search

SparkDevNetwork / Rock

An open source CMS, Relationship Management System (RMS) and Church Management System (ChMS) all rolled into one.
http://www.rockrms.com
572 stars 347 forks source link

POST api/People - email validation not correct #5321

Closed reneesubsplash closed 1 year ago

reneesubsplash commented 1 year ago

Please go through all the tasks below

Please provide a brief description of the problem. Please do not forget to attach the relevant screenshots from your side.

"/api/People" endpoint email validation does not seem to be correct (or maybe too strict?) example POST body: { "IsSystem": false, "Gender": 0, "ForeignId": "1440566", "FirstName": "Batman", "LastName": "Wayne", "Email": "dstockton+batman.sep@subsplash.com", "RecordTypeValueId": 1 }

I'm getting the response: { "person.Email": "The Email address is invalid"}

But it is technically a valid email. The api just doesn't like the "." between "batman.sep" part. If I take that out and send "dstockton+batmansep@subsplash.com" it works. But, technically, "dstockton+batman.sep@subsplash.com" is a valid email address.

Expected Behavior

technically "dstockton+batman.sep@subsplash.com" is a valid email address and should not respond with an error

Actual Behavior

I'm getting the response: { "person.Email": "The Email address is invalid"}

Steps to Reproduce

SEND POST call to

/api/People

with post body payload:

{ "IsSystem": false, "Gender": 0, "ForeignId": "1440566", "FirstName": "Batman", "LastName": "Wayne", "Email": "dstockton+batman.sep@subsplash.com", "RecordTypeValueId": 1 }

Rock Version

Rock Version: Rock McKinley 13.0 (1.13.0.30)

Client Culture Setting

en-US

reneesubsplash commented 1 year ago

Can the fix also support older versions of the rock rms? We have many rock clients and not all of them have upgraded (just like we haven't upgraded our test account)

leahjennings commented 1 year ago

@reneesubsplash I don't have a v13 system to test on, but there was a bug (https://github.com/SparkDevNetwork/Rock/issues/4867) that was found in v13 Alpha that sounds like the same issue. It wasn't fixed until v13.1. I just tested that endpoint on the demo site (running v14.0) and it correctly created the profile with the test email.

image image
bmurphy-dev commented 1 year ago

Can the fix also support older versions of the rock rms? We have many rock clients and not all of them have upgraded (just like we haven't upgraded our test account)

@reneesubsplash it's important to know that the commit for the fix in v13.1 that @leahjennings pointed out is something that gets compiled into a dll, like the Rock.dll, so there's no easy manual patch that you can add into an older version of Rock. Also, as a Rock partner I'd suggest you take the time to encourage churches who may still be on older versions to upgrade to the latest security release to ensure that all vulnerabilities have been covered for them from a security perspective. You can find the latest security release version pointed out in the upper-right hand section of the release notes page, currently v13.7, 12.9, 11.5

Also note that the v13 release series is now a general public release. Which means that even non-contributing churches can move up to it taking advantage of that api call fix. I will say that as a community member it's also important to encourage them to support the Rock core team (Spark) in the continued development of Rock at the same time you mention that they can now move up to v13. https://www.rockrms.com/pricing

reneesubsplash commented 1 year ago

Great, thanks. But now I went into the chms configuration and did an upgrade, and now I'm locked out of my rock account. I have an admin account, but when I try to login it gives me "Hey... we can't let you view this page... Unfortunately, you are not authorized to view the page you requested. Please contact your Rock administrator if you need access to this resource."

but I am the rock admin. Bleh!

bmurphy-dev commented 1 year ago

Great, thanks. But now I went into the chms configuration and did an upgrade, and now I'm locked out of my rock account. I have an admin account, but when I try to login it gives me "Hey... we can't let you view this page... Unfortunately, you are not authorized to view the page you requested. Please contact your Rock administrator if you need access to this resource."

but I am the rock admin. Bleh!

@reneesubsplash I would reach out to the community via Chat for some real-time assistance with updates and lockouts. The #troubleshooting channel is a good place to ask those questions. I'd also consider that your team reach out to a dedicated Rock partner to help y'all with backups, upgrades, and maintenance with your Rock instance if you're not as familiar with those needs.

reneesubsplash commented 1 year ago

Thank you! I will post in troubleshooting, and yes I have also reached out to Kingdom First which I believe was who set us up ages ago, so maybe they can fix it for me

leahjennings commented 1 year ago

@reneesubsplash I'm going to go ahead and close this issue since it is a duplicate of a previously fixed bug. However if you find that after v13.1 you're still encountering it, feel free to open a new issue and reference the original one (#4867)!