Skip to content

Commit

Permalink
fix cookie resolution in request_api util for UI operations (fixes #427)
Browse files Browse the repository at this point in the history
  • Loading branch information
@fmigneault
fmigneault committed May 4, 2021
1 parent 7f21d61 commit c359f8e
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
3 changes: 2 additions & 1 deletion CHANGES.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ Changes
Features / Changes
~~~~~~~~~~~~~~~~~~~~~
* Add UI icons for `locked` and `delete` button operations on ``Users``, ``Groups`` and ``Services`` pages.
<<<<<<< HEAD
* Add ``detail`` query parameter to obtain user details from ``GET /users`` to avoid individual requests for each
user when those information are needed (fixes `#202 <https://github.com/Ouranosinc/Magpie/issues/202>`_).
* Add the missing ``status`` and ``user_id`` fields in API schema of returned ``User`` responses.
Expand All @@ -36,6 +35,8 @@ Bug Fixes
| **SECURITY**:
| Since email can be employed as another mean of login credential instead of the more typically used username, this
caused potential theft of identity by retrieved user account against matched email.
* Fix issue related to parsing cookies identified while submitting user creation from UI.
(resolves `#427 <https://github.com/Ouranosinc/Magpie/issues/427>`_).

`3.10.0 <https://github.com/Ouranosinc/Magpie/tree/3.10.0>`_ (2021-04-12)
------------------------------------------------------------------------------------
Expand Down
4 changes: 2 additions & 2 deletions magpie/ui/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ def request_api(request, # type: Request
if isinstance(data, dict) and get_header("Content-Type", headers, split=[",", ";"]) == CONTENT_TYPE_JSON:
data = json.dumps(data)

if isinstance(cookies, dict):
if hasattr(cookies, "items"): # any dict-like implementation
cookies = list(cookies.items())
if cookies and isinstance(headers, dict):
headers = list(headers.items())
Expand Down Expand Up @@ -532,7 +532,7 @@ def create_user(self, data):
}
# create as admin immediately creates the user
# create by self-registration creates the pending user for approval
path = schemas.RegisterUsersAPI.path if data["is_registration"] else schemas.UserAPI.path
path = schemas.RegisterUsersAPI.path if data["is_registration"] else schemas.UsersAPI.path
resp = request_api(self.request, path, "POST", data=payload)

# hard post checks, retrieve known errors related to fields to display messages instead of raising
Expand Down

0 comments on commit c359f8e

Please sign in to comment.