Open sukhwinder33445 opened 1 month ago
In case of POST method, if the optional field "groups" is used for contacts or "users" for contactgroups, you get 500 (Internal Server Error) response code, with following exception:
ERROR - PDOException in /usr/local/src/ipl-sql/src/Connection.php:402 with message: SQLSTATE[42601]: Syntax error: 7 ERROR: syntax error at or near "$1"
LINE 1: SELECT id FROM contact WHERE external_uuid $1
^
#0 /usr/local/src/ipl-sql/src/Connection.php(402): PDOStatement->execute(Array)
#1 /usr/local/src/ipl-sql/src/Connection.php(232): ipl\Sql\Connection->prepexec(String, Array)
#2 /usr/share/icingaweb2-modules/notifications/application/controllers/ApiV1ContactgroupsController.php(271): ipl\Sql\Connection->fetchCol(Object(ipl\Sql\Select))
#3 /usr/share/icingaweb2-modules/notifications/application/controllers/ApiV1ContactgroupsController.php(329): Icinga\Module\Notifications\Controllers\ApiV1ContactgroupsController->getUserId(String)
#4 /usr/share/icingaweb2-modules/notifications/application/controllers/ApiV1ContactgroupsController.php(322): Icinga\Module\Notifications\Controllers\ApiV1ContactgroupsController->addUsers(Integer, Array)
#5 /usr/share/icingaweb2-modules/notifications/application/controllers/ApiV1ContactgroupsController.php(164): Icinga\Module\Notifications\Controllers\ApiV1ContactgroupsController->addContactgroup(Array)
#6 /usr/share/icinga-php/vendor/vendor/shardj/zf1-future/library/Zend/Controller/Action.php(522): Icinga\Module\Notifications\Controllers\ApiV1ContactgroupsController->indexAction()
#7 /icingaweb2/library/Icinga/Web/Controller/Dispatcher.php(76): Zend_Controller_Action->dispatch(String)
#8 /usr/share/icinga-php/vendor/vendor/shardj/zf1-future/library/Zend/Controller/Front.php(954): Icinga\Web\Controller\Dispatcher->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#9 /icingaweb2/library/Icinga/Application/Web.php(294): Zend_Controller_Front->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#10 /icingaweb2/library/Icinga/Application/webrouter.php(105): Icinga\Application\Web->dispatch()
#11 /icingaweb2/public/index.php(4): require_once(String)
#12 {main}
Example request:
POST http://localhost/icingaweb2/notifications/api/v1/contacts/1e175900-fc7b-4e3e-ad6f-15c7bd158551
Authorization: Basic icingaadmin icinga
Accept: application/json
Content-Type: application/json
{
"id": "1e175900-fc7b-4e3e-ad6f-15c7bd15855a",
"full_name": "flo1",
"username": "flo1",
"default_channel": "e-test",
"groups": ["e48349b8-a9d8-4a45-a9eb-f5fd41b88d62"]
}
Edit: This is also the case for PUT method. Additionally, in PUT method the update of contactgroups is failing, even if you are updating the name.
In case of PUT method, update is resulting in response code 500 (Internal Server Error), with the following exception:
ERROR - PDOException in /usr/local/src/ipl-sql/src/Connection.php:402 with message: SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for type bigint: "4fb8cc48-c2ec-4782-9b4b-9b9e3bb5b8b2"
CONTEXT: unnamed portal parameter $1 = '...'
#0 /usr/local/src/ipl-sql/src/Connection.php(402): PDOStatement->execute(Array)
#1 /usr/local/src/ipl-sql/src/Connection.php(489): ipl\Sql\Connection->prepexec(String)
#2 /usr/share/icingaweb2-modules/notifications/application/controllers/ApiV1ContactgroupsController.php(195): ipl\Sql\Connection->delete(String, Array)
#3 /usr/share/icinga-php/vendor/vendor/shardj/zf1-future/library/Zend/Controller/Action.php(522): Icinga\Module\Notifications\Controllers\ApiV1ContactgroupsController->indexAction()
#4 /icingaweb2/library/Icinga/Web/Controller/Dispatcher.php(76): Zend_Controller_Action->dispatch(String)
#5 /usr/share/icinga-php/vendor/vendor/shardj/zf1-future/library/Zend/Controller/Front.php(954): Icinga\Web\Controller\Dispatcher->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#6 /icingaweb2/library/Icinga/Application/Web.php(294): Zend_Controller_Front->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#7 /icingaweb2/library/Icinga/Application/webrouter.php(105): Icinga\Application\Web->dispatch()
#8 /icingaweb2/public/index.php(4): require_once(String)
#9 {main}
Also, I think external_uuid column must be unique. I have commented about this already in https://github.com/Icinga/icinga-notifications/pull/216. If it is not unique with POST method you can inject many contacts or contact groups with same external_uuid.
No, the POST | PUT
method does not allow you to add multiple resources with the same uuid. But to be on the safe side, a unique uuid is a good idea.
I identified that external_uuid is not unique after I could inject a duplicate through POST method. Anyways, after making the column unique the problem will be solved.
In case of PUT method for contacts
, if the row being updated receives the same values as its current values. In my opinion, you do not have to return response code 422 with the error message Username
already exists (because username
is unique) . You can just return response code 204 saying that the contact was updated.
I just noticed how bad the idea was to reference channels by their name:
The names of channels are not unique.
{ "id": "c63143e2-59a2-4822-b371-d0b039ea2b07", "full_name": "Rhys Gibbs", "username": "rgibbs", "default_channel": "Mail", <-- Is ambiguous! "addresses": "{\"email\":\"rhys.gibbs@local.local\"}" }
So I think we should also introduce UUIDs for them. It may be incomplete for sure, but adding all API endpoints for them is out of scope right now, the GET notifications/api/v1/channels?filter
endpoint suffices. And the UI must automatically generate them as it's already doing for contacts and groups.
resolves #176
Requires: