[Bug]: 500 error when creating an API key and specifying a non-existent tenant it.

[mooreds]

What happened?

To replicate:

• create a second tenant (this bug doesn't appear if you have only one tenant!)
• create an key manager API key
• using that API key, try to create an API key, but specify a non-existent tenant id.

curl -H 'Authorization: key-manager-API-key' http://localhost:9011/api/api-key -XPOST  -H 'Content-type: application/json' -d '{"apiKey": {"key":"new-key-value","tenantId":"7cbf6b0c-ec35-4fe5-ba74-10fb35f79b77"}}'

where 7cbf6b0c-ec35-4fe5-ba74-10fb35f79b77 is a tenant id that does not exist.

You'll see this error message in the logs:

db-1          | 2024-05-17 14:00:25.365 UTC [55] ERROR:  insert or update on table "authentication_keys" violates foreign key constraint "authentication_keys_fk_1"
db-1          | 2024-05-17 14:00:25.365 UTC [55] DETAIL:  Key (tenants_id)=(7cbf6b0c-ec35-4fe5-ba74-10fb35f79b77) is not present in table "tenants".
db-1          | 2024-05-17 14:00:25.365 UTC [55] STATEMENT:  INSERT INTO authentication_keys (id, insert_instant, ip_access_control_lists_id, key_manager, key_value, last_update_instant, tenants_id, permissions, meta_data) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)
fusionauth-1  | 2024-05-17 02:00:25.373 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
fusionauth-1  | org.apache.ibatis.exceptions.PersistenceException: 
fusionauth-1  | ### Error updating database.  Cause: org.postgresql.util.PSQLException: ERROR: insert or update on table "authentication_keys" violates foreign key constraint "authentication_keys_fk_1"
fusionauth-1  |   Detail: Key (tenants_id)=(7cbf6b0c-ec35-4fe5-ba74-10fb35f79b77) is not present in table "tenants".
fusionauth-1  | ### The error may exist in com/inversoft/authentication/api/domain/AuthenticationKeyMapper.xml
fusionauth-1  | ### The error may involve defaultParameterMap
fusionauth-1  | ### The error occurred while setting parameters
fusionauth-1  | ### SQL: INSERT INTO authentication_keys (id, insert_instant, ip_access_control_lists_id, key_manager, key_value, last_update_instant, tenants_id, permissions, meta_data) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
fusionauth-1  | ### Cause: org.postgresql.util.PSQLException: ERROR: insert or update on table "authentication_keys" violates foreign key constraint "authentication_keys_fk_1"
fusionauth-1  |   Detail: Key (tenants_id)=(7cbf6b0c-ec35-4fe5-ba74-10fb35f79b77) is not present in table "tenants".
fusionauth-1  |     at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
fusionauth-1  |     at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:199)
fusionauth-1  |     at org.apache.ibatis.session.defaults.DefaultSqlSession.insert(DefaultSqlSession.java:184)
fusionauth-1  |     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
fusionauth-1  |     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
fusionauth-1  |     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
fusionauth-1  |     at java.base/java.lang.reflect.Method.invoke(Method.java:568)
fusionauth-1  |     at org.apache.ibatis.session.SqlSessionManager$SqlSessionInterceptor.invoke(SqlSessionManager.java:348)
fusionauth-1  |     at jdk.proxy2/jdk.proxy2.$Proxy54.insert(Unknown Source)
fusionauth-1  |     at org.apache.ibatis.session.SqlSessionManager.insert(SqlSessionManager.java:234)
fusionauth-1  |     at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:62)
fusionauth-1  |     at org.apache.ibatis.binding.MapperProxy$PlainMethodInvoker.invoke(MapperProxy.java:141)
fusionauth-1  |     at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:86)
fusionauth-1  |     at jdk.proxy2/jdk.proxy2.$Proxy60.create(Unknown Source)
fusionauth-1  |     at com.inversoft.authentication.api.service.DefaultAuthenticationKeyService._create(DefaultAuthenticationKeyService.java:59)
fusionauth-1  |     at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:100)
fusionauth-1  |     at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:100)
fusionauth-1  |     at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:100)
fusionauth-1  |     at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:100)
fusionauth-1  |     at com.inversoft.authentication.api.service.DefaultAuthenticationKeyService.create(DefaultAuthenticationKeyService.java:113)
fusionauth-1  |     at io.fusionauth.api.service.system.DefaultAPIKeyService.create(DefaultAPIKeyService.java:46)
fusionauth-1  |     at io.fusionauth.app.action.api.ApiKeyAction.post(ApiKeyAction.java:90)
fusionauth-1  |     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
fusionauth-1  |     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
fusionauth-1  |     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
fusionauth-1  |     at java.base/java.lang.reflect.Method.invoke(Method.java:568)
fusionauth-1  |     at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:443)
fusionauth-1  |     at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:77)
fusionauth-1  |     at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:60)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:50)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:45)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:79)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:49)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:74)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:58)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:92)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:50)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:119)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:65)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.cors.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:65)
fusionauth-1  |     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1  |     at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:108)
fusionauth-1  |     at org.primeframework.mvc.PrimeMVCRequestHandler.handle(PrimeMVCRequestHandler.java:73)
fusionauth-1  |     at io.fusionauth.http.server.HTTPWorker.run(HTTPWorker.java:50)
fusionauth-1  |     at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
fusionauth-1  |     at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
fusionauth-1  |     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
fusionauth-1  |     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
fusionauth-1  |     at java.base/java.lang.Thread.run(Thread.java:833)
fusionauth-1  | Caused by: org.postgresql.util.PSQLException: ERROR: insert or update on table "authentication_keys" violates foreign key constraint "authentication_keys_fk_1"
fusionauth-1  |   Detail: Key (tenants_id)=(7cbf6b0c-ec35-4fe5-ba74-10fb35f79b77) is not present in table "tenants".
fusionauth-1  |     at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2725)
fusionauth-1  |     at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2412)
fusionauth-1  |     at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:371)
fusionauth-1  |     at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:502)
fusionauth-1  |     at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:419)
fusionauth-1  |     at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:194)
fusionauth-1  |     at org.postgresql.jdbc.PgPreparedStatement.execute(PgPreparedStatement.java:180)
fusionauth-1  |     at com.zaxxer.hikari.pool.ProxyPreparedStatement.execute(ProxyPreparedStatement.java:44)
fusionauth-1  |     at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.execute(HikariProxyPreparedStatement.java)
fusionauth-1  |     at org.apache.ibatis.executor.statement.PreparedStatementHandler.update(PreparedStatementHandler.java:48)
fusionauth-1  |     at org.apache.ibatis.executor.statement.RoutingStatementHandler.update(RoutingStatementHandler.java:75)
fusionauth-1  |     at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:50)
fusionauth-1  |     at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
fusionauth-1  |     at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
fusionauth-1  |     at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197)
fusionauth-1  |     ... 58 common frames omitted

Version

1.50.1, 1.51-EAP

Affects Versions

No response

[robotdan]

Thanks for reporting @mooreds - looks like an easy bug to fix.