Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some API parameter parsing error #24574

Open
painsAgains opened this issue May 7, 2023 · 1 comment
Open

Some API parameter parsing error #24574

painsAgains opened this issue May 7, 2023 · 1 comment
Labels
modifies/api This PR adds API routes or modifies them topic/api Concerns mainly the API type/bug

Comments

@painsAgains
Copy link

Description

When I use API to access Gitea,I got some 500 response code from Gitea.But I think I should recieve 4xx code,so I think these API have some bug in design period

1. webhook-id not found

API PATH

 /admin/hooks/{id}

Method

GET,PATCH

RequestBody

{}

URL

http://localhost:3000/api/v1/admin/hooks/14

Response code and message

code: 500 message:webhook does not exist [id: 14]

Problem description

In fact, I think that when I access a non-existent webhook-id, I should receive a 4xx response code, e.g. 404 instead of 500

2. last_read_at parameter parsing error

API PATH

 /notifications

Method

PUT

RequestBody

""

URL

http://localhost:3000/api/v1/notifications?last_read_at\u003d1682567431888

Response code and message

code: 500 message:parsing time \\\"1682567431888\\\" as \\\"2006-01-02T15:04:05Z07:00\\\": cannot parse \\\"567431888\\\" as \\\"-\\\"\",\"url\":\"http://localhost:3000/api/swagger"

Problem description

I think Gitea should return me a 4xx error when I enter an incorrect parameter format, or forbid me to enter parameters in this format

3. Usename inconsistency

API PATH

 /admin/users/{username}/orgs

Method

POST

RequestBody

{"location": "fuzzstring", "username": "fake_name"}"

URL

http://localhost:3000/api/v1/admin/users/real_name/orgs

Response code and message

 user is not allowed to create organizations

Problem description

This 500 error occurs when the username parameter I entered in the requestBody does not match the username parameter in the url path, it is worth mentioning that the username in the url path is actual, while the username parameter in the requestBody is fictitious.I think I should have received a 4xx response code, or a critical check of the parameters

Gitea Version

1.19.1

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

I build Gitea by using https://dl.gitea.com/gitea/1.19.1/gitea-1.19.1-linux-amd64

Database

PostgreSQL
@lunny lunny added the modifies/api This PR adds API routes or modifies them label May 8, 2023
@sonjek sonjek mentioned this issue May 20, 2023
Merged
@sonjek
Copy link
Contributor

sonjek commented May 20, 2023

I checked 2. last_read_at parameter parsing error and I suppose that 500 is expected error code in this case.

Current implementation of last_read_at supports values that applicable to RFC3339 standard only:
"2023-05-20T01:00:00+03:00" -> 2023-05-20T01%3A00%3A00%2B03%3A00
"2023-05-20T01:00:00Z" -> 2023-05-20T01%3A00%3A00Z

I think that it will be good to support timestamp type values as well.
I will investigate how to implement this.

lunny pushed a commit that referenced this issue May 21, 2023
@sonjek
Return 404 in the API if the requested webhooks were not found (#24823
1dfaf83 
)

Should resolve first point of the issue
#24574
@GiteaBot GiteaBot mentioned this issue May 21, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue May 21, 2023
@sonjek @GiteaBot
Return 404 in the API if the requested webhooks were not found (go-…
5d2e031 
…gitea#24823)

Should resolve first point of the issue
go-gitea#24574
techknowlogick pushed a commit that referenced this issue May 21, 2023
@GiteaBot @sonjek
Return 404 in the API if the requested webhooks were not found (#24823
f29c52a 
) (#24830)

Backport #24823 by @sonjek

Should resolve first point of the issue
#24574

Co-authored-by: Yevhen Pavlov <[email protected]>
@sonjek sonjek mentioned this issue May 24, 2023
Closed
Codeberg-org pushed a commit to Codeberg-org/gitea that referenced this issue Jun 3, 2023
@GiteaBot @earl-warren
Return 404 in the API if the requested webhooks were not found (go-…
16bccee 
…gitea#24823) (go-gitea#24830)

Backport go-gitea#24823 by @sonjek

Should resolve first point of the issue
go-gitea#24574

Co-authored-by: Yevhen Pavlov <[email protected]>
(cherry picked from commit f29c52a)
@silverwind silverwind added the topic/api Concerns mainly the API label Mar 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
modifies/api This PR adds API routes or modifies them topic/api Concerns mainly the API type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lunny @silverwind @sonjek @painsAgains