Allow live query connection without masterKey

[burhanyilmaz]

New Pull Request Checklist

• I am not disclosing a vulnerability.
• I am creating this PR in reference to an issue.

Issue Description

Approach

If I don't add masterKey or javascriptKey, I don't connect to the live query. It is related RequestSchemas.
My request data is

{
      op: "connect",
      applicationId: "app-id",
      javascriptKey: null,
      masterKey: null,
      sessionToken: "r:ea286758f55c8c69d7d2093500768281",
      installationId: "13c0d909-c9d2-4a00-8f5c-c53fbf008ea8"
}

This line return true.

parse-server/src/LiveQuery/ParseLiveQueryServer.js

Line 357 in 05f5aa0

!tv4.validate(request, RequestSchema['general']) ||

This line return false. Because of my masterKey is null and javascriptKey is null.

parse-server/src/LiveQuery/ParseLiveQueryServer.js

Line 358 in 05f5aa0

!tv4.validate(request, RequestSchema[request.op])

This schema is

{
      title: "Connect operation schema",
      type: "object",
      properties: {
        op: "connect",
        applicationId: { type: "string" },
        javascriptKey:   { type: "string" }, <-----  if javascriptKey is `null`, throw error and I don't connect live query
        masterKey: { type: "string" }, <------ if masterKey is `null`, throw error and I don't connect live query
        clientKey: { type: "string" },
        windowsKey: { type: "string" },
        restAPIKey: { type: "string" },
        sessionToken: { type: "string" },
        installationId: { type: "string" }
      },
      required: ["op","applicationId"]
    }

TODOs before merging

• Add test cases
• Add entry to changelog
• Add changes to documentation (guides, repository pages, in-code descriptions)
• Add security check
• Add new Parse Error codes to Parse JS SDK
• ...

[codecov]

Codecov Report

Merging #7099 (580b4ba) into master (05f5aa0) will decrease coverage by 0.52%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #7099      +/-   ##
==========================================
- Coverage   93.63%   93.10%   -0.53%     
==========================================
  Files         169      169              
  Lines       12500    12500              
==========================================
- Hits        11704    11638      -66     
- Misses        796      862      +66     

Impacted Files	Coverage Δ
src/LiveQuery/RequestSchema.js	100.00% <ø> (ø)
...dapters/Cache/RedisCacheAdapter/KeyPromiseQueue.js	0.00% <0.00%> (-95.46%)	⬇️
src/Adapters/Cache/RedisCacheAdapter/index.js	12.50% <0.00%> (-82.15%)	⬇️
src/RestWrite.js	93.67% <0.00%> (+0.16%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 05f5aa0...580b4ba. Read the comment docs.

[mtrezza]

Thanks for this PR.

Can you please create an issue for this as described in the PR template? Then please reference the issue here and complete the requested information in this PR template or adapt where necessary.

[dplewis]

According to the LiveQuery Protocol Specification this should work without javascriptKey and masterKey since they aren't required by the Schema.

Can you write a test case that fails?

[cbaker6]

I’m guessing, but if you don’t have a javascriptKey or a masterKey, then you need at least a clientKey. I assume this because the SDK’s can use LiveQuery with no problem. If you are attempting to “act” like an SDK, you should add a clientKey or add the javascriptKey. Worse case, you need at least the restAPIKey, but that’s not recommended as you may make your server more vulnerable. Reference: https://docs.parseplatform.org/rest/guide/#calling-from-client-apps

If you are trying to connect from a SDK and you are not providing the clientKey, then that could be your issue.

More info about your use case will help recommend a solution.

[dplewis]

I can verify that this is an issue. I fixed a similar issue with null sessionToken. Parse-SDK-JS/#1058.