Update PUT user/current to work with v4 User Roles #6389
Conversation
|
so this bug snuck thru due to zero tests for this endpoint, right? think you can create a simple positive test to prevent this from happening again @TaylorCFrey ? |
|
Good question @mitchell852. There are no unit tests, but there does appear to be integration API test. I'll look into those asap. |
zrhoffman
added
high impact
yeah, i would think a simple api integration test to verify that calling PUT /user/current with a valid user object succeeds should be sufficient. |
|
I think the real mystery is how the existing TO API test wasn't failing, because it definitely attempts to change fields then checks to see that the changes stuck. |
|
After some exploration I believe I found two issues. First, the request body from #6367 needs to be wrapped in a Second, if the request was for an API v4.0, it would appear as though some of the fields were not edited, but a success would be returned. Subsequent |
rawlinp
left a comment
rawlinp
left a comment
There was a problem hiding this comment.
Manually verified that not providing the user wrapper object returns an error as expected and that the PUT response is correct for 4.0 now.
4 participants
Closes: #6367
The
user/currentPUT requests appeared to be failing on v4 API calls. However after testing I was able to successfully change a current user's information, but the response did not display said information. This will fix the response to ensure the correct information is returned.Additionally, a check was added to ensure the request was wrapped in a legacy
user{}object.Lastly, the API integration tests were checking for values to update by issuing an update (PUT) request then performing a read (GET) request. This appears to work as intended for all API versions, it was only the API response for v4.0 that was incorrect.
Which Traffic Control components are affected by this PR?
What is the best way to verify this PR?
Ensure a valid user is created via the API with appropriate role (say operations):
Then log in with said user:
Send GET request to
user/currentto ensure correct user is returnedRequest:
Response:
{ "response": { "username": "operations", "localUser": true, "addressLine1": "1234 Somewhere ln", "addressLine2": null, "city": "Manhattan", "company": "Stihl", "country": "USA", "email": "[email protected]", "fullName": "John", "gid": null, "id": 89, "newUser": false, "phoneNumber": "555-123-4567", "postalCode": "10002", "publicSshKey": null, "role": "operations", "stateOrProvince": "New York", "tenant": "root", "tenantId": 1, "uid": null, "lastUpdated": "2021-12-01T14:13:14.261472-07:00", "lastAuthenticated": "2021-12-01T14:13:14.261472-07:00" } }Send PUT request to
user/currentwith editable fields modified (sayaddressLine1,city,country,postalCodefor example):Verify fields were updated correctly in the response:
{ "alerts": [ { "text": "User profile was successfully updated", "level": "success" } ], "response": { "addressLine1": "5432 Somewhere ln", "addressLine2": null, "changeLogCount": null, "city": "Denver", "company": "Stihl", "country": "US", "email": "[email protected]", "fullName": "John", "gid": null, "id": 89, "lastAuthenticated": null, "lastUpdated": "2021-12-01T14:13:14.261472-07:00", "newUser": false, "phoneNumber": "555-123-4567", "postalCode": "80221", "publicSshKey": null, "registrationSent": null, "role": "operations", "stateOrProvince": "New York", "tenant": "root", "tenantId": 1, "uid": null, "username": "operations" } }Verify updated fields are also returned in GET
user/currentas well as GETusers/:idPerform the same above tests for API 3.0, BUT be aware that the
rolefield must be a valid ID, not a string with API 3.0.Lastly, attempt to send the body for a PUT request to
user/currentwithout theusercontaining object. This can be done with either v4.0 or v3.x of the API. An appropriate error message should be returned.Request:
Response:
{ "alerts": [ { "text": "missing required 'user' object", "level": "error" } ] }PR submission checklist