Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#5374 closed defect (fixed)

"Deathorize applications" causes server error after federation migrations

Reported by: ayleph Owned by:
Priority: blocker Milestone: 0.9.0
Component: programming Keywords: db, api, migrations, accesstoken
Cc: tsyesika Parent Tickets:

Description

Clicking the "Deauthorize applications" link on current master causes a server error.

Error - <class 'sqlalchemy.exc.InvalidRequestError'>: Entity '<class 'mediagoblin.db.models.AccessToken'>' has no property 'user'
URL: https://goblinrefuge.com/mediagoblin/edit/deauthorize/
File '/path/to/mediagoblin/lib/python2.7/site-packages/paste/exceptions/errormiddleware.py', line 144 in __call__
  app_iter = self.application(environ, sr_checker)
File '/path/to/mediagoblin/mediagoblin/app.py', line 342 in __call__
  return self.call_backend(environ, start_response)
File '/path/to/mediagoblin/lib/python2.7/site-packages/Werkzeug-0.10.1-py2.7.egg/werkzeug/wsgi.py', line 591 in __call__
  return self.app(environ, start_response)
File '/path/to/mediagoblin/mediagoblin/app.py', line 276 in call_backend
  return self._finish_call_backend(request, environ, start_response)
File '/path/to/mediagoblin/mediagoblin/app.py', line 318 in _finish_call_backend
  response = controller(request)
File '/path/to/mediagoblin/mediagoblin/decorators.py', line 47 in wrapper
  return controller(request, *args, **kwargs)
File '/path/to/mediagoblin/mediagoblin/decorators.py', line 74 in new_controller_func
  return controller(request, *args, **kwargs)
File '/path/to/mediagoblin/mediagoblin/edit/views.py', line 296 in deauthorize_applications
  access_tokens = AccessToken.query.filter_by(user=request.user.id)
File 'build/bdist.linux-x86_64/egg/sqlalchemy/orm/query.py', line 1256 in filter_by
File 'build/bdist.linux-x86_64/egg/sqlalchemy/orm/util.py', line 1218 in _entity_descriptor
InvalidRequestError: Entity '<class 'mediagoblin.db.models.AccessToken'>' has no property 'user'

Change History (5)

comment:1 by ayleph, 8 years ago

mediagoblin/db/models.py was recently changed:

   class AccessToken(Base):
   ...
       token = Column(Unicode, nullable=False, primary_key=True)
       secret = Column(Unicode, nullable=False)
-      user = Column(Integer, ForeignKey(User.id))
+      actor = Column(Integer, ForeignKey(User.id))
       request_token = Column(Unicode, ForeignKey(RequestToken.token))
   ...

But mediagoblin/edit/views.py was not changed to match:

def deauthorize_applications(request):
    """ Deauthroize OAuth applications """
    ...
    access_tokens = AccessToken.query.filter_by(user=request.user.id)

comment:2 by ayleph, 8 years ago

Owner: ayleph removed
Status: newreview

Patch below. Tested working on my instance. Requesting review.

From b628eb99cc246809bf0a381335b961d81accdb43 Mon Sep 17 00:00:00 2001
From: ayleph <ayleph@thisshitistemp.com>
Date: Thu, 17 Dec 2015 20:35:38 -0500
Subject: [PATCH] Fix issue 5374 Deauthorize Applications crashes

This patch fixes issue 5374 by querying the correct sql column for
access tokens.
---
 mediagoblin/edit/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 3982820..00c6115 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -293,7 +293,7 @@ def deauthorize_applications(request):
                 _("Application has been deauthorized")
             )

-    access_tokens = AccessToken.query.filter_by(user=request.user.id)
+    access_tokens = AccessToken.query.filter_by(actor=request.user.id)
     applications = [(a.get_requesttoken, a) for a in access_tokens]

     return render_to_response(
--
2.6.4

comment:3 by Jessica Tallon, 8 years ago

This has been fixed f1db51e4.

comment:4 by Jessica Tallon, 8 years ago

Resolution: fixed
Status: reviewclosed

comment:5 by Christopher Allan Webber, 8 years ago

Milestone: 0.8.20.9.0

All 0.8.2 tickets are being rolled over to 0.9.0

Note: See TracTickets for help on using tickets.