discord-api-docs icon indicating copy to clipboard operation
discord-api-docs copied to clipboard

Published 20 hours ago verified publisher icon discord

User Roles Not Being Properly Removed / Audit Log Discrepencies

Open gwkline opened this issue 1 year ago • 3 comments

Description

Hi there, hope you are doing well. I'm reaching out regarding what seems to be a bug with updating/removing user roles through the API.

I have a bot in ~7500 guilds, and we're seeing reports that users roles are not properly being removed, where we have both logs on our end of a successful (2xx) response from your API, and audit logs showing that our application updated or removed roles on that given user.

We have users complaining because Discord support is saying this is an issue with our bot. Could you please either add role-addition audit logs or help us identify how these users are being given roles?

We have logs (both your audit logs and internal logs) showing that on 4/3/2023 we removed 3 roles from a user. Immediately after, the user was shown with 1 of those 3 roles still present. Considering our logs only fire upon a 2xx API response code, I am lost on how this is happening.

Steps to Reproduce

API v10 endpoints

If a user has multiple roles that we are trying to remove, we call https://discord.com/developers/docs/resources/guild#modify-guild-member, with the roles parameter being an empty array

If we are looking to remove a single roll, we call https://discord.com/developers/docs/resources/guild#remove-guild-member-role

This does not occur every time we call the request, but in the past few days has gotten much more common.

Expected Behavior

If our backend receives a 2xx request from these endpoints, and audit logs show roles as being removed, we would expect the roles to be removed.

We have no way to see how these roles are being added back - whether this is us, another application, or Discord. Please add this to audit logs at the very least!

Current Behavior

Our backend is being returned a 2xx response, with audit logs confirming the role is removed, but somehow the user keeps at least one of the removed roles.

Screenshots/Videos

1 2 3

Client and System Information

API v10, calling through Typhoeus HTTP client in Ruby on Rails

gwkline avatar Apr 12 '23 17:04 gwkline

haven't been able to repro this unfortunately. There are some roles that are managed and can't be deleted, like the role that is assigned to users that boost the server. But attempting to remove these is supposed to return a 403 and not 200's like you mentioned. Is there any additional info or maybe a test server with example roles setup that I could look at where I can repro the issue?

hemu avatar Jun 01 '23 17:06 hemu

@hemu

I think you can do the following to reproduce:

  • Have a user with 3 or so roles
  • For the sake of the bug, call https://discord.com/developers/docs/resources/guild#remove-guild-member-role on each role back-to-back
  • If you do this quick enough, you should see 2XX responses, but one of the roles will remain

I'm not sure if this happens every time, but a coworker was able to replicate like this within a few minutes of trying. Good luck!

gwkline avatar Jun 09 '23 23:06 gwkline

I'm seeing similar behavior while adding/removing roles. The audit log exists, but sometimes the changes do not actually seem to happen like the audit log suggests. I'm primarily seeing this in a server with a lot of roles and members. I think one of the servers is actually nearing the role limit.

Happy to provide specific details to someone if it is needed.

plunkettscott avatar Mar 17 '24 21:03 plunkettscott