Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1102

Unique attribute update inserts additional value

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.2.10
    • Fix Version/s: 1.1.9, 1.2.11
    • Component/s: core
    • Labels:
      None
    • Environment:
      MySQL

      Description

      To reproduce:

      • make sure you have a unique attribute in the Syncope schema (e.g. called privateEmailAddress)
      • create a user via POST and use value 'a@gmail.com' for this unique attribute
      • then try to update this via the Syncope REST API and to change it into 'b@gmail.com' (by using the below POST payload):
        {
          "attributesToBeUpdated": [
            {
              "schema": "privateEmailAddress",
              "valuesToBeAdded": [
                "b@gmail.com"
              ],
              "valuesToBeRemoved": [
                "a@gmail.com"
              ]
            }
          ]
        }
        
      • after this the Syncope MySQL data gets incorrect (the unique attribute will have 2 values in table UAttrUniqueValue) and you cannot e.g. delete anymore the user.
      • You then can find the old unique attribute value using query:
      select min(id) from UAttrUniqueValue group by ATTRIBUTE_ID having count(stringValue) > 1
      

      and you can fix the Syncope data inconsistency by deleting the related row from UAttrUniqueValue.

      • Root cause comes from line 467:
                      for (Long attributeValueId : valuesToBeRemoved) {
                          attributeValueDAO.delete(attributeValueId, attrUtil.attrValueClass());
                      }
      

      where the delete call uses the same argument values in case of both the non-unique and unique attributes, this in fact a non-unique attributes is tried to be deleted.

      Note: as UserMod payloads are not used anymore in Syncope 2 REST API, it's likely that this issue is not happening on Syncope 2, but might reproduce on Syncope 1.1.6-1.2.10.

      Note: I have a patch I applied in our overlay and can provide it if necessary.

        Attachments

        1. SYNCOPE-1102.diff
          7 kB
          Francesco Chicchiriccò

          Activity

            People

            • Assignee:
              ilgrosso Francesco Chicchiriccò
              Reporter:
              laszlo.miklosik Laszlo Miklosik

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment