[jira] [Updated] (SYNCOPE-1102) Unique attribute update inserts additional value

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Updated] (SYNCOPE-1102) Unique attribute update inserts additional value

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/SYNCOPE-1102?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Francesco Chicchiriccò updated SYNCOPE-1102:
--------------------------------------------
    Attachment: SYNCOPE-1102.diff

The attached patch, built against the current {{1_2_X}} has the fix for this misbehavior.

Moreover, an integration test case is added, which:

* fails when the fix is not applied
* passes when the fix is applied

Could you please doublecheck and let me know if you did something similar in your 1.1.5 environment? If so I'll commit the fix and backport to {{1_1_X}} branch too.

> Unique attribute update inserts additional value
> ------------------------------------------------
>
>                 Key: SYNCOPE-1102
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1102
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.2.10
>         Environment: MySQL
>            Reporter: Laszlo Miklosik
>             Fix For: 1.1.9, 1.2.11
>
>         Attachments: SYNCOPE-1102.diff
>
>
> To reproduce:
> - make sure you have a unique attribute in the Syncope schema (e.g. called privateEmailAddress)
> - create a user via POST and use value '[hidden email]' for this unique attribute
> - then try to update this via the Syncope REST API and to change it into '[hidden email]' (by using the below POST payload):
> {code}
> {
>   "attributesToBeUpdated": [
>     {
>       "schema": "privateEmailAddress",
>       "valuesToBeAdded": [
>         "[hidden email]"
>       ],
>       "valuesToBeRemoved": [
>         "[hidden email]"
>       ]
>     }
>   ]
> }
> {code}
> - after this the Syncope MySQL data gets incorrect (the unique attribute will have 2 values in table UAttrUniqueValue) and you cannot e.g. delete anymore the user.
> - You then can find the old unique attribute value using query:
> {code}
> select min(id) from UAttrUniqueValue group by ATTRIBUTE_ID having count(stringValue) > 1
> {code}
> and you can fix the Syncope data inconsistency by deleting the related row from UAttrUniqueValue.
> - Root cause comes from line 467:
> {code}
>                 for (Long attributeValueId : valuesToBeRemoved) {
>                     attributeValueDAO.delete(attributeValueId, attrUtil.attrValueClass());
>                 }
> {code}
> where the delete call uses the same argument values in case of both the non-unique and unique attributes, this in fact a non-unique attributes is tried to be deleted.
> Note: as UserMod payloads are not used anymore in Syncope 2 REST API, it's likely that this issue is not happening on Syncope 2, but might reproduce on Syncope 1.1.6-1.2.10.
> Note: I have a patch I applied in our overlay and can provide it if necessary.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
Loading...