Description of problem: A typo in API call generates a backtrace errors instead of simple error message with proper syntax suggestion Version-Release number of selected component (if applicable): Satellite 6.2.2 How reproducible: Repeatable Steps to Reproduce: 1. Execute API call with a typo NOK (fails) # curl -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X PUT -u username:password -k -d "{\"user\":{\"location_ids\":[3], \"organization_ids\":1}}" https://sat6.example.com/api/users/12 OK (works) # curl -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X PUT -u username:password -k -d "{\"user\":{\"location_ids\":[3], \"organization_ids\":[1]}}" https://sat6.example.com/api/users/12 Actual results: # curl -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X PUT -u username:password -k -d "{\"user\":{\"location_ids\":[3], \"organization_ids\":1}}" https://sat6.example.com/api/users/12 2016-12-01 17:13:33 [app] [I] Started PUT "/api/users/12" for <IP> at 2016-12-01 17:13:33 -0500 2016-12-01 17:13:33 [app] [I] Processing by Api::V2::UsersController#update as JSON 2016-12-01 17:13:33 [app] [I] Parameters: {"user"=>{"location_ids"=>[3], "organization_ids"=>1}, "apiv"=>"v2", "id"=>"12"} 2016-12-01 17:13:33 [app] [I] Authorized user admin(Admin User) 2016-12-01 17:13:33 [app] [W] Action failed | NoMethodError: undefined method `uniq' for 1:Fixnum | /usr/share/foreman/app/models/concerns/dirty_associations.rb:34:in `block (2 levels) in dirty_has_many_associations' | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/attribute_assignment.rb:45:in `public_send' <-- snip --> | /opt/theforeman/tfm/root/usr/share/gems/gems/logging-1.8.2/lib/logging/diagnostic_context.rb:323:in `block in create_with_logging_context' 2016-12-01 17:13:33 [app] [I] Rendered api/v2/errors/standard_error.json.rabl within api/v2/layouts/error_layout (1.2ms) 2016-12-01 17:13:33 [app] [I] Completed 500 Internal Server Error in 52ms (Views: 2.5ms | ActiveRecord: 7.6ms) Expected results: # curl -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X PUT -u username:password -k -d "{\"user\":{\"location_ids\":[3], \"organization_ids\":1}}" https://usl10149341.am.hedani.net/api/users/12 [E] 'organization_ids must be array' or something similar with proper syntax suggestion Additional info: None
Triaged on 1.14 develop and it worked fine - I'll triage this on 1.13 and if it does work there I'll put on POST for 6.3
Fixed on 1.13-stable. I've tried and both the array and the 'single integer' version and both set the org/loc properly (although only the former should be supporrted) - so I'll put it on POST and 6.3
Thanks Daniel. I'm more than happy for it to ONLY take Arrays (as that is what's documented) my main concern was that passing incorrect arguments shouldn't generate a backtrace (as they are not necessarily informative of what went wrong).
Per Daniel,. this is fied in 1.13 which was delivered to QA. Updating the status to reflect this.
Build: Satellite 6.3.0 snap 29 [root@qe-capsule-feature-rhel6 ~]# rpm -qa | grep satellite satellite-installer-6.3.0.9-1.beta.el7sat.noarch satellite-common-6.3.0-23.0.el7sat.noarch satellite-6.3.0-23.0.el7sat.noarch satellite-cli-6.3.0-23.0.el7sat.noarch tfm-rubygem-foreman_theme_satellite-1.0.4.12-1.el7sat.noarch hammer location list ---|------------------|------------------|------------ ID | TITLE | NAME | DESCRIPTION ---|------------------|------------------|------------ 3 | aa | aa | 2 | Default Location | Default Location | ---|------------------|------------------|------------ Verification Steps: 1) With Array and resource present: curl -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X PUT -u admin:changeme -k -d "{\"user\":{\"location_ids\":[3], \"organization_ids\":[1]}}" https://sat-host/api/users/5 {"firstname":"custom","lastname":"test","mail":"custom","admin":true,"auth_source_id":1,"auth_source_name":"Internal","timezone":"","locale":null,"last_login_on":null,"created_at":"2017-12-18 07:40:53 UTC","updated_at":"2017-12-18 07:48:43 UTC","id":5,"login":"custom","description":"","ssh_keys":[],"default_location":null,"locations":[{"id":3,"name":"aa","title":"aa","description":""}],"default_organization":null,"organizations":[{"id":1,"name":"Default Organization","title":"Default Organization","description":null}],"effective_admin":true,"cached_usergroups":[],"auth_source_internal":{"id":1,"type":"AuthSourceInternal","name":"Internal"},"mail_notifications":[],"roles":[],"usergroups":[]} 2) Without Array and resource present: NO Error curl -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X PUT -u admin:changeme -k -d "{\"user\":{\"location_ids\":3, \"organization_ids\":[1]}}" https://sat-host/api/users/5 {"firstname":"custom","lastname":"test","mail":"custom","admin":true,"auth_source_id":1,"auth_source_name":"Internal","timezone":"","locale":null,"last_login_on":null,"created_at":"2017-12-18 07:40:53 UTC","updated_at":"2017-12-18 07:48:43 UTC","id":5,"login":"custom","description":"","ssh_keys":[],"default_location":null,"locations":[],"default_organization":null,"organizations":[{"id":1,"name":"Default Organization","title":"Default Organization","description":null}],"effective_admin":true,"cached_usergroups":[],"auth_source_internal":{"id":1,"type":"AuthSourceInternal","name":"Internal"},"mail_notifications":[],"roles":[],"usergroups":[] 3) With Arrary For non-existence resource: curl -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X PUT -u admin:changeme -k -d "{\"user\":{\"location_ids\":[30], \"organization_ids\":[1]}}" https://sat-host/api/users/5 { "error": {"message":"Resource user not found by id '5'"} } 4) Without Array for non-existence resource: No Error curl -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X PUT -u admin:changeme -k -d "{\"user\":{\"location_ids\":30, \"organization_ids\":[1]}}" https://sat-host/api/users/5 {"firstname":"custom","lastname":"test","mail":"custom","admin":true,"auth_source_id":1,"auth_source_name":"Internal","timezone":"","locale":null,"last_login_on":null,"created_at":"2017-12-18 07:40:53 UTC","updated_at":"2017-12-18 07:48:43 UTC","id":5,"login":"custom","description":"","ssh_keys":[],"default_location":null,"locations":[],"default_organization":null,"organizations":[{"id":1,"name":"Default Organization","title":"Default Organization","description":null}],"effective_admin":true,"cached_usergroups":[],"auth_source_internal":{"id":1,"type":"AuthSourceInternal","name":"Internal"},"mail_notifications":[],"roles":[],"usergroups":[]} The Steps 2 and 4 , should throw back a valid Error. Additional Info: Steps 2 and 4 also didn't register any error in production.log 2017-12-18 02:55:54 c1edb822 [app] [I] Completed 200 OK in 9ms (Views: 0.2ms | ActiveRecord: 0.7ms) 2017-12-18 02:56:02 80f96e11 [app] [I] Started PUT "/api/users/5" for 10.67.116.156 at 2017-12-18 02:56:02 -0500 2017-12-18 02:56:02 80f96e11 [app] [I] Processing by Api::V2::UsersController#update as JSON 2017-12-18 02:56:02 80f96e11 [app] [I] Parameters: {"user"=>{"location_ids"=>3, "organization_ids"=>[1]}, "apiv"=>"v2", "id"=>"5"} 2017-12-18 02:56:02 80f96e11 [app] [I] Current user: foreman_admin (administrator)
I confirm this still occurs on upstream. Strong params filters out the id that is passed as integer instead of array. Therefor, the integer parameter is simply ignored, whether it's an existing id or not.
Created redmine issue http://projects.theforeman.org/issues/22285 from this bug
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.