Bug: `GET /robot-permissions` Does Not Work With Some Nested Fields In `include`

Introduction

In this article, we will be discussing a bug that affects the GET /robot-permissions endpoint in the AuthUp system. The bug is related to the inclusion of nested fields in the include parameter of the request. Specifically, it is observed that some nested fields are not being applied to the resource, resulting in an incomplete response.

Versions

The bug is present in the latest version of the AuthUp system, which is based on the Docker image authup/authup@sha256:8b3cd793a3f95da9299347e3b0435d5771fd430c3b8d78291787b051a3a64ef4.

Reproduction

To reproduce the bug, follow these steps:

Step 1: Create an arbitrary robot and a permission

Create a robot and a permission using the AuthUp API. This can be done using the following requests:

curl -X POST \
  http://localhost:8080/robots \
  -H 'Content-Type: application/json' \
  -d '{"name": "Robot 1", "description": "This is a robot"}'

curl -X POST \
  http://localhost:8080/permissions \
  -H 'Content-Type: application/json' \
  -d '{"name": "Permission 1", "description": "This is a permission"}'

Step 2: Create a robot permission based on previously created robot and permission

Create a robot permission using the previously created robot and permission. This can be done using the following request:

curl -X POST \
  http://localhost:8080/robot-permissions \
  -H 'Content-Type: application/json' \
  -d '{"robot_id": 1, "permission_id": 1}'

Step 3: Query robot permissions with GET /robot-permissions/?include=role,role_realm,user_realm,user

Query the robot permissions using the GET /robot-permissions/?include=role,role_realm,user_realm,user endpoint. This should return the robot permissions with the included fields.

Additional Details

The following details provide additional information about the bug:

• The bug is specific to the GET /robot-permissions endpoint and does not affect other endpoints.
• The bug is related to the inclusion of nested fields in the include parameter of the request.
• The bug is not present in earlier versions of the AuthUp system.

Steps to Reproduce

The steps to reproduce the bug are as follows:

1. Create an arbitrary robot and a permission.
2. Create a robot permission based on previously created robot and permission.
3. Query robot permissions with GET /robot-permissions/?include=role,role_realm,user_realm,user.

What is Expected?

The expected behavior is that the resource should have all nested properties applied to it. In this case, the robot and permission should be present, along with their respective realms.

What is Actually Happening?

The actual behavior is that the robot and permission are present, but not their respective realms. This indicates that the bug is to the inclusion of nested fields in the include parameter of the request.

Conclusion

Q&A

Q: What is the bug in the GET /robot-permissions endpoint?

A: The bug is related to the inclusion of nested fields in the include parameter of the request. Specifically, it is observed that some nested fields are not being applied to the resource, resulting in an incomplete response.

Q: What is the expected behavior of the GET /robot-permissions endpoint?

A: The expected behavior is that the resource should have all nested properties applied to it. In this case, the robot and permission should be present, along with their respective realms.

Q: What is the actual behavior of the GET /robot-permissions endpoint?

A: The actual behavior is that the robot and permission are present, but not their respective realms. This indicates that the bug is to the inclusion of nested fields in the include parameter of the request.

Q: How can I reproduce the bug?

A: To reproduce the bug, follow these steps:

1. Create an arbitrary robot and a permission.
2. Create a robot permission based on previously created robot and permission.
3. Query robot permissions with GET /robot-permissions/?include=role,role_realm,user_realm,user.

Q: What versions of the AuthUp system are affected by the bug?

A: The bug is present in the latest version of the AuthUp system, which is based on the Docker image authup/authup@sha256:8b3cd793a3f95da9299347e3b0435d5771fd430c3b8d78291787b051a3a64ef4.

Q: How can I fix the bug?

A: To fix the bug, you can try the following:

1. Update to the latest version of the AuthUp system.
2. Check the include parameter of the request to ensure that all nested fields are being applied correctly.
3. Verify that the resource is being returned with all nested properties applied.

Q: What are the implications of the bug?

A: The bug can have significant implications for users of the AuthUp system, particularly those who rely on the GET /robot-permissions endpoint to retrieve robot permissions. The incomplete response can lead to errors and inconsistencies in the system.

Q: How can I get help with the bug?

A: If you are experiencing issues with the bug, you can try the following:

1. Check the AuthUp documentation and release notes for information on the bug.
2. Reach out to the AuthUp support team for assistance.
3. Join the AuthUp community forum to discuss the bug with other users and developers.

Conclusion

In conclusion, the bug in the GET /robot-permissions endpoint is related to the inclusion of nested fields in the include parameter of the request. The bug is specific to the latest version of the AuthUp system and does not affect earlier versions. To reproduce the bug, follow the steps outlined above. The expected behavior is that the resource should have all nested properties to it, but the actual behavior is that the robot and permission are present, but not their respective realms.