Parse Server / JS SDK, error 206 when saving a user object

Question

I am having trouble using the Parse Server JS SDK to edit and save a user.

I am signing in, logging in and retrieving the user just fine, I can call without exception user.set and add/edit any field I want, but when I try to save, even when using the masterKey, I get Error 206: Can t modify user <id>.

I also have tried to use save to direcly set the fields, same result.

A interesting thing is that in the DB, the User's Schema get updated with the new fields and types.

Here is my update function:

function login(user, callback) {
    let username = user.email,
        password = user.password;

    Parse.User.logIn(username, password).then(
        (user) => {
            if(!user) {
                callback('No user found');
            } else {
                callback(null, user);
            }
        },
        (error) => {
            callback(error.message, null);
        }
    );
}

function update(user, callback) {
    login(user, (error, user) => {
        if(error) {
            callback('Can t find user');
        } else {
            console.log('save');
            console.log('Session token: ' + user.getSessionToken());
            console.log('Master key: ' + Parse.masterKey);
            user.set('user', 'set');
            user.save({key: 'test'}, {useMasterKey: true}).then(
                (test) => {
                    console.log('OK - ' + test);
                    callback();
                }, (err) => {
                    console.log('ERR - ' + require('util').inspect(err));
                    callback(error.message);
                }
            );
        }
    });
}

And a exemple of the error:

update
save
Session token: r:c29b35a48d144f146838638f6cbed091
Master key: <my master key>
ERR- ParseError { code: 206, message: 'cannot modify user NPubttVAYv' }

How can I save correctly my edited user?

Answer 1

I had the exact same problem when using Parse Server with migrated data from an existing app.

The app was created before March 2015 when the new Enhanced Sessions was introduced. The app was still using legacy session tokens and the migration to the new revocable sessions system was never made. Parse Server requires revocable sessions tokens and will fail when encountering legacy session tokens.

In the app settings panel, the Require revocable sessions setting was not enabled before the migration and users sessions were not migrated to the new system when switching to Parse Server. The result when trying to edit a user was a 400 Bad Request with the message cannot modify user xxxxx (Code: 206).

To fix the issue, I followed the Session Migration Tutorial provided by Parse which explain how to upgrade from legacy session tokens to revocable sessions. Multiple methods are described depending on your needs like enableRevocableSession() to enable these sessions on a mobile app, if you're only having a web app, you can enforce that any API requests with a legacy session token to return an invalid session token error, etc.

You should also check if you're handling invalid session token error correctly during the migration to prompt the user to login again and therefore obtain a new session token.