-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User update req.body check for Vercel deployments ▲ #1446
User update req.body check for Vercel deployments ▲ #1446
Conversation
I think another thing to consider is we should return an error to the user if a user email was not provided in the params or the body. Because actually with this check if you provide a body with no email, but other keys the query will still fail. |
@RobAndrewHurst Agreed - do you want to push that before I review properly? |
@simon-leech Done. |
Quality Gate passedIssues Measures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All working with me - tested both locally and on a deployed instance and working across all fields and roles updates 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deployed and tested here. https://geolytix.dev/geodata/api/user/admin
Description
On deployed instances the req.body always defaults to '{}'. Therefore the check that was applied on the user_update assign for the req.body would not resolve correctly because it would be truthy and then provide an undefined email address to the update query.
This is solved by adding in a check on if there are no keys in the object then it would resolve to falsy assigning the email from the params.
We also check if there is an email property on the update_user before executing the query. As if you provide a body with keys it will pass the initial check but still fail the query.
Note
You can also test this locally with the rewrites of a deployed instance by running
vercel dev
. It will ask you some setup questions but just point them to the instance.