Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

V6 client controller should not return success response on no User-Id header #1987

Closed
ppratikcr7 opened this issue Sep 26, 2024 · 2 comments · Fixed by #1988
Closed

V6 client controller should not return success response on no User-Id header #1987

ppratikcr7 opened this issue Sep 26, 2024 · 2 comments · Fixed by #1988
Assignees
Labels
bug Something isn't working release 6.0

Comments

@ppratikcr7
Copy link
Collaborator

Version where bug was found:
e.g "6.0"

Describe the bug
V6 client controller should not return success response on no User-Id header

@ppratikcr7 ppratikcr7 added bug Something isn't working release 6.0 labels Sep 26, 2024
@ppratikcr7 ppratikcr7 self-assigned this Sep 26, 2024
@ppratikcr7 ppratikcr7 moved this to Code Review in UpGrade Project Sep 26, 2024
@ppratikcr7 ppratikcr7 added this to the Program Increment PI13 milestone Sep 26, 2024
@ppratikcr7 ppratikcr7 removed their assignment Sep 27, 2024
@zackcl zackcl self-assigned this Sep 27, 2024
@zackcl zackcl moved this from QA to Done in UpGrade Project Sep 27, 2024
@zackcl
Copy link
Collaborator

zackcl commented Sep 27, 2024

QA: Passed.

It looks like, currently, we allow passing a user ID for /api/v6/init in either the body or the header of the request, whereas we don't allow passing the user ID in the body for /api/v6/featureflag and /api/v6/assign. Is this expected behavior, or should we not allow passing a user ID in the body for consistency? @ppratikcr7 please create a ticket.

@ppratikcr7
Copy link
Collaborator Author

QA: Passed.

It looks like, currently, we allow passing a user ID for /api/v6/init in either the body or the header of the request, whereas we don't allow passing the user ID in the body for /api/v6/featureflag and /api/v6/assign. Is this expected behavior, or should we not allow passing a user ID in the body for consistency? @ppratikcr7 please create a ticket.

So, the problem is that the validators we are using in our controllers, just verify if the custom validatorType keys are in desired format, but if any other keys we pass through the body will not give validation error. For that we need to look for strict validations. For /api/v6/featureflag and /api/v6/assign we do allow passing id's but the user id is not returned in the response, so you might think that user ids are not allowed in them. In /api/v6/init, it takes id from the body as we do consider the id, group and workinggroup from body or either header. Will update that part.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working release 6.0
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

2 participants