Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 8218:32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
While adding fuzz testing for email addresses via REST
/rest/data/user/1/address, I had an error when setting the address to
the same value it currently had. Traced this to a bug in
userauditor.py. Fixed the bug. Documented in upgrading.txt.
While trying to track down issue, I realized invalid json was being
accepted without error. So I fixed the code that parses the json and
have it return an error. Also modified some tests that broke (used
invalid json, or passed body (e.g. DELETE) but shouldn't have. Add
tests for bad json to verify new code.
Fixed test that wasn't initializing the body_file in each loop, so the
test wasn't actually supplying a body.
Also realised PUT documentation was not correct. Output format isn't
quite like GET.
Fuss tests for email address also added.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 17 Dec 2024 19:42:46 -0500 |
| parents | 2967f37e73e4 |
| children | 2d0bd038fc5e |
comparison
equal
deleted
inserted
replaced
| 8217:cd76d5d59c37 | 8218:32aaf5dc562b |
|---|---|
| 130 | 130 |
| 131 <tal:block metal:use-macro="templates/page/macros/frame"> | 131 <tal:block metal:use-macro="templates/page/macros/frame"> |
| 132 | 132 |
| 133 at the top of both files. The icing macro used in other tracker | 133 at the top of both files. The icing macro used in other tracker |
| 134 templates was renamed to frame in this tracker template. | 134 templates was renamed to frame in this tracker template. |
| 135 | |
| 136 Update userauditor.py detector (recommended) | |
| 137 -------------------------------------------- | |
| 138 | |
| 139 When using the REST interface, setting the address property of the | |
| 140 user to the same value it currently has resulted in an error. | |
| 141 | |
| 142 If you have not changed your userauditor, you can copy one from any of | |
| 143 the supplied templates in the ``detectors/userauditor.py`` file. Use | |
| 144 ``roundup-admin templates`` to find a list of template directories. | |
| 145 | |
| 146 If you have changed your userauditor from the stock version, apply the | |
| 147 following diff:: | |
| 148 | |
| 149 raise ValueError('Email address syntax is invalid | |
| 150 "%s"'%address) | |
| 151 | |
| 152 check_main = db.user.stringFind(address=address) | |
| 153 + # allow user to set same address via rest | |
| 154 + if check_main: | |
| 155 + check_main = nodeid not in check_main | |
| 156 + | |
| 157 # make sure none of the alts are owned by anyone other than us (x!=nodeid) | |
| 158 | |
| 159 add the lines marked with ``+`` in the file in the location after | |
| 160 check_main is assigned. | |
| 135 | 161 |
| 136 More secure session cookie handling (info) | 162 More secure session cookie handling (info) |
| 137 ------------------------------------------ | 163 ------------------------------------------ |
| 138 | 164 |
| 139 This affects you if you are accessing a tracker via https. The name | 165 This affects you if you are accessing a tracker via https. The name |