Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Continuous modification of user information results in an error #1374

Open
rofixro opened this issue Jul 26, 2023 · 4 comments
Open

[Bug]: Continuous modification of user information results in an error #1374

rofixro opened this issue Jul 26, 2023 · 4 comments
Assignees
@geromegrignon
Labels
bug

Comments

@rofixro
Copy link
Contributor

rofixro commented Jul 26, 2023

Relevant scope

Deployed demo

Description

When I try to modify user information for the second time consecutively, the server returns a status code of 500 and displays the following error message: “\nInvalid prisma.user.update() invocation:\n\n\nAn operation failed because it depends on one or more records that were required but not found. Record to update not found.”

image
@rofixro rofixro added the bug label Jul 26, 2023
@geromegrignon
Copy link
Contributor

Hi @Niyaco,

I can reproduce it.
I'm starting local tests right now to identify the bug.

@geromegrignon
Copy link
Contributor

I'm quite busy right now handling it but based on my first tests, it's due to using the username from the token on backend side to find the user to be updated.

It happens by firstly updating the username.
On consequential tries, you still have the same token with the old username.
The API consumes it to find the user to be updated, but there is nothing to be found.

@rahulthedevil
Copy link

I'm quite busy right now handling it but based on my first tests, it's due to using the username from the token on backend side to find the user to be updated.

It happens by firstly updating the username. On consequential tries, you still have the same token with the old username. The API consumes it to find the user to be updated, but there is nothing to be found.

Then why not use something that does not change to generate the token? Maybe user id? If it seems that it may cause security issue, then why not create one unique id for each user only to use it for access token and it will never change and eliminate all data from token which can be changed by user

@geromegrignon
Copy link
Contributor

I'm quite busy right now handling it but based on my first tests, it's due to using the username from the token on backend side to find the user to be updated.
It happens by firstly updating the username. On consequential tries, you still have the same token with the old username. The API consumes it to find the user to be updated, but there is nothing to be found.

Then why not use something that does not change to generate the token? Maybe user id? If it seems that it may cause security issue, then why not create one unique id for each user only to use it for access token and it will never change and eliminate all data from token which can be changed by user

Yes exactly, that's what I have in mind (there is already a unique id for each user, but not exposed to the API currently).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@geromegrignon geromegrignon

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@geromegrignon @rahulthedevil @rofixro