Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users - api - able to create a user without the required name field #23788

Open
karel-rehor opened this issue Oct 13, 2022 · 1 comment · May be fixed by #23933
Open

Users - api - able to create a user without the required name field #23788

karel-rehor opened this issue Oct 13, 2022 · 1 comment · May be fixed by #23933

Comments

@karel-rehor
Copy link
Contributor

Steps to reproduce:
List the minimal actions needed to reproduce the behavior.

Testing directly against the API

  1. Prepare a User requestBody, but leave out the name field.
  2. POST the request to the endpoint api/v2/users

The request data

{
  "oauthID": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIwMTIzNDU2Nzg5QUJDREVGIiwibmFtZSI6Ikh5ZW5hMDA3IiwiaWF0IjoxMDAwMDAwMDAxfQ.Gb4EnTVSUg55eYlXTvXJYs8oQ37rgefHh3FChGEJ80U",
  "status":"active",
  "role":"owner",
  "org_id":
  "2d379394d1f6b2fd"
}

Expected behavior:
Expected that since the required field name is missing, that the request would be rejected and the return HTTP status would be 400.

from openapi src/common/schemas/User.yml

  properties:
    id:
      readOnly: true
      type: string
      description: The user ID.
    oauthID:
      type: string
      description: The OAuth ID.
    name:
      type: string
      description: The user name.
    status:
      description: |
        If `inactive`, the user is inactive.
        Default is `active`.
      default: active
      type: string
      enum:
        - active
        - inactive
  required: [name]
~

Actual behavior:
The server returns 201 and a new user artifact with an empty name field.

The response body

{
   "links": {
      "self": "/api/v2/users/0a20185faf358000"
   },
   "id": "0a20185faf358000",
   "name": "",
   "oauthID": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIwMTIzNDU2Nzg5QUJDREVGIiwibmFtZSI6Ikh5ZW5hMDA3IiwiaWF0IjoxMDAwMDAwMDAxfQ.Gb4EnTVSUg55eYlXTvXJYs8oQ37rgefHh3FChGEJ80U",
   "status": "active"
}

Environment info:

Testing against K8SIDPE remocal.

Latest commit

commit 0f8ac3d3ca10c0bce971461a51d3654f5dd66f0d (HEAD -> master, origin/master, origin/HEAD)
Author: Wojciech Kocjan <wkocjan@influxdata.com>
Date:   Thu Oct 13 07:51:24 2022 +0200
@alespour
Copy link
Contributor

Current revision returns Internal Server Error 500

HTTP/1.1 500 Internal Server Error
...
{
	"code": "internal error",
	"message": "key required"
}

@alespour alespour linked a pull request Nov 21, 2022 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: user name cannot be empty alespour/influxdb
2 participants
@karel-rehor @alespour