Pass db_session to user delete method#3509
Pass db_session to user delete method#3509guptapratykshh wants to merge 3 commits intoaugurlabs:mainfrom
Conversation
guptapratykshh
force-pushed
the
fix/delete-account-2672
branch
3 times, most recently
from
2c82017 to
a08dd38
Compare
guptapratykshh
force-pushed
the
fix/delete-account-2672
branch
from
ba588f4 to
1e7fa95
Compare
guptapratykshh
force-pushed
the
fix/delete-account-2672
branch
2 times, most recently
from
8df7eb0 to
0cf49f2
Compare
|
Reverted all the imports and else block that were removed , please review the PR @MoralCode |
|
Code looks good! Just make sure to rebase your changes. Id also be curious how this was tested/get a couple maintainers to give it the thumbs up. Overall looks like this is very close to being able to ship! |
guptapratykshh
force-pushed
the
fix/delete-account-2672
branch
from
0cf49f2 to
51d3688
Compare
|
I tested this by checking the code (the User.delete() method needs a session parameter that wasn't being passed) and writing a mock test to verify the fix works correctly. Also the docker build failure is not related to this PR. It is CI issue with the geckodriver download because gitHub API returned null. Rerunning the build should fix it. |
guptapratykshh
force-pushed
the
fix/delete-account-2672
branch
from
0a52048 to
4793eaf
Compare
augur/api/view/routes.py
Outdated
| else: | ||
| logger.error(f"Failed to delete account {username}: {result[1]}") | ||
| flash("An error occurred removing the account") | ||
| except Exception as e: |
There was a problem hiding this comment.
should we roll back the transaction here if an error happens?
There was a problem hiding this comment.
Looking at User.delete() - it calls session.commit() internally at the end. If an exception is raised before that commit, the changes aren't persisted anyway.
There was a problem hiding this comment.
But I guess explicitly calling session.rollback() would be cleaner to reset the session state? That said, since db_session is a scoped session in, it should handle cleanup on the next request. So it's not strictly necessary.
MoralCode
added
the
discussion
Is that test included? |
shlokgilda
left a comment
shlokgilda
left a comment
There was a problem hiding this comment.
Looks good overall. Just a nitpick comment about logger.
augur/api/view/routes.py
Outdated
| else: | ||
| logger.error(f"Failed to delete account {username}: {result[1]}") | ||
| flash("An error occurred removing the account") | ||
| except Exception as e: |
There was a problem hiding this comment.
But I guess explicitly calling session.rollback() would be cleaner to reset the session state? That said, since db_session is a scoped session in, it should handle cleanup on the next request. So it's not strictly necessary.
augur/api/view/routes.py
Outdated
| logger.error(f"Failed to delete account {username}: {result[1]}") | ||
| flash("An error occurred removing the account") | ||
| except Exception as e: | ||
| logger.error(f"Exception occurred while deleting account: {e}") |
There was a problem hiding this comment.
nit: including the username in the exception log would help correlate errors with specific users during debugging
logger.error(f"Exception occurred while deleting account {username}: {e}")
|
Hello! Just wanted to check in to see if you were still interested in helping the maintainers merge this PR. We noticed it has been a little while since this last had activity, and are considering closing it or taking it over if it remains in its current state. Please react to or reply to this to confirm your interest in the next 7 days or let us know if you are no longer interested in this so we can best prioritize everyone's contributions. Thanks! |
MoralCode
added
the
stale
MoralCode
changed the title
MoralCode
force-pushed
the
fix/delete-account-2672
branch
from
9728436 to
4aefc7a
Compare
- Pass required db_session parameter to current_user.delete() - Add try-except block for proper exception handling - Store username before deletion for accurate flash message - Add error logging for debugging failed deletions Signed-off-by: Pratyksh Gupta <pratykshgupta9999@gmail.com> Signed-off-by: guptapratykshh <pratykshgupta9999@gmail.com> Signed-off-by: Adrian Edwards <adredwar@redhat.com>
MoralCode
force-pushed
the
fix/delete-account-2672
branch
from
4aefc7a to
7e90eaa
Compare
Signed-off-by: Adrian Edwards <adredwar@redhat.com>
Signed-off-by: Adrian Edwards <adredwar@redhat.com>
MoralCode
force-pushed
the
fix/delete-account-2672
branch
from
7e90eaa to
0da33d7
Compare
|
Taking this over as it is a relatively straightforward fix to a known, reproducible bug and the original submitter has not responded |
MoralCode
removed
the
stale
| @@ -198,10 +198,11 @@ def authorize_user(): | |||
| @app.route('/account/delete') | |||
There was a problem hiding this comment.
Not from this PR, but user_delete is on a GET route. Might be worth a follow-up to change this to POST.
| flash(f"Account {current_user.login_name} successfully removed") | ||
| logout_user() | ||
| else: | ||
| logger.error(f"Exception occurred while deleting account {current_user.login_name}: {e}") |
There was a problem hiding this comment.
There's no try/except (e will be undefined). Either wrap the delete in a try/except or just drop the logger line.
| flash(f"Account {current_user.login_name} successfully removed") | ||
| logout_user() | ||
| else: | ||
| logger.error(f"Exception occurred while deleting account {current_user.login_name}: {e}") |
There was a problem hiding this comment.
current_user.login_name might not be valid after delete() since it commits the row deletion internally. Capture the username before calling delete.
3 participants
Description
This PR fixes a critical bug where users attempting to delete their accounts would encounter a 500 Internal Server Error. The root cause was that the user_delete() route handler was calling
current_user.delete()without passing the required session parameter.db_sessionparameter toUser.delete()methodThis PR fixes #2672
Notes for Reviewers
Signed commits