[Bug 1419519] [NEW] REST API delete user function does not delete every 2nd linked address

Andrew Stuart andrew.stuart at supercoders.com.au
Sun Feb 8 21:06:22 CET 2015 

Public bug reported:


The following series of curl commands creates a user with an email
address of ‘z at example.org’, and then links 10 additional addresses to
z at example.org

curl -X POST --data "email=z at example.org&display_name=z" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users
curl -X POST --data "email=z1 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z2 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z3 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z4 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z5 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z6 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z7 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z8 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z9 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z10 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses

A sqlite3 dump of the database shows the following in the addresses
table:

INSERT INTO "address" VALUES(11,'z at example.org',NULL,'z',NULL,'2015-02-08 10:50:37.241724',5,17);
INSERT INTO "address" VALUES(12,'z1 at example.org',NULL,'',NULL,'2015-02-08 10:52:08.928901',5,19);
INSERT INTO "address" VALUES(13,'z2 at example.org',NULL,'',NULL,'2015-02-08 10:52:36.308978',5,20);
INSERT INTO "address" VALUES(14,'z3 at example.org',NULL,'',NULL,'2015-02-08 10:52:43.947229',5,21);
INSERT INTO "address" VALUES(15,'z4 at example.org',NULL,'',NULL,'2015-02-08 10:52:49.598934',5,22);
INSERT INTO "address" VALUES(16,'z5 at example.org',NULL,'',NULL,'2015-02-08 10:52:54.406450',5,23);
INSERT INTO "address" VALUES(17,'z6 at example.org',NULL,'',NULL,'2015-02-08 10:52:59.295078',5,24);
INSERT INTO "address" VALUES(18,'z7 at example.org',NULL,'',NULL,'2015-02-08 10:53:04.892381',5,25);
INSERT INTO "address" VALUES(19,'z8 at example.org',NULL,'',NULL,'2015-02-08 10:53:10.497119',5,26);
INSERT INTO "address" VALUES(20,'z9 at example.org',NULL,'',NULL,'2015-02-08 10:53:16.450507',5,27);
INSERT INTO "address" VALUES(21,'z10 at example.org',NULL,'',NULL,'2015-02-08 10:53:24.021368',5,28);

All good at this stage. No problems.

The following curl command deletes user ‘z at example.org’

curl --verbose -X DELETE --header "authorization: Basic
cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org

Strangely, a sqlite3 dump of the database now shows the following in the
addresses table:

INSERT INTO "address" VALUES(12,'z1 at example.org',NULL,'',NULL,'2015-02-08 10:52:08.928901',NULL,19);
INSERT INTO "address" VALUES(14,'z3 at example.org',NULL,'',NULL,'2015-02-08 10:52:43.947229',NULL,21);
INSERT INTO "address" VALUES(16,'z5 at example.org',NULL,'',NULL,'2015-02-08 10:52:54.406450',NULL,23);
INSERT INTO "address" VALUES(18,'z7 at example.org',NULL,'',NULL,'2015-02-08 10:53:04.892381',NULL,25);
INSERT INTO "address" VALUES(20,'z9 at example.org',NULL,'',NULL,'2015-02-08 10:53:16.450507',NULL,27);

So 6 of the addresses that should have been deleted were deleted, but 5
remain. The linked address deletion seems to be skipping addresses for
some reason.

It appears the problem is caused by the delete  address functionality
mutating the iterator of user addresses.

This appears to fix the problem, which is in rest/users.py

    def on_delete(self, request, response):
        """Delete the named user, all her memberships, and addresses."""
        if self._user is None:
            not_found(response)
            return
        for member in self._user.memberships.members:
            member.unsubscribe()
        user_manager = getUtility(IUserManager)
        addresses_for_deletion = []
        for address in self._user.addresses:
            # to avoid mutating the self._user.addresses iterator, create a separate list of addresses
            addresses_for_deletion.append(address)
        for address in addresses_for_deletion:
            user_manager.delete_address(address)
        user_manager.delete_user(self._user)
        no_content(response)

** Affects: mailman
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1419519

Title:
  REST API delete user function does not delete every 2nd linked address

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1419519/+subscriptions

More information about the Mailman-coders mailing list