Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: don't clean up settings when optional data is not present #5118

Merged
merged 2 commits into from
Oct 23, 2023
Merged

fix: don't clean up settings when optional data is not present #5118

merged 2 commits into from
Oct 23, 2023

Conversation

gastonfournier
Copy link
Contributor

About the changes

This fixes a bug updating a project, when optional data (defaultStickiness and featureLimit are not part of the payload).

Example:

curl -XPUT http://localhost:4242/api/admin/projects/default -H 'Authorization: *:*.unleash-insecure-admin-api-token' -H 'Content-Type: application/json' -d '{"description":"test description","name":"RenamedToThisString"}'

Then if you try to get the project with a PAT, the API will return a 403. The reason is that the project mode gets cleared (mode=null) because of the following update statement that does not check if defaultStickiness or featureLimit are present, resulting in an update without fields that clears the table https://github.com/Unleash/unleash/blob/main/src/lib/db/project-store.ts#L268-L281

Note that the project still exists, and this can be checked using the initial admin token:

curl http://localhost:4242/api/admin/projects/default -H 'Authorization: *:*.unleash-insecure-admin-api-token'

The problem happens due to:

  1. ProjectController does not use the type: UpdateProjectSchema for the request body (will be addressed in another PR in unleash-enterprise)
  2. Project Store interface does not match UpdateProjectSchema (but it relies on accepting additional properties: true, which is what we agreed on for input)
  3. Feature limit is not defined in UpdateProjectSchema (also addressed in the other PR)

@vercel
Copy link

vercel bot commented Oct 23, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
unleash-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 23, 2023 7:28am
unleash-monorepo-frontend ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 23, 2023 7:28am

gastonfournier
gastonfournier commented Oct 23, 2023
View reviewed changes
src/lib/services/project-service.ts
Comment on lines +271 to +272
// updated project contains instructions to update the project but it may not represent a whole project
const afterData = await this.projectStore.get(updatedProject.id);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without this, our diff is a bit misleading:
image (24)

chriswk
chriswk approved these changes Oct 23, 2023
View reviewed changes
Copy link
Member

@chriswk chriswk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice.

@gastonfournier gastonfournier merged commit 2aebc8c into main Oct 23, 2023
12 of 13 checks passed
@gastonfournier gastonfournier deleted the fix-check-optional-data branch October 23, 2023 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chriswk chriswk chriswk approved these changes

Assignees

@gastonfournier gastonfournier

Labels
None yet
Projects
Issues and PRs
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gastonfournier @chriswk