Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Parse : invalid username, password

Tags:

android

parse-platform

I was using the Parse API for databases and trying to use the username service that it provides. I understand that from the tutorial that in order to login you do this :

ParseUser.logInInBackground("Jerry", "showmethemoney", new LogInCallback() {
  public void done(ParseUser user, ParseException e) {
    if (user != null) {
      // Hooray! The user is logged in.
    } else {
      // Signup failed. Look at the ParseException to see what happened.
    }
  }
});

If the login failed, I was just wondering how I could tell whether it failed because the username typed in was invalid, or the password. I know that you can do e.getCode() to get the type of error that occurred, but from this site https://parse.com/docs/android/api/ I couldn't find any error codes pertaining to invalid username/password

Thank you james

like image 783
James Avatar asked Feb 24 '26 23:02

James

2 Answers

This is what I did to check username/password validity in one of my applications. This method submits a query against the ParseUser class and returns true if the passed username exists, if it does then you know the username is valid.

(check externally for ParseException.OBJECT_NOT_FOUND - in conjunction with this we can tell whether the user needs to register or has an invalid password.)

public boolean queryCredentials(String username) {
        ParseQuery<ParseUser> queryuserlist = ParseUser.getQuery();
        queryuserlist.whereEqualTo("username", username);
        try {
            //attempt to find a user with the specified credentials.
            return (queryuserlist.count() != 0) ? true : false;
        } catch (ParseException e) {
            return false;
        }
    }

Hopefully this can help someone with this issue.

like image 120
stclem93 Avatar answered Feb 27 '26 03:02

stclem93

It seems to be a security risk to distinguish between invalid user and invalid password. This information would let a hacker test account names until the app gave an invalid password response, which would let the hacker know at least the username of a valid user. Therefore, I think Parse makes this difficult deliberately.

However, it may be possible to do this using a query that searches for users with the given username. If the query returns no users, the username is invalid. If the username returns a user, the password is invalid.

like image 33
isaach1000 Avatar answered Feb 27 '26 01:02

isaach1000
Sign in to Comment

Related questions

How to show date and time in time ago using calendar in android
Android passing objects between activities
Downloading game assets to SD card on Android
Android - Fragment called by Bottom navigation tabs is reloading every time
Android sms notification problem
Using too much memory in C/NDK?
How to solve FATAL EXCEPTION with Java.lang.NullPointerException?
is there a site as SourceForge for Android?
Limit WebView touch handling to links
android: delete history after homepage load
How to show VTT subtitles in ExoPlayer2?
Does Android support short circuiting?
TextToSpeech.setEngineByPackageName() triggers NullPointerException
Speeding up encryption?
Android: Not receiving SMS delivered confirmation in emulator
Android - do threads stop on their own?
Unexpected caret reposition in Android Chrome
Compress photo quality in Android

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!