laravel-saml2 icon indicating copy to clipboard operation
laravel-saml2 copied to clipboard

Published 20 hours ago verified publisher icon 24Slides

Error in script for deleting tenants

Open jjmvee opened this issue 3 years ago • 1 comments

Hi, there seems to be a bug in the console script for manipulating/deleting tenants. Specifing either an ID or a UUID leads to a SQL query syntax error. The value cannot be an integer and a string at the same time.

The backend database is PostgreSQL. Maybe other databases are more lenient with this but Postgres unfortunately not.

j@dev:~/vgp [saml2*]$ ./artisan saml2:delete-tenant 1a86e4e9-d8d0-4411-ac66-f4743f0250c6

   Illuminate\Database\QueryException 

  SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: "1a86e4e9-d8d0-4411-ac66-f4743f0250c6" (SQL: select * from "saml2_tenants" where ("id" = 1a86e4e9-d8d0-4411-ac66-f4743f0250c6 or "key" = 1a86e4e9-d8d0-4411-ac66-f4743f0250c6 or "uuid" = 1a86e4e9-d8d0-4411-ac66-f4743f0250c6) and "saml2_tenants"."deleted_at" is null)

  at vendor/laravel/framework/src/Illuminate/Database/Connection.php:692
    688▕         // If an exception occurs when attempting to run a query, we'll format the error
    689▕         // message to include the bindings with SQL, which will make this exception a
    690▕         // lot more helpful to the developer instead of just the database's errors.
    691▕         catch (Exception $e) {
  ➜ 692▕             throw new QueryException(
    693▕                 $query, $this->prepareBindings($bindings), $e
    694▕             );
    695▕         }
    696▕     }

      +29 vendor frames 
  30  artisan:37
      Illuminate\Foundation\Console\Kernel::handle()
j@dev:~/vgp [saml2*]$

The problem seems to lie in this method in class Slides\Saml2\Repositories\TenantRepository:

    /**
     * Find a tenant by any identifier.
     *
     * @param int|string $key ID, key or UUID
     * @param bool $withTrashed Whether need to include safely deleted records.
     *
     * @return Tenant[]|\Illuminate\Database\Eloquent\Collection
     */
    public function findByAnyIdentifier($key, bool $withTrashed = true)
    {   
        return $this->query($withTrashed)
            ->where('id', $key)
            ->orWhere('key', $key)
            ->orWhere('uuid', $key)
            ->get();
    }

Looks like a check is missing if $key is an integer (for 'id') or a text value (for 'uuid', or 'key').

Thanks.

jjmvee avatar Jun 08 '22 12:06 jjmvee

Will be fixed in the next patch release.

breart avatar Jul 07 '22 18:07 breart