Bug 55225 – UDM Users module silently discards (invalid) accountActivationDate entries

Bug 55225 - UDM Users module silently discards (invalid) accountActivationDate entries


Summary:	UDM Users module silently discards (invalid) accountActivationDate entries

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2022-09-26 18:28 CEST by Daniel Tröder
Modified:	2022-11-23 18:41 CET (History)
CC List:	2 users (show)

See Also:	55452
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tröder

2022-09-26 18:28:02 CEST

Two cases: UMC and CLI.

UMC
===

The accountActivationDate property can be set in the UMC in three fields:
* Date
* Time
* Timezone

For user objects without a value for accountActivationDate, the default "timezone" is already chosen (e.g. "Europe/Berlin"). "Date" and "Time" are empty.

If the end user now enters only only a date and no time, he can close the page by pressing "Save".
No error is displayed. It seems like the modification was a success, but it wasn't.

If the "Time" is not set, the accountActivationDate property value will be set to "None".
This also works when changing a valid setting: if all 3 values are set and only the "time" string is removed (using backspace, not the drop-down) and then "saved", the LDAP value will be deleted.

==> The expected behavior is to show an error and prevent the end user from saving invalid data.


CLI
===

The CLI shows the value as "YYYY-MM-DD HH:MM TZ":

$ udm users/user list --filter uid=... | grep Act
  accountActivationDate: 2022-09-22 12:00 UTC


The CLI also allows setting only the date portion:

$ udm users/user modify --dn ... --set accountActivationDate="2022-09-30"

It silently ignores this and does not change the LDAP value.
Better than deleting it (UMC), but it should show an error.

When using the same value as is shown, it is also ignored:

$ udm users/user modify --dn ... --set accountActivationDate="2023-06-21 11:00 UTC"

→ No change to the LDAP value.

So changing the value of accountActivationDate through the CLI is not possible at all.

==> The expected behavior is to a) show an error if the format is wrong and b) allow changing the value, when the data is correct.

Comment 1 Florian Best

2022-09-27 12:05:25 CEST

How is the behavior in the UDM REST API?

Comment 2 Daniel Tröder

2022-09-27 12:35:24 CEST

(In reply to Florian Best from comment #1)
> How is the behavior in the UDM REST API?

Setting the value correctly works:

------------------------------------------------------------------------------
root@master203:~# curl -X GET "https://Administrator:univention@master203.autotest203.local/univention/udm/users/user/$DN" -H  "accept: application/json" -H  "Accept-Language: de-DE" | python -m json.tool | jq .properties.accountActivationDate
{
  "activation-date": "2023-09-21",
  "activation-time": "10:00",
  "activation-timezone": "UTC"
}
------------------------------------------------------------------------------
root@master203:~# curl -X PATCH "https://Administrator:univention@master203.autotest203.local/univention/udm/users/user/$DN" -H  "accept: application/json" -H  "Accept-Language: de-DE" -H  "Content-Type: application/json" -d "{\"properties\":{\"accountActivationDate\":{\"activation-date\":\"2023-08-26\",\"activation-time\":\"10:00\",\"activation-timezone\":\"UTC\"}}}" | python -m json.tool

→ HTTP 204
------------------------------------------------------------------------------
root@master203:~# curl -s -X GET "https://Administrator:univention@master203.autotest203.local/univention/udm/users/user/$DN" -H  "accept: application/json" -H  "Accept-Language: de-DE" | python -m json.tool | jq .properties.accountActivationDate
{
  "activation-date": "2023-08-26",
  "activation-time": "10:00",
  "activation-timezone": "UTC"
}
------------------------------------------------------------------------------

Not sending a key gives the expected error:

------------------------------------------------------------------------------
root@master203:~# curl -X PATCH "https://Administrator:univention@master203.autotest203.local/univention/udm/users/user/uid%3Ddemo_student%2Ccn%3Dschueler%2Ccn%3Dusers%2Cou%3DDEMOSCHOOL%2Cdc%3Dautotest203%2Cdc%3Dlocal" -H  "accept: application/json" -H  "Accept-Language: de-DE" -H  "Content-Type: application/json" -d "{\"properties\":{\"accountActivationDate\":{\"activation-date\":\"2024-07-21\",\"activation-timezone\":\"UTC\"}}}" | python -m json.tool
------------------------------------------------------------------------------
{
...

    "error": {
        "code": 422,
        "error": {
            "accountActivationDate": "The property accountActivationDate has an invalid value: missing argument 'activation-time'"
        },
        "message": "1 error(s) occurred:\nRequest argument \"accountActivationDate\" The property accountActivationDate has an invalid value: missing argument 'activation-time'\n",
        "title": "Unprocessable Entity",
        "traceback": null
    }
}

Comment 3 Daniel Tröder

2022-09-27 12:37:38 CEST

If I pass an empty value for "activation-time", I get an error:

$ curl ... -d "{\"properties\":{\"accountActivationDate\":{\"activation-date\":\"2024-07-21\",\"activation-time\": \"\",\"activation-timezone\":\"UTC\"}}}"

...
"error": {
            "accountActivationDate": "The property accountActivationDate has an invalid value: Invalid syntax. Activate user account starting from: Not a valid time format"
},
...

Comment 4 Daniel Tröder

2022-09-27 12:39:21 CEST

(Which is correct and expected.)

Comment 5 Jannik Ahlers

2022-11-23 18:34:18 CET

Strangely enough, I get completely different behaviour from the udm cli (though still broken):

- setting the activation date works as expected:

$ udm users/user modify --dn 'uid=test2,dc=lernen,dc=de' --set accountActivationDate='2023-12-12 12:34 GMT'
Object modified: uid=test2,dc=lernen,dc=de

$ udm users/user list --filter username=test2 | grep Act
  accountActivationDate: 2023-12-12 12:34 UTC

- trying to just set the date fails:

$ udm users/user modify --dn 'uid=test2,dc=lernen,dc=de' --set accountActivationDate='2023-12-12'
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 241, in doit
    univention.admincli.admin.main(arglist, stdout, stderr)
  File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 354, in main
    _doit(arglist, stdout=stdout, stderr=stderr)
  File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 622, in _doit
    cli.modify(input, append, remove, parsed_append_options, parsed_remove_options, parsed_options, policy_reference, policy_dereference, ignore_not_exists=ignore_not_exists)
  File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 651, in modify
    return self._modify(self.module_name, self.module, self.dn, self.lo, self.position, self.superordinate, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 832, in _modify
    if object.hasChanged(input.keys()) or object.hasChanged(append.keys()) or object.hasChanged(remove.keys()) or parsed_append_options or parsed_remove_options or parsed_options or object.policiesChanged():
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1286, in hasChanged
    return super(object, self).hasChanged(key)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 300, in hasChanged
    return any(self.hasChanged(i) for i in key)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 300, in <genexpr>
    return any(self.hasChanged(i) for i in key)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1286, in hasChanged
    return super(object, self).hasChanged(key)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 304, in hasChanged
    return not univention.admin.mapping.mapCmp(self.mapping, key, self.oldinfo.get(key, ''), self.info.get(key, ''))
  File "/usr/lib/python3/dist-packages/univention/admin/mapping.py", line 646, in mapCmp
    return f(old) == f(new)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1030, in mapDateTimeTimezoneTupleToUTCDateTimeString
    dt = datetime_from_local_datetimetimezone_tuple(local_datetimetimezone_tuple)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1022, in datetime_from_local_datetimetimezone_tuple
    d, t, tz = local_datetimetimezone_tuple
ValueError: not enough values to unpack (expected 3, got 1)


- setting the date with an invalid timezone appears to be working, but actually deletes the value silently:

$ udm users/user modify --dn 'uid=test2,dc=lernen,dc=de' --set accountActivationDate='2023-12-12 12:34 invalid'
Object modified: uid=test2,dc=lernen,dc=de

$ udm users/user list --filter username=test2 | grep Act
  accountActivationDate: None