntu 20.04
  • Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): Local

Database

  • System (MongoDB or Postgres): MongoDB
  • Database version: mongodb-runner start
  • Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): Local

Client

  • SDK (iOS, Android, JavaScript, PHP, Unity, etc): JavaScript
  • SDK version: https://apollo.vuejs.org/

Logs

See error above. VERBOSE=1 didn't show more stuff.

Thank you!

bug
Source
picture MichaelJCole

All 5 comments

Thank you for reporting.

@Moumouls @davimacedo Do you have any suggestion for this GraphQL related issue?

mtrezza picture mtrezza on 29 Nov 2020

Yes it seems that we need to remove viewer from logOut mutation. I think it's nonsense to send a viewer back to the logOut mutation.

@MichaelJCole the quick patch is:

mutation logOutButton {
    logOut(input: { clientMutationId: "logOut" }) {
        clientMutationId
    }
}

I will send a PR to remove viewer from logout mutation

Moumouls picture Moumouls on 29 Nov 2020
🚀1

PR sent: https://github.com/parse-community/parse-server/pull/7029

Moumouls picture Moumouls on 29 Nov 2020

@Moumouls did you try that patch? I tested it in the Playground, and got the same "Error: Internal server error". Anyways, thanks for the fast PR!

MichaelJCole picture MichaelJCole on 29 Nov 2020

Yeah after my comment I saw in the code that my patch may be not work on the current version. (logOut code always try to get viewer)

In fact, your only option might be to make sure you have a session token when you call the LogOut @MichaelJCole

Moumouls picture Moumouls on 29 Nov 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dpaid picture dpaid  路  3Comments
dovewi picture dovewi  路  3Comments
sanergulec picture sanergulec  路  4Comments
ShawnBaek picture ShawnBaek  路  4Comments
omyen picture omyen  路  3Comments