Univention Bugzilla – Bug 50046
[UDM HTTP API] HTTP 500 on POST to groups/group without "superordinate"
Last modified: 2019-10-02 16:06:32 CEST
{ "error": { "message": "u'superordinate'", "code": 500, "traceback": "Traceback (most recent call last):\n File \"/usr/lib/python2.7/dist-packages/tornado/web.py\", line 1469, in _execute\n result = yield result\n File \"/usr/lib/python2.7/dist-packages/tornado/gen.py\", line 1015, in run\n value = future.result()\n File \"/usr/lib/python2.7/dist-packages/tornado/concurrent.py\", line 237, in result\n raise_exc_info(self._exc_info)\n File \"/usr/lib/python2.7/dist-packages/tornado/gen.py\", line 1021, in run\n yielded = self.gen.throw(*exc_info)\n File \"/usr/lib/pymodules/python2.7/univention/management/modules/udm/module.py\", line 2097, in post\n obj = yield obj.create(object_type)\n File \"/usr/lib/python2.7/dist-packages/tornado/gen.py\", line 1015, in run\n value = future.result()\n File \"/usr/lib/python2.7/dist-packages/tornado/concurrent.py\", line 237, in result\n raise_exc_info(self._exc_info)\n File \"/usr/lib/python2.7/dist-packages/tornado/gen.py\", line 285, in wrapper\n yielded = next(result)\n File \"/usr/lib/pymodules/python2.7/univention/management/modules/udm/module.py\", line 2405, in create\n superordinate = self.request.body_arguments['superordinate']\nKeyError: u'superordinate'\n", "error": { }, "title": "" } }
Same HTTP500 for "options" and "policies". Minimum fro a group is: { "properties": { "name": "grp01" }, "position": "cn=klassen,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=uni,dc=dtr", "superordinate": null, "options": {}, "policies": {} }
univention-management-console-module-udm (9.0.12-26) 4564641c221b | Bug #50046: Bug #27816: fix sanitizing of arguments when creating objects via POST
Still all three (position, options, policies) are required: univention-management-console-mod 9.0.14-1 curl -s -X POST -H "Accept:application/json" -H "Content-Type:application/json" -d '{ "properties": { "name": "testgrp01", "description": "Text 01", "users": [ "uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=uni,dc=dtr", "uid=demo_teacher,cn=lehrer,cn=users,ou=DEMOSCHOOL,dc=uni,dc=dtr" ] } }' -u Administrator:univention 'http://m66.uni.dtr/univention/udm/groups/group/' | python -m json.tool { "_links": { "curies": [ { "href": "http://m66.uni.dtr/univention/udm/relation/{rel}", "name": "udm", "templated": true } ] }, "error": { "code": 422, "error": { "body_arguments": { "options": "Argument required", "policies": "Argument required", "position": "Argument required" } }, "message": "3 error(s) occurred:\nRequest argument \"position\" Argument required\nRequest argument \"options\" Argument required\nRequest argument \"policies\" Argument required\n", "title": "Unprocessable Entity", "traceback": null } }
This is on purpose, the request must include all necessary parameters. Use /univention/udm/group/group/add to get a template containing all necessary values, which can be used for a POST request.
(In reply to Florian Best from comment #4) > This is on purpose, the request must include all necessary parameters. Use > /univention/udm/group/group/add to get a template containing all necessary > values, which can be used for a POST request. That is a unnecessary restriction. Requiring a GET on the template incurs a unnecessary performance penalty. To create a group nothing more than the "name" property is required: -------------------------------------------- $ udm groups/group create --set name=testgroup001 WARNING: The object is not going to be created underneath of its default containers. Object created: cn=testgroup001,dc=uni,dc=dtr -------------------------------------------- Why would the REST API require options, policies and position, if the cli doesn't?
(In reply to Daniel Tröder from comment #5) > Why would the REST API require options, policies and position, if the cli > doesn't? I think it is reasonable to make paramters which have well defined defaults optional. I expect that far most users will never define options or policies for a group and many of them even don't know what those are good for.
I still don't fully agree but I made the changes as you wished. univention-directory-manager-rest (9.0.16-1) 8016c4d43f0e | Bug #27816: Bug #50046: make position, options, policies in POST create request optional
UCS 4.4-2 has been released: https://docs.software-univention.de/release-notes-4.4-2-en.html https://docs.software-univention.de/release-notes-4.4-2-de.html If this error occurs again, please use "Clone This Bug".