Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server error creating thread when auth_user Id does not match api_account Id #234

Open
alecxvs opened this issue Dec 6, 2018 · 4 comments
Open

Server error creating thread when auth_user Id does not match api_account Id #234

alecxvs opened this issue Dec 6, 2018 · 4 comments

Comments

@alecxvs
Copy link

alecxvs commented Dec 6, 2018
edited
Loading

It appears that starting registration creates an auth_user and completing registration creates an api_account. If registrations remain incomplete or users start/finish in odd orders, then those accounts have different ids. This should be fine, since they have a relationship to each other.
(There's a potential separate issue here with the existence of incomplete, unverified user accounts)

However, when creating a new thread, the auth_user id is passed as the author_id of the thread, but the database constraints check if the id exists in api_accounts:

Internal Server Error: /api/new_thread/

IntegrityError at /api/new_thread/
insert or update on table "api_thread" violates foreign key constraint "api=
_thread_author_id_edb902cb_fk_api_account_id"
DETAIL:  Key (author_id)=3D(4) is not present in table "api_account".


Request Method: POST
Request URL: http://127.0.0.1:8000/api/new_thread/

In my case, I have 4 users but only 2 of them have completed registration and are valid api_accounts, hence auth_user id 4 but no existing api_account id 4.

What I don't know yet is if the application handles author_id as if it is an auth_user id and the db constraint is incorrect, or passing the auth_user id is invalid and it's going to effectively post a thread on behalf of a completely different api account.

Code in question:
https://github.com/CiviWiki/OpenCiviWiki/blob/dev/project/api/write.py#L29

def new_thread(request):
    new_thread_data = dict(
        title=request.POST['title'],
        summary=request.POST['summary'],
        category_id=request.POST['category_id'],
        author_id=request.user.id, ########## <== Author Id = User Id?
        level=request.POST['level']
    )
...
@brylie
Copy link
Member

brylie commented Dec 7, 2018

Good catch! We should write an automated test against this bug. That way we can watch for regressions after a fix.

@brylie
Copy link
Member

brylie commented Dec 7, 2018

I think we should deprecate the api_account table and just use the django users table. This would mean fewer moving parts.

@JL24 how would removing the api_account model from the picture align with, or affect, efforts to port our APIs to the django REST Framework?

@brylie
Copy link
Member

brylie commented May 10, 2019

@all-contributors please add @alecxvs for bug

@allcontributors allcontributors bot mentioned this issue May 10, 2019
Merged
@allcontributors
Copy link
Contributor

@brylie

I've put up a pull request to add @alecxvs! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brylie @alecxvs