search

FusionAuth / fusionauth-issues

FusionAuth issue submission project
https://fusionauth.io
90 stars 12 forks source link

Missing out id from user on importUsers results in internal server error #1116

Closed NikolayMetchev closed 5 months ago

NikolayMetchev commented 3 years ago

Missing out id from user on importUsers results in internal server error

Description

doing a POST on /api/user/import with a user that doesn't have an id specified results in internal exception.

Affects versions

1.23.3

Steps to reproduce

I used the Java api to create a POST on /api/user/import I forgot to populate the id field of the User object and the result was an internal exception rather than a helpful error message

Expected behavior

The API should return an error explaining that the ID is required field.

Screenshots

FTL stack trace ("~" means nesting-related):

Platform

(Please complete the following information)

Additional context

https://paxos-dev.fusionauth.io/

mooreds commented 3 years ago

Hi @NikolayMetchev ,

Hmmm. I'm unable to replicate. Sent you an email.

mooreds commented 3 years ago

Hmm. I'm am still unable to replicate.

Here's my java class that I'm running to do the import; it imported my test user just fine, though they were inactive. Can you please let me know how your java api call differed (or try running mine and let me know if it works)?

package testadd;

import java.util.ArrayList;

import com.inversoft.rest.ClientResponse;

import io.fusionauth.client.FusionAuthClient;
import io.fusionauth.domain.User;
import io.fusionauth.domain.api.user.ImportRequest;

public class AddUser {
    public static void main(String args[]) {
        String apiKey = "OBFUSCATED";
        FusionAuthClient client = new FusionAuthClient(apiKey, "https://paxos-dev.fusionauth.io");
        ImportRequest request = new ImportRequest();
        request.users = new ArrayList<User>();
        User user = new User();
        user.email = "testdan@example.com";
        user.password = "password";
        request.users.add(user);
        ClientResponse cr = client.importUsers(request);
        if (cr.wasSuccessful()) {
            System.out.println("success");
        } else {
            System.out.println("error");
            System.out.println(cr.errorResponse);
            System.out.println(cr.exception);
        }
    }

}
NikolayMetchev commented 3 years ago

I can't seem to reproduce the error either. However the stack trace is real. It did only happen once for me and then I changed the code to add the id and it started working. I am sorry I can't be more helpful.

mooreds commented 3 years ago

Thanks @NikolayMetchev

I believe you that it was a real stack trace :)

Since neither of us can replicate this, I'll leave it up for a few weeks and see if anyone else chimes in.

voidmain commented 3 years ago

Hi @NikolayMetchev. This one is quite odd because it should be impossible to insert a User object into the FusionAuth database without an id. Furthermore, it should be impossible to visit the /admin/user/manage page in the FusionAuth admin UI without an id.

I've actually seen this stack trace in the logs before and similar to you and @mooreds, I have not yet been able to replicate it. The unfortunate part with not being able to replicate the issue, is that it cannot be fixed from the stack trace alone. That stack trace is nested deep inside our template rendering engine, which is called at the very end of the request.

If you see this error again, please take a database dump immediately without making any changes to anything and attach the dump to this issue. That will help us investigate further.

Also, if you find that you are able to import users and have them exist without the id column in the database, definitely send us the JSON you are using for the /api/user/import call.

robotdan commented 3 years ago

What's even stranger is that the user object that is causing the error in FreeMarker is retrieved by userId in the action. 🤔

andrewpai commented 5 months ago

Closing this issue as not reproducible. I still can't reproduce it today :-)