Issue #1417: HTTP 500 when invalid fields included as a part of criteria objects - Pulp

Actions

Send by e-mail Copy link

Issue #1417

closed

HTTP 500 when invalid fields included as a part of criteria objects

Added by amacdona@redhat.com about 9 years ago. Updated over 4 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

amacdona@redhat.com

Category:

Sprint/Milestone:

Start date:

Due date:

Estimated time:

Severity:

2. Medium

Version:

Master

Platform Release:

2.8.0

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Pulp 2

Sprint:

Quarter:

Description

We don't do any validation of the criteria objects, and this did not matter pre 2.7 because the invalid fields were simply passed to mongo. Mongo would either ignore invalid fields `fields=['fake']` or attempt to search with it `filters: {"fake": "field"}`. Though this could produce unexpected results, it returned something. The problem occurs now in collections that have been converted to Mongoengine because we have to translate these external field names to internal db names. Because we now have to touch these fields, we should raise an InvalidValue if they don't work.

(pulp)[vagrant@dev pulp]$ http --json -a admin:admin --verify=no POST 'https://localhost/pulp/api/v2/repositories/search/' criteria:='{"fields": ["fake"]}'

HTTP/1.1 500 INTERNAL SERVER ERROR
Connection: close
Content-Encoding: utf-8
Content-Length: 2300
Content-Type: application/json; charset=utf-8
Date: Tue, 15 Dec 2015 16:57:30 GMT
Server: Apache/2.4.17 (Fedora) OpenSSL/1.0.1k-fips mod_wsgi/4.4.8 Python/2.7.10

{
    "_href": "/pulp/api/v2/repositories/search/", 
    "error_message": "type object 'Repository' has no attribute 'fake'", 
    "exception": [
        "AttributeError: type object 'Repository' has no attribute 'fake'\n"
    ], 
    "http_request_method": "POST", 
    "http_status": 500, 
    "traceback": [
        "  File \"/usr/lib/python2.7/site-packages/django/core/handlers/base.py\", line 132, in get_response\n    response = wrapped_callback(request, *callback_args, **callback_kwargs)\n", 
        "  File \"/usr/lib/python2.7/site-packages/django/views/generic/base.py\", line 71, in view\n    return self.dispatch(request, *args, **kwargs)\n", 
        "  File \"/usr/lib/python2.7/site-packages/django/views/generic/base.py\", line 89, in dispatch\n    return handler(request, *args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/decorators.py\", line 239, in _auth_decorator\n    return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/decorators.py\", line 193, in _verify_auth\n    value = method(self, *args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/util.py\", line 111, in wrapper\n    return func(*args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/search.py\", line 125, in post\n    return self._generate_response(query, options, *args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/search.py\", line 166, in _generate_response\n    *args, **kwargs))\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/repositories.py\", line 265, in get_results\n    results = list(search_method(query))\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/db/querysets.py\", line 57, in find_by_criteria\n    criteria = model.serializer().translate_criteria(model, criteria)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/serializers/__init__.py\", line 281, in translate_criteria\n    crit_dict['fields'] = [self._translate(model, field) for field in crit.fields]\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/serializers/__init__.py\", line 253, in _translate\n    return getattr(model, field).db_field\n"
    ]
}