From c359f8ea6a5b0a1232b6f16be404204851dac9b2 Mon Sep 17 00:00:00 2001
From: fmigneault <francis.charette.migneault@gmail.com>
Date: Tue, 4 May 2021 11:36:52 -0400
Subject: [PATCH] fix cookie resolution in request_api util for UI operations
 (fixes #427)

---
 CHANGES.rst        | 3 ++-
 magpie/ui/utils.py | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 7651c0fe3..136fd1bb7 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -10,7 +10,6 @@ Changes
 Features / Changes
 ~~~~~~~~~~~~~~~~~~~~~
 * Add UI icons for `locked` and `delete` button operations on ``Users``, ``Groups`` and ``Services`` pages.
-<<<<<<< HEAD
 * Add ``detail`` query parameter to obtain user details from ``GET /users`` to avoid individual requests for each
   user when those information are needed (fixes `#202 <https://github.com/Ouranosinc/Magpie/issues/202>`_).
 * Add the missing ``status`` and ``user_id`` fields in API schema of returned ``User`` responses.
@@ -36,6 +35,8 @@ Bug Fixes
   | **SECURITY**:
   | Since email can be employed as another mean of login credential instead of the more typically used username, this
     caused potential theft of identity by retrieved user account against matched email.
+* Fix issue related to parsing cookies identified while submitting user creation from UI.
+  (resolves `#427 <https://github.com/Ouranosinc/Magpie/issues/427>`_).
 
 `3.10.0 <https://github.com/Ouranosinc/Magpie/tree/3.10.0>`_ (2021-04-12)
 ------------------------------------------------------------------------------------
diff --git a/magpie/ui/utils.py b/magpie/ui/utils.py
index 6002f247a..c1bc9afb6 100644
--- a/magpie/ui/utils.py
+++ b/magpie/ui/utils.py
@@ -86,7 +86,7 @@ def request_api(request,            # type: Request
     if isinstance(data, dict) and get_header("Content-Type", headers, split=[",", ";"]) == CONTENT_TYPE_JSON:
         data = json.dumps(data)
 
-    if isinstance(cookies, dict):
+    if hasattr(cookies, "items"):  # any dict-like implementation
         cookies = list(cookies.items())
     if cookies and isinstance(headers, dict):
         headers = list(headers.items())
@@ -532,7 +532,7 @@ def create_user(self, data):
         }
         # create as admin immediately creates the user
         # create by self-registration creates the pending user for approval
-        path = schemas.RegisterUsersAPI.path if data["is_registration"] else schemas.UserAPI.path
+        path = schemas.RegisterUsersAPI.path if data["is_registration"] else schemas.UsersAPI.path
         resp = request_api(self.request, path, "POST", data=payload)
 
         # hard post checks, retrieve known errors related to fields to display messages instead of raising