Module: Parse::API::Users

Included in:

Client

Defined in:

lib/parse/api/users.rb

Overview

Defines the User class interface for the Parse REST API

Instance Method Summary

• #create_user(body, headers: {}, **opts) ⇒ Parse::Response

  Create a new user.

• #current_user(session_token, headers: {}, **opts) ⇒ Parse::Response

  Find user matching this active session token.

• #delete_user(id, headers: {}, **opts) ⇒ Parse::Response

  Delete a User record given an objectId.

• #fetch_user(id, headers: {}, **opts) ⇒ Parse::Response

  Fetch a User for a given objectId.

• #find_users(query = {}, headers: {}, **opts) ⇒ Parse::Response

  Find users matching a set of constraints.

• #login(username, password, headers: {}, **opts) ⇒ Parse::Response

  Login a user.

• #login_with_mfa(username, password, mfa_token, headers: {}, **opts) ⇒ Parse::Response

  Login a user with MFA (Multi-Factor Authentication).

• #logout(session_token, headers: {}, **opts) ⇒ Parse::Response

  Logout a user by deleting the associated session.

• #request_password_reset(email, headers: {}, **opts) ⇒ Parse::Response

  Request a password reset for a registered email.

• #set_service_auth_data(id, service_name, auth_data, headers: {}, **opts) ⇒ Parse::Response

  Set the authentication service OAUth data for a user.

• #signup(username, password, email = nil, body: {}, **opts) ⇒ Parse::Response

  Signup a user given a username, password and, optionally, their email.

• #update_user(id, body = {}, headers: {}, **opts) ⇒ Parse::Response

  Update a User record given an objectId.

Instance Method Details

#create_user(body, headers: {}, **opts) ⇒ Parse::Response

Create a new user.

Parameters:

• body (Hash) —

  a hash of values related to your _User schema.

• opts (Hash) —

  additional options to pass to the Client request.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 56

def create_user(body, headers: {}, **opts)
  headers.merge!({ Parse::Protocol::REVOCABLE_SESSION => "1" })
  if opts[:session_token].present?
    headers.merge!({ Parse::Protocol::SESSION_TOKEN => opts[:session_token] })
  end
  response = request :post, USER_PATH_PREFIX, body: body, headers: headers, opts: opts
  response.parse_class = Parse::Model::CLASS_USER
  response
end

#current_user(session_token, headers: {}, **opts) ⇒ Parse::Response

Find user matching this active session token.

Parameters:

• session_token (String) —

  the Parse user session token to look up.

• opts (Hash) —

  additional options to pass to the Client request.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 44

def current_user(session_token, headers: {}, **opts)
  headers.merge!({ Parse::Protocol::SESSION_TOKEN => session_token })
  response = request :get, "#{USER_PATH_PREFIX}/me", headers: headers, opts: opts
  response.parse_class = Parse::Model::CLASS_USER
  response
end

#delete_user(id, headers: {}, **opts) ⇒ Parse::Response

Delete a User record given an objectId.

Parameters:

• id (String) —

  the Parse user objectId.

• opts (Hash) —

  additional options to pass to the Client request.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 96

def delete_user(id, headers: {}, **opts)
  request :delete, "#{USER_PATH_PREFIX}/#{id}", headers: headers, opts: opts
end

#fetch_user(id, headers: {}, **opts) ⇒ Parse::Response

Fetch a User for a given objectId.

Parameters:

• id (String) —

  the user objectid

• opts (Hash) —

  additional options to pass to the Client request.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 24

def fetch_user(id, headers: {}, **opts)
  request :get, "#{USER_PATH_PREFIX}/#{id}", headers: headers, opts: opts
end

#find_users(query = {}, headers: {}, **opts) ⇒ Parse::Response

Find users matching a set of constraints.

Parameters:

• query (Hash) (defaults to: {}) —

  query parameters.

• opts (Hash) —

  additional options to pass to the Client request.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 33

def find_users(query = {}, headers: {}, **opts)
  response = request :get, USER_PATH_PREFIX, query: query, headers: headers, opts: opts
  response.parse_class = Parse::Model::CLASS_USER
  response
end

#login(username, password, headers: {}, **opts) ⇒ Parse::Response

Login a user. Implements client-side rate limiting with exponential backoff after repeated failures to mitigate brute force attacks.

Parameters:

• username (String) —

  the Parse user username.

• password (String) —

  the Parse user’s associated password.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

• opts (Hash) —

  additional options to pass to the Client request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 140

def login(username, password, headers: {}, **opts)
  check_login_rate_limit!(username)
  body = { username: username, password: password }
  headers.merge!({ Parse::Protocol::REVOCABLE_SESSION => "1" })
  response = request :post, LOGIN_PATH, body: body, headers: headers, opts: opts
  response.parse_class = Parse::Model::CLASS_USER
  track_login_attempt(username, response.success?)
  response
end

#login_with_mfa(username, password, mfa_token, headers: {}, **opts) ⇒ Parse::Response

Login a user with MFA (Multi-Factor Authentication).

This method handles Parse Server’s MFA adapter which requires both standard credentials AND an MFA token when MFA is enabled for the user.

Examples:

response = client.login_with_mfa("john", "password123", "123456")

Parameters:

• username (String) —

  the Parse user username.

• password (String) —

  the Parse user’s associated password.

• mfa_token (String) —

  the TOTP code from authenticator app or recovery code.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

• opts (Hash) —

  additional options to pass to the Client request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 164

def login_with_mfa(username, password, mfa_token, headers: {}, **opts)
  check_login_rate_limit!(username)
  # Parse Server expects authData to be sent with POST for MFA login
  body = {
    username: username,
    password: password,
    authData: {
      mfa: {
        token: mfa_token,
      },
    },
  }
  headers.merge!({ Parse::Protocol::REVOCABLE_SESSION => "1" })
  response = request :post, LOGIN_PATH, body: body, headers: headers, opts: opts
  response.parse_class = Parse::Model::CLASS_USER
  track_login_attempt(username, response.success?)
  response
end

#logout(session_token, headers: {}, **opts) ⇒ Parse::Response

Logout a user by deleting the associated session.

Parameters:

• session_token (String) —

  the Parse user session token to delete.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

• opts (Hash) —

  additional options to pass to the Client request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 188

def logout(session_token, headers: {}, **opts)
  headers.merge!({ Parse::Protocol::SESSION_TOKEN => session_token })
  opts.merge!({ use_master_key: false, session_token: session_token })
  request :post, LOGOUT_PATH, headers: headers, opts: opts
end

#request_password_reset(email, headers: {}, **opts) ⇒ Parse::Response

Request a password reset for a registered email.

Client-side rate limited on a per-email basis using the same tracker that backs #login (entries are namespaced under a pwreset: prefix so the two limiters don’t collide on usernames that happen to equal an email). Every request counts toward the backoff — Parse Server’s requestPasswordReset response does not differentiate “email exists” from “email does not exist” (and rightly so, to avoid account enumeration), so the SDK cannot distinguish a legitimate retry from an attacker probing for valid emails. The cap mirrors LOGIN_MAX_FAILURES: 5 requests within the rolling window before exponential backoff kicks in and the limit clears via the same TTL-based cleanup.

Parameters:

• email (String) —

  the Parse user email.

• opts (Hash) —

  additional options to pass to the Client request.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

Returns:

• (Parse::Response)

Raises:

• (RuntimeError) —

  when the per-email request rate is exceeded.

# File 'lib/parse/api/users.rb', line 119

def request_password_reset(email, headers: {}, **opts)
  rate_key = "pwreset:#{email}"
  check_login_rate_limit!(rate_key)
  body = { email: email }
  response = request :post, REQUEST_PASSWORD_RESET, body: body, opts: opts, headers: headers
  # Always count the attempt as a "failure" for backoff purposes:
  # the response body is intentionally indistinguishable across
  # found/not-found emails, so we cannot reset the counter on
  # "success" without leaking that distinction to an attacker who
  # is probing.
  track_login_attempt(rate_key, false)
  response
end

#set_service_auth_data(id, service_name, auth_data, headers: {}, **opts) ⇒ Parse::Response

Set the authentication service OAUth data for a user. Deleting or unlinking is done by setting the authData of the service name to nil.

Parameters:

• id (String) —

  the Parse user objectId.

• service_name (Symbol) —

  the name of the OAuth service.

• auth_data (Hash) —

  the hash data related to the third-party service.

• opts (Hash) —

  additional options to pass to the Client request.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 86

def set_service_auth_data(id, service_name, auth_data, headers: {}, **opts)
  body = { authData: { service_name => auth_data } }
  update_user(id, body, headers: headers, **opts)
end

#signup(username, password, email = nil, body: {}, **opts) ⇒ Parse::Response

Signup a user given a username, password and, optionally, their email.

Parameters:

• username (String) —

  the Parse user username.

• password (String) —

  the Parse user’s associated password.

• email (String) (defaults to: nil) —

  the desired Parse user’s email.

• body (Hash) (defaults to: {}) —

  additional property values to pass when creating the user record.

• opts (Hash) —

  additional options to pass to the Client request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 201

def signup(username, password, email = nil, body: {}, **opts)
  body = body.merge({ username: username, password: password })
  body[:email] = email || body[:email]
  create_user(body, **opts)
end

#update_user(id, body = {}, headers: {}, **opts) ⇒ Parse::Response

Update a User record given an objectId.

Parameters:

• id (String) —

  the Parse user objectId.

• body (Hash) (defaults to: {}) —

  the body of the API request.

• opts (Hash) —

  additional options to pass to the Client request.

• headers (Hash) (defaults to: {}) —

  additional HTTP headers to send with the request.

Returns:

• (Parse::Response)

# File 'lib/parse/api/users.rb', line 72

def update_user(id, body = {}, headers: {}, **opts)
  response = request :put, "#{USER_PATH_PREFIX}/#{id}", body: body, headers: headers, opts: opts
  response.parse_class = Parse::Model::CLASS_USER
  response
end