github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-22 06:24:14 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Some API parameter parsing error #10798

New Issue
Open
opened 2025-11-02 09:18:25 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-02 09:18:25 -06:00
Owner
Copy Link

Originally created by @painsAgains on GitHub (May 7, 2023).

Description

When I use API to access Gitea,I got some 500 response code from Gitea.But I think I should recieve 4xx code,so I think these API have some bug in design period

1. webhook-id not found

API PATH

 /admin/hooks/{id}

Method

GET,PATCH

RequestBody

{}

URL

http://localhost:3000/api/v1/admin/hooks/14

Response code and message

code: 500 message:webhook does not exist [id: 14]

Problem description

In fact, I think that when I access a non-existent webhook-id, I should receive a 4xx response code, e.g. 404 instead of 500

2. last_read_at parameter parsing error

API PATH

 /notifications

Method

PUT

RequestBody

""

URL

http://localhost:3000/api/v1/notifications?last_read_at\u003d1682567431888

Response code and message

code: 500 message:parsing time \\\"1682567431888\\\" as \\\"2006-01-02T15:04:05Z07:00\\\": cannot parse \\\"567431888\\\" as \\\"-\\\"\",\"url\":\"http://localhost:3000/api/swagger"

Problem description

I think Gitea should return me a 4xx error when I enter an incorrect parameter format, or forbid me to enter parameters in this format

3. Usename inconsistency

API PATH

 /admin/users/{username}/orgs

Method

POST

RequestBody

{"location": "fuzzstring", "username": "fake_name"}"

URL

http://localhost:3000/api/v1/admin/users/real_name/orgs

Response code and message

 user is not allowed to create organizations

Problem description

This 500 error occurs when the username parameter I entered in the requestBody does not match the username parameter in the url path, it is worth mentioning that the username in the url path is actual, while the username parameter in the requestBody is fictitious.I think I should have received a 4xx response code, or a critical check of the parameters

Gitea Version

1.19.1

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

I build Gitea by using https://dl.gitea.com/gitea/1.19.1/gitea-1.19.1-linux-amd64

Database

PostgreSQL

Originally created by @painsAgains on GitHub (May 7, 2023). ### Description When I use API to access Gitea,I got some 500 response code from Gitea.But I think I should recieve 4xx code,so I think these API have some bug in design period ### 1. webhook-id not found #### API PATH ``` /admin/hooks/{id} ``` #### Method **GET,PATCH** #### RequestBody {} #### URL http://localhost:3000/api/v1/admin/hooks/14 #### Response code and message ``` code: 500 message:webhook does not exist [id: 14] ``` #### Problem description In fact, I think that when I access a non-existent webhook-id, I should receive a 4xx response code, e.g. 404 instead of 500 ### 2. last_read_at parameter parsing error #### API PATH ``` /notifications ``` #### Method **PUT** #### RequestBody "" #### URL http://localhost:3000/api/v1/notifications?last_read_at\u003d1682567431888 #### Response code and message ``` code: 500 message:parsing time \\\"1682567431888\\\" as \\\"2006-01-02T15:04:05Z07:00\\\": cannot parse \\\"567431888\\\" as \\\"-\\\"\",\"url\":\"http://localhost:3000/api/swagger" ``` #### Problem description I think Gitea should return me a 4xx error when I enter an incorrect parameter format, or forbid me to enter parameters in this format ### 3. Usename inconsistency #### API PATH ``` /admin/users/{username}/orgs ``` #### Method **POST** #### RequestBody {\"location\": \"fuzzstring\", \"username\": \"fake_name\"}" #### URL http://localhost:3000/api/v1/admin/users/real_name/orgs #### Response code and message ``` user is not allowed to create organizations ``` #### Problem description This 500 error occurs when the username parameter I entered in the requestBody does not match the username parameter in the url path, it is worth mentioning that the username in the url path is actual, while the username parameter in the requestBody is fictitious.I think I should have received a 4xx response code, or a critical check of the parameters ### Gitea Version 1.19.1 ### Can you reproduce the bug on the Gitea demo site? Yes ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? I build Gitea by using https://dl.gitea.com/gitea/1.19.1/gitea-1.19.1-linux-amd64 ### Database PostgreSQL
GiteaMirror added the topic/apitype/bugmodifies/api labels 2025-11-02 09:18:26 -06:00
GiteaMirror commented 2025-11-02 09:18:27 -06:00
Author
Owner
Copy Link

@sonjek commented on GitHub (May 20, 2023):

I checked 2. last_read_at parameter parsing error and I suppose that 500 is expected error code in this case.

Current implementation of last_read_at supports values that applicable to RFC3339 standard only:
"2023-05-20T01:00:00+03:00" -> 2023-05-20T01%3A00%3A00%2B03%3A00
"2023-05-20T01:00:00Z" -> 2023-05-20T01%3A00%3A00Z

I think that it will be good to support timestamp type values as well.
I will investigate how to implement this.

@sonjek commented on GitHub (May 20, 2023): I checked `2. last_read_at parameter parsing error` and I suppose that 500 is expected error code in this case. Current implementation of **last_read_at** supports values that applicable to **RFC3339** standard only: `"2023-05-20T01:00:00+03:00"` -> `2023-05-20T01%3A00%3A00%2B03%3A00` `"2023-05-20T01:00:00Z"` -> `2023-05-20T01%3A00%3A00Z` I think that it will be good to support timestamp type values as well. I will investigate how to implement this.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label modifies/api topic/api type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#10798
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?