opendatateam/udata

[API] Create users

Closed this issue · 2 comments

Kwodhan commented

Issue about API post user

Detailed Description

When i call the API on POST $API/api/1/users/ with valid data, I have a 502 Bad Gateway.
A call the API with API key from an admin profil.

This si my payload :

{
  "first_name": "string",
  "id": "string",
  "last_name": "string",
  "since": "2021-05-05T08:55:59.937Z",
  "slug": "string",
  "uri": "string",
  "email" : "string@mail.fr"
}

Stack trace

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2334, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python3.7/site-packages/werkzeug/contrib/fixers.py", line 152, in __call__
    return self.app(environ, start_response)
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2320, in wsgi_app
    response = self.handle_exception(e)
  File "/usr/local/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/usr/local/lib/python3.7/site-packages/flask_restplus/api.py", line 584, in error_router
    return original_handler(e)
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1766, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2317, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1840, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/usr/local/lib/python3.7/site-packages/flask_restplus/api.py", line 584, in error_router
    return original_handler(e)
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1743, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1838, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1824, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python3.7/site-packages/udata/api/__init__.py", line 122, in wrapper
    return func(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/flask_restplus/api.py", line 325, in wrapper
    resp = resource(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/flask/views.py", line 88, in view
    return self.dispatch_request(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/flask_restplus/resource.py", line 44, in dispatch_request
    resp = meth(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/udata/api/__init__.py", line 111, in wrapper
    return func(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/flask_restplus/marshalling.py", line 243, in wrapper
    resp = f(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/udata/core/user/api.py", line 248, in post
    user = form.save()
  File "/usr/local/lib/python3.7/site-packages/flask_mongoengine/wtf/models.py", line 21, in save
    self.instance.save(**kwargs)
  File "/usr/local/lib/python3.7/site-packages/mongoengine/document.py", line 369, in save
    self.validate(clean=clean)
  File "/usr/local/lib/python3.7/site-packages/mongoengine/base/document.py", line 413, in validate
    raise ValidationError(message, errors=errors)
mongoengine.errors.ValidationError: ValidationError (User:None) (Field is required: ['email'])

Possible Explanation

https://github.com/opendatateam/udata/blob/master/udata/core/user/api_fields.py#L41

udata/udata/auth/helpers.py

Line 8 in 8617367

if request.endpoint == 'api.me' or current_user.sysadmin:

Why i am not an admin ?
There is something more to do to be considered as admin on the API ?

Your Environment

My own install in Docker swarm

abulte commented

Hi, you can check if you're an admin by going to your profile page in the back office and see if you have the admin role. The error does not seem related to that however.

Re this route (POST users), we're currently not using it (users creation is done through a server side form only), so it's very possible that it's somehow broken. As we're not using it, we probably won't take a look at this for a while too. If you can submit a PR that would be great :-)

Kwodhan commented

I confirm that my user who attacks the API has the admin role. (set by the following command $>udata user set_admin email@email.fr)
The error is about the email field
The "email" field is only taken if the user is an admin or is himself.
https://github.com/opendatateam/udata/blob/master/udata/core/user/api_fields.py#L41

I will look at it

  • 👍1