Project

Profile

Help

Issue #1417

HTTP 500 when invalid fields included as a part of criteria objects

Added by amacdona@redhat.com about 5 years ago. Updated 7 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Master
Platform Release:
2.8.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

We don't do any validation of the criteria objects, and this did not matter pre 2.7 because the invalid fields were simply passed to mongo. Mongo would either ignore invalid fields `fields=['fake']` or attempt to search with it `filters: {"fake": "field"}`. Though this could produce unexpected results, it returned something. The problem occurs now in collections that have been converted to Mongoengine because we have to translate these external field names to internal db names. Because we now have to touch these fields, we should raise an InvalidValue if they don't work.

(pulp)[vagrant@dev pulp]$ http --json -a admin:admin --verify=no POST 'https://localhost/pulp/api/v2/repositories/search/' criteria:='{"fields": ["fake"]}'
HTTP/1.1 500 INTERNAL SERVER ERROR
Connection: close
Content-Encoding: utf-8
Content-Length: 2300
Content-Type: application/json; charset=utf-8
Date: Tue, 15 Dec 2015 16:57:30 GMT
Server: Apache/2.4.17 (Fedora) OpenSSL/1.0.1k-fips mod_wsgi/4.4.8 Python/2.7.10
{
    "_href": "/pulp/api/v2/repositories/search/", 
    "error_message": "type object 'Repository' has no attribute 'fake'", 
    "exception": [
        "AttributeError: type object 'Repository' has no attribute 'fake'\n"
    ], 
    "http_request_method": "POST", 
    "http_status": 500, 
    "traceback": [
        "  File \"/usr/lib/python2.7/site-packages/django/core/handlers/base.py\", line 132, in get_response\n    response = wrapped_callback(request, *callback_args, **callback_kwargs)\n", 
        "  File \"/usr/lib/python2.7/site-packages/django/views/generic/base.py\", line 71, in view\n    return self.dispatch(request, *args, **kwargs)\n", 
        "  File \"/usr/lib/python2.7/site-packages/django/views/generic/base.py\", line 89, in dispatch\n    return handler(request, *args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/decorators.py\", line 239, in _auth_decorator\n    return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/decorators.py\", line 193, in _verify_auth\n    value = method(self, *args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/util.py\", line 111, in wrapper\n    return func(*args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/search.py\", line 125, in post\n    return self._generate_response(query, options, *args, **kwargs)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/search.py\", line 166, in _generate_response\n    *args, **kwargs))\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/repositories.py\", line 265, in get_results\n    results = list(search_method(query))\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/db/querysets.py\", line 57, in find_by_criteria\n    criteria = model.serializer().translate_criteria(model, criteria)\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/serializers/__init__.py\", line 281, in translate_criteria\n    crit_dict['fields'] = [self._translate(model, field) for field in crit.fields]\n", 
        "  File \"/home/vagrant/devel/pulp/server/pulp/server/webservices/views/serializers/__init__.py\", line 253, in _translate\n    return getattr(model, field).db_field\n"
    ]
}

Related issues

Blocks Pulp - Issue #1332: in Search API, restritcting fields does not work with MongoengineCLOSED - CURRENTRELEASE<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision 8860d82d View on GitHub
Added by Austin Macdonald about 5 years ago

Allow restriction of fields on Mongoengine documents

closes #1332 cloese #1417

Remove unspecified, nonrequired key value pairs from serialized results when searching by a criteria object that specifies fields.

History

#1 Updated by amacdona@redhat.com about 5 years ago

  • Blocks Issue #1332: in Search API, restritcting fields does not work with Mongoengine added

#2 Updated by amacdona@redhat.com about 5 years ago

  • Status changed from ASSIGNED to POST

#3 Updated by mhrivnak about 5 years ago

  • Triaged changed from No to Yes

#4 Updated by amacdona@redhat.com almost 5 years ago

  • Status changed from POST to MODIFIED

#5 Updated by dkliban@redhat.com almost 5 years ago

  • Status changed from MODIFIED to 5

#6 Updated by dkliban@redhat.com almost 5 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE

#7 Updated by bmbouter almost 2 years ago

  • Tags Pulp 2 added

#8 Updated by bmbouter 7 months ago

  • Category deleted (14)

We are removing the 'API' category per open floor discussion June 16, 2020.

Please register to edit this issue

Also available in: Atom PDF