[jira] [Created] (SYNCOPE-1102) Syncope 1.1.5 unique attribute update inserts additional value

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Created] (SYNCOPE-1102) Syncope 1.1.5 unique attribute update inserts additional value

JIRA jira@apache.org
Laszlo Miklosik created SYNCOPE-1102:
----------------------------------------

             Summary: Syncope 1.1.5 unique attribute update inserts additional value
                 Key: SYNCOPE-1102
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1102
             Project: Syncope
          Issue Type: Bug
    Affects Versions: 1.1.5
            Reporter: Laszlo Miklosik


To reproduce:

- make sure you have a unique attribute in the Syncope schema (e.g. called privateEmailAddress)
- create a user via POST and use value '[hidden email]' for this unique attribute
- then try to update this via the Syncope REST API and to change it into '[hidden email]' (by using the below POST payload):
{code}
{
  "attributesToBeUpdated": [
    {
      "schema": "privateEmailAddress",
      "valuesToBeAdded": [
        "[hidden email]"
      ],
      "valuesToBeRemoved": [
        "[hidden email]"
      ]
    }
  ]
}
{code}
- after this the Syncope MySQL data gets incorrect (the unique attribute will have 2 values in table UAttrUniqueValue) and you cannot e.g. delete anymore the user.

- You then can find the old unique attribute value using query:

{code}
select min(id) from UAttrUniqueValue group by ATTRIBUTE_ID having count(stringValue) > 1
{code}

and you can fix the Syncope data inconsistency by deleting the related row from UAttrUniqueValue.

- Root cause comes from line 467:

{code}
                for (Long attributeValueId : valuesToBeRemoved) {
                    attributeValueDAO.delete(attributeValueId, attrUtil.attrValueClass());
                }
{code}
where the delete call uses the same argument values in case of both the non-unique and unique attributes, this in fact a non-unique attributes is tried to be deleted.

Note: as UserMod payloads are not used anymore in Syncope 2 REST API, it's likely that this issue is not happening on Syncope 2, but might reproduce on Syncope 1.1.6-1.2.10.

Note: I have a patch I applied in our overlay and can provide it if necessary.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
Loading...