4

I'm trying to register a new user using:

Backand.signup(firstName, lastName, username, password, password2);

but I end up getting:

POST https://api.backand.com/1/user/signup 504 (GATEWAY_TIMEOUT)

When I check the logs (Log > Server Side Exceptions), I notice this error:

An unexpected signup exception occured The following action: 
"Create My App User" failed to perform: The operation has timed out 
The operation has timed out Exception has been thrown by the target 
of an invocation. The operation has timed out

I haven't touched the "Create My App User" script.

Security & Auth > Configuration > Public App: Turned on and set to User. I've also toggled anonymous on and off and switched between ReadOnly and User in case of a permission issue.

It was working just fine a few weeks ago, and a few times I was able to get an entry into the Security & Auth > Registered User's table, but I can't get it to create any new entries in my app's user table or even work at all now.

Any help would be appreciated.

cs_pupil
  • 2,782
  • 27
  • 39

1 Answers1

2

Based on the server side error that returned from the "Create My App User" action, this is a security issue.

The Action leverage the front-end user permission and, in this case, it requires that Anonymus access will be able to update the users object.

The error started after you turned off the anonymous switch or changed it to read-only.

The solution is to use Admin's permission in the server side action. To add the Admin permission you can use the basic auth Authorization header.

Change the headers code to be this line:

headers:{'Authorization':'basic ' + btoa (username + ':'+ password) }

So the new code in the "Create My App User" Action should look like this:

var response = $http({ method: "POST", url:CONSTS.apiUrl + "/1/objects/users", params: {parameters: {"sync": true}}, data: parameters, headers:{'Authorization':'basic ' + btoa (username + ':'+ password) } });

The username is the app master token (Securit & Auth /social &keys).

The password is the Admin user key (Team / key Icon near the username)

Itay
  • 734
  • 4
  • 5
  • I'm back to being madly in love with Backand. Couldn't have done it without your help! This is the answer to how you can have your app public AND have anonymous read-only access. Thanks Itay. – cs_pupil Mar 23 '16 at 23:57
  • Quick follow up: The only problem now is that it doesn't seem to pass along the extra parameters I need for my user object, i.e.: 'Backand.signup(firstName, lastName, email, password, password2, {key1: "value1", key2: "value2"} );' Is there something else I need to do inside "Create My App User" to pass that information on now? (It worked previously) – cs_pupil Mar 24 '16 at 00:36
  • @cs_pupil not 100% that your able to store password data into your custom user object. Ideally as good practice, i don't think you should be as the server is already securely storing this in the registered users object. – Vince Mar 24 '16 at 00:51
  • @Vince, thanks for your reply and I think you're right. I probably could've worded that better, but I'm trying to pass in extra parameters _after_ the password parameters. Those are what I want to pass along to my user object. I'm trying to pass extra parameters like in the example [here](https://github.com/backand/todos-with-users#saving-additional-parameters-in-the-sign-up), but after applying Itay's fix. Thanks, and hope that makes more sense. – cs_pupil Mar 24 '16 at 01:16
  • My Mistake! Please ignore my follow up question. It works exactly like it should (with extra parameters). In all my changing things around to get it working, I messed something up in my code and only just caught it. – cs_pupil Mar 24 '16 at 13:46