[Bug 1419519] [NEW] REST API delete user function does not delete every 2nd linked address
Andrew Stuart
andrew.stuart at supercoders.com.au
Sun Feb 8 21:06:22 CET 2015
Public bug reported:
The following series of curl commands creates a user with an email
address of ‘z at example.org’, and then links 10 additional addresses to
z at example.org
curl -X POST --data "email=z at example.org&display_name=z" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users
curl -X POST --data "email=z1 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z2 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z3 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z4 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z5 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z6 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z7 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z8 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z9 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
curl -X POST --data "email=z10 at example.org" --header "authorization: Basic cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org/addresses
A sqlite3 dump of the database shows the following in the addresses
table:
INSERT INTO "address" VALUES(11,'z at example.org',NULL,'z',NULL,'2015-02-08 10:50:37.241724',5,17);
INSERT INTO "address" VALUES(12,'z1 at example.org',NULL,'',NULL,'2015-02-08 10:52:08.928901',5,19);
INSERT INTO "address" VALUES(13,'z2 at example.org',NULL,'',NULL,'2015-02-08 10:52:36.308978',5,20);
INSERT INTO "address" VALUES(14,'z3 at example.org',NULL,'',NULL,'2015-02-08 10:52:43.947229',5,21);
INSERT INTO "address" VALUES(15,'z4 at example.org',NULL,'',NULL,'2015-02-08 10:52:49.598934',5,22);
INSERT INTO "address" VALUES(16,'z5 at example.org',NULL,'',NULL,'2015-02-08 10:52:54.406450',5,23);
INSERT INTO "address" VALUES(17,'z6 at example.org',NULL,'',NULL,'2015-02-08 10:52:59.295078',5,24);
INSERT INTO "address" VALUES(18,'z7 at example.org',NULL,'',NULL,'2015-02-08 10:53:04.892381',5,25);
INSERT INTO "address" VALUES(19,'z8 at example.org',NULL,'',NULL,'2015-02-08 10:53:10.497119',5,26);
INSERT INTO "address" VALUES(20,'z9 at example.org',NULL,'',NULL,'2015-02-08 10:53:16.450507',5,27);
INSERT INTO "address" VALUES(21,'z10 at example.org',NULL,'',NULL,'2015-02-08 10:53:24.021368',5,28);
All good at this stage. No problems.
The following curl command deletes user ‘z at example.org’
curl --verbose -X DELETE --header "authorization: Basic
cmVzdGFkbWluOnJlc3RwYXNz" http://localhost:8001/3.0/users/z@example.org
Strangely, a sqlite3 dump of the database now shows the following in the
addresses table:
INSERT INTO "address" VALUES(12,'z1 at example.org',NULL,'',NULL,'2015-02-08 10:52:08.928901',NULL,19);
INSERT INTO "address" VALUES(14,'z3 at example.org',NULL,'',NULL,'2015-02-08 10:52:43.947229',NULL,21);
INSERT INTO "address" VALUES(16,'z5 at example.org',NULL,'',NULL,'2015-02-08 10:52:54.406450',NULL,23);
INSERT INTO "address" VALUES(18,'z7 at example.org',NULL,'',NULL,'2015-02-08 10:53:04.892381',NULL,25);
INSERT INTO "address" VALUES(20,'z9 at example.org',NULL,'',NULL,'2015-02-08 10:53:16.450507',NULL,27);
So 6 of the addresses that should have been deleted were deleted, but 5
remain. The linked address deletion seems to be skipping addresses for
some reason.
It appears the problem is caused by the delete address functionality
mutating the iterator of user addresses.
This appears to fix the problem, which is in rest/users.py
def on_delete(self, request, response):
"""Delete the named user, all her memberships, and addresses."""
if self._user is None:
not_found(response)
return
for member in self._user.memberships.members:
member.unsubscribe()
user_manager = getUtility(IUserManager)
addresses_for_deletion = []
for address in self._user.addresses:
# to avoid mutating the self._user.addresses iterator, create a separate list of addresses
addresses_for_deletion.append(address)
for address in addresses_for_deletion:
user_manager.delete_address(address)
user_manager.delete_user(self._user)
no_content(response)
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1419519
Title:
REST API delete user function does not delete every 2nd linked address
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1419519/+subscriptions
More information about the Mailman-coders
mailing list