Make WordPress Core

Opened 6 years ago

Closed 4 years ago

#44648 closed defect (bug) (duplicate)

User creation even though an error is thrown

Reported by: apermo's profile apermo Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.7
Component: REST API Keywords: needs-patch needs-unit-tests
Focuses: Cc:

Description (last modified by SergeyBiryukov)

I just had an issue, the issue itself pretty mush doubles like this issue #40889

When creating a new account including a (registered) custom meta I get the following error message.

{
"code":"rest_cannot_update",
"message":"Sorry, you are not allowed to edit the _r24b_remote_id custom field.",
"data":{"key":"_r24b_remote_id","status":403}
}

But even though throwing an error, the user is created anyway, but I don't get the User ID in return.

Sending the unchanged request a second time will now cause this answer

{
"code":"existing_user_login",
"message":"Der Benutzername existiert bereits!",
"data":null
}

So besides the bug from the other ticket.

A nested error like in my case should either make the whole creat process fail(or undo the successful first part of the creation) or the error message should contain the information that the user was created and only the meta field failed.

Change History (9)

#1 @flixos90
6 years ago

  • Keywords needs-patch needs-unit-tests added
  • Milestone changed from Awaiting Review to 5.0

#2 @apermo
6 years ago

  • Keywords needs-patch needs-unit-tests removed

Ok, the first part of my problem is solved thanks to @flixos90

My code was missing a auth_callback, but the issue that a nested error will not return the information that the user itself was created is still an issue.

Without testing, I assume that the same problem will also occur for any other item type, in case of posts leading to double postings.

#3 @apermo
6 years ago

  • Keywords needs-patch needs-unit-tests added

#4 @SergeyBiryukov
6 years ago

  • Description modified (diff)

#5 @apermo
6 years ago

I figured out what happens here.

<?php
protected function update_meta_value( $object_id, $meta_key, $name, $value ) {
   $meta_type = $this->get_meta_type();
   if ( ! current_user_can(  "edit_{$meta_type}_meta", $object_id, $meta_key ) ) {
...

Upon creating a new element $object_id is 0 when this function is called, and thus current_user_can will return false.

This error also applies to setting meta for any other type like categories, post_tags... With the same impact, the element is created but a 403 is returned.

This ticket was mentioned in Slack in #core-restapi by apermo. View the logs.


6 years ago

This ticket was mentioned in Slack in #core-restapi by timothybjacobs. View the logs.


6 years ago

#8 @danielbachhuber
6 years ago

  • Milestone changed from 5.0 to Future Release

Punting to Future Release because this isn't necessary for 5.0.

#9 @TimothyBlynJacobs
4 years ago

  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from new to closed

I've tested and creating a new post and providing meta at the same time does work. So that bug may have been fixed in the meantime.

But there is an issue with subsequent processing returning an error and the created item being lost. I opened #48822 to try and address that.

Note: See TracTickets for help on using tickets.