search

Haufe-Lexware / wicked.haufe.io

An API Management system based on Mashape Kong
http://wicked.haufe.io
Other
123 stars 37 forks source link

Double Submit Issue in Registration Flow #192

Closed kbhuvanamohan closed 5 years ago

kbhuvanamohan commented 5 years ago

Hi Martin,

We encountered an issue during the user sign up and subsequent registration.

The user is able to sign up and during the registration flow, if the user clicks the "Register" button twice, it is allowing the multiple clicks/submits and causing an error that "Multiple registrations detected for registration pool".

After debugging, it appears that double submit/refresh is causing multiple entries to the wicked.registrations table and only after clearing the duplicates it is allowing the user to login.

Just thought of bringing this to your notice and see if this can be taken up for your subsequent releases. Thanks!

wicked=# select * from wicked.users where email = 'kbm@kkk.com';
                    id                    |    email    | custom_id |                                                                             data

------------------------------------------+-------------+-----------+-----------------------------------------------------------------------------------------------------------------------------
----------------------------------
e8776acd2252348c4000c14b7b27294d04c7b7b1 | kbm@kkk.com |           | {"groups": ["dev"], "password": "$2a$10$e2aZTPPVpGrtQUXUdZblP.ur2/B0OK565U6nOMLepXd0vsnHb3Zii", "validated": true, "changedD
ate": "2019-04-11T07:25:45.395Z"}
(1 row)

wicked=#
wicked=#
wicked=#
wicked=# select reg.* from wicked.registrations reg where reg.users_id='e8776acd2252348c4000c14b7b27294d04c7b7b1';
                    id                    | pool_id |                 users_id                 | namespace | name |
      data
------------------------------------------+---------+------------------------------------------+-----------+------+-------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
af5c7f86d967c8381a00429141b480fb915eab32 | wicked  | e8776acd2252348c4000c14b7b27294d04c7b7b1 |           | KBM  | {"email": "kbm@kkk.com", "phone": "", "company": "KKK", "customId": null, "cha
ngedBy": "d798ef08e3476fab715a18eb52588017c6c3f8ed", "changedDate": "2019-04-11T07:30:25.176Z"}
448c2ac55418bf534407108bc556c311659114e3 | wicked  | e8776acd2252348c4000c14b7b27294d04c7b7b1 |           | KBM  | {"email": "kbm@kkk.com", "phone": "", "company": "KKK", "customId": null, "cha
ngedBy": "d798ef08e3476fab715a18eb52588017c6c3f8ed", "changedDate": "2019-04-11T07:30:22.931Z"}
165569a22b7f3d1fa2940059d266762265110e9e | wicked  | e8776acd2252348c4000c14b7b27294d04c7b7b1 |           | KBM  | {"email": "kbm@kkk.com", "phone": "", "company": "KKK", "customId": null, "cha
ngedBy": "d798ef08e3476fab715a18eb52588017c6c3f8ed", "changedDate": "2019-04-11T07:30:22.720Z"}
(3 rows)
wicked=#
wicked=#
wicked=# delete from wicked.registrations reg where reg.id in ('af5c7f86d967c8381a00429141b480fb915eab32','448c2ac55418bf534407108bc556c311659114e3');
DELETE 2
wicked=# select reg.* from wicked.registrations reg where reg.users_id='e8776acd2252348c4000c14b7b27294d04c7b7b1';
                    id                    | pool_id |                 users_id                 | namespace | name |
      data
------------------------------------------+---------+------------------------------------------+-----------+------+-------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
165569a22b7f3d1fa2940059d266762265110e9e | wicked  | e8776acd2252348c4000c14b7b27294d04c7b7b1 |           | KBM  | {"email": "kbm@kkk.com", "phone": "", "company": "KKK", "customId": null, "cha
ngedBy": "d798ef08e3476fab715a18eb52588017c6c3f8ed", "changedDate": "2019-04-11T07:30:22.720Z"}
(1 row)
wicked=#

Thanks!

DonMartin76 commented 5 years ago

Is this still reproducible with the latest RC release? I saw this in one of the first beta releases last year (September/October). Which version is this?

kbhuvanamohan commented 5 years ago

Hello Martin,

This is 1.0.0-RC1 release.

Thanks!

DonMartin76 commented 5 years ago

Can you write down some steps how to reproduce this? Specific browsers,...?

kbhuvanamohan commented 5 years ago

Hi Martin,

This happens in Chrome browser [Version 73.0.3683.103 (Official Build) (64-bit)].

This happens in the Sign-Up followed by the "Registration" flow. After filling the details such as FirstName, LastName and Company info in the "Registration" form, when you click the "Register" button more than once, it is triggering a registration call resulting in duplicate entries.

At this time of multiple clicking, we get the 500 result from the server.

Status 500
apiPut() registrations/pools/wicked/users/e8776acd2252348c4000c14b7b27294d04c7b7b1 returned non-OK status code: 500, check err.statusCode and err.body for details
Correlation Id: 145f0870-789e-4dab-aeae-dacc3ef6aeda
If the problem persists, please contact the system administrator.

Next time if you try to login using the registered user, we receive the below error:

Status 500
Multiple registrations detected for registration pool.
Correlation Id: 7d76856a-b8f2-44ee-8425-7a8a96afdc2b
If the problem persists, please contact the system administrator.

Thanks!

DonMartin76 commented 5 years ago

I can reproduce a faulty behavior at the "create user" step, which results in a 409 error, but at the registration step, I cannot reproduce this (using the RC4 release).

Sorry for the long delay answering this.

kbhuvanamohan commented 5 years ago

Today we have upgraded to the latest RC6 version and this double submit issue no longer occurs. Thanks for your help and you can close this bug.

kbhuvanamohan commented 4 years ago

@miguelpoyatosmora @karthiknaga87 Please help to provide additional information if needed and for your reference.