[5.4] Expose finalization errors in autoupdate API response

[SniperSister]

Summary of Changes

So far, the update finalization endpoint of the autoupdate feature has not been exposing any potential cause of a issue during that execution step. This PR adds output.

Testing Instructions

• Install a site
• Enable auto updates
• Apply the patch
• Call the finalizeUpdate endpoint of the API /api/index.php/v1/joomlaupdate/finalizeUpdate and don't forget to supply the X-JUpdate-Token header with the respective token
• Verify the existence of the errors key in the response attributes

Actual result BEFORE applying this Pull Request

Errors missing

Expected result AFTER applying this Pull Request

Errors present

Link to documentations

Please select:

• [ ] Documentation link for docs.joomla.org:

• [x] No documentation changes for docs.joomla.org needed

• [ ] Pull Request link for manual.joomla.org:

• [x] No documentation changes for manual.joomla.org needed

[richard67]

I have tested this item :white_check_mark: successfully on f4b53c8a1ae629004b97eeefb0df2d1ac30073a2

Hint for other testers how I have tested

On a Linux (or if Windows: WSL) command line, I've called curl to post the request:

curl --user-agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0" -H "X-JUpdate-Token: <my automated updates token>" -X POST https://<my subdomain>/api/index.php/v1/joomlaupdate/finalizeUpdate

The --user-agent parameter was necessary for me because my special hardened .htaccess file on my subdomains blocks certain user agents.

Of course you have to replace the <my automated updates token> by the token you can see in and copy from the automated update parameters of the Joomla Update component, and the <my subdomain> by the actual URL of your site.

Your site should be on Joomla 5.4.1, and automated updates should be enabled.

Result without the PR:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":true}}}

Result without the PR:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":true,"errors":[]}}}

I.e. with the PR there is an additional attribute "errors":[] in the response data.

In case of success (like here) it is an empty array.

For producing an error I have crated a new update SQL script administrator/components/com_admin/sql/updates/mysql/5.4.2-2025-11-30.sql with an invalid SQL statement:

INSERT INTO `#__bla` (`blubb`) VALUES ('');

After that I've repeated the API call. Result:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":false,"errors":["Exception: installer::parseSchemaUpdates finished with \"false\" result. in test1\/administrator\/components\/com_joomlaupdate\/src\/Model\/UpdateModel.php:1067\nStack trace:\n#0 test1\/api\/components\/com_joomlaupdate\/src\/View\/Updates\/JsonapiView.php(120): Joomla\\Component\\Joomlaupdate\\Administrator\\Model\\UpdateModel->finaliseUpgrade()\n#1 test1\/api\/components\/com_joomlaupdate\/src\/Controller\/UpdatesController.php(104): Joomla\\Component\\Joomlaupdate\\Api\\View\\Updates\\JsonapiView->finalizeUpdate()\n#2 test1\/libraries\/src\/MVC\/Controller\/BaseController.php(730): Joomla\\Component\\Joomlaupdate\\Api\\Controller\\UpdatesController->finalizeUpdate()\n#3 test1\/libraries\/src\/Dispatcher\/ApiDispatcher.php(61): Joomla\\CMS\\MVC\\Controller\\BaseController->execute()\n#4 test1\/libraries\/src\/Component\/ComponentHelper.php(361): Joomla\\CMS\\Dispatcher\\ApiDispatcher->dispatch()\n#5 test1\/libraries\/src\/Application\/ApiApplication.php(433): Joomla\\CMS\\Component\\ComponentHelper::renderComponent()\n#6 test1\/libraries\/src\/Application\/ApiApplication.php(116): Joomla\\CMS\\Application\\ApiApplication->dispatch()\n#7 test1\/libraries\/src\/Application\/CMSApplication.php(304): Joomla\\CMS\\Application\\ApiApplication->doExecute()\n#8 test1\/api\/includes\/app.php(50): Joomla\\CMS\\Application\\CMSApplication->execute()\n#9 test1\/api\/index.php(31): require_once('\/homepages\/38\/d...')\n#10 {main}"]}}}

(with the absolute path to the files removed).

I.e. the new errors attribute contains the exception details and the call stack.

Of course you should remove that bad update SQL script after the test.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/46493.}

[exlemor]

Thanks for the great testing instructions @richard67, unfortunately I have tried on 3 different sites and I am not getting past

curl --user-agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0" -H "X-JUpdate-Token: <my automated updates token>" -X POST https://<my subdomain>/api/index.php/v1/joomlaupdate/finalizeUpdate

(with of course updating <my automated updates token> and <my subdomain>, for 2 sites, I just get a blank line after pressing enter and then eventually,

a. curl: (28) Failed to connect to www.domain.com port 443: Connection timed out

for another site, I get Method Not Allowed and for a 4th, I get a 403 forbidden:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>

so I'm not having much fun :/ lol

[brianteeman]

I assume you added your token and just removed it from your post?

[exlemor]

I assume you added your token and just removed it from your post?

Hi @brianteeman, yes absolutely.

[richard67]

@exlemor SSL is ok for your site? I.e. not a self signed certificate? curl is a bit strict with that.

[exlemor]

@exlemor SSL is ok for your site? I.e. not a self signed certificate? curl is a bit strict with that.

These are all live sites (some testing installations, some not) all on the internet with Let's Encrypt SSL certs not self-signed.

[richard67]

@exlemor I've allowed myself to add the missing tickmarks for quoting code (or markup) on Github to your comment with your result.

a. curl: (28) Failed to connect to www.domain.com port 443: Connection timed out

Sure that this site was reachable with https from that client where you have used curl?

for another site, I get Method Not Allowed and for a 4th, I get a 403 forbidden:

Do these sites have an .htaccess file, and if so, does it contain this section? https://github.com/joomla/joomla-cms/blob/5.4-dev/htaccess.txt#L102-L113

Do they maybe have also an .htaccess file in the parent folder which forbids the api requests?

[exlemor]

@exlemor I've allowed myself to add the missing tickmarks for quoting code (or markup) on Github to your comment with your result.

Thanks for the fix.

a. curl: (28) Failed to connect to www.domain.com port 443: Connection timed out

Sure that this site was reachable with https from that client where you have used curl?

Yes, just checked it, reachable - when I do a verbose curl, it seems to be negotiating up until the You don't have permission message

for another site, I get Method Not Allowed and for a 4th, I get a 403 forbidden:

Do these sites have an .htaccess file, and if so, does it contain this section? https://github.com/joomla/joomla-cms/blob/5.4-dev/htaccess.txt#L102-L113

Yes, they do, it's the unedited .htaccess file that comes with Joomla.

Do they maybe have also an .htaccess file in the parent folder which forbids the api requests?

Yes, there is as this test installation is in the /_j540/ sub-folder but it too is the default installation .htaccess file.

[richard67]

@exlemor And you have used the token from the Joomla Update component's automated update settings, not the API token which might be configured for the regular API access for the superuser?

[exlemor]

@exlemor And you have used the token from the Joomla Update component's automated update settings, not the API token which might be configured for the regular API access for the superuser?

Absolutely Sir, I (usually ;) ) try to follow directions :p 🤪😂 especially when it's repeated.

[richard67]

Then I have no idea why it fails for your sites.

[exlemor]

Then I have no idea why it fails for your sites.

😭 but thank you very much for taking the time to look into it!

[muhme]

I have tested this item :white_check_mark: successfully on f4b53c8a1ae629004b97eeefb0df2d1ac30073a2

Tested with live site, starting with nigthly build full package, enabled Automated Updates

• Tested "success": true

curl -H "X-JUpdate-Token: wg...zG" -X POST https://joomla-test.heikol.de/api/index.php/v1/joomlaupdate/finalizeUpdate  | jq
{
  "links": {
    "self": "https://joomla-test.heikol.de/api/index.php/v1/joomlaupdate/finalizeUpdate"
  },
  "data": {
    "type": "updates",
    "id": "finalizeUpdate",
    "attributes": {
      "success": true
    }
  }
}

• Created invalid blubb SQL-statement like https://github.com/joomla/joomla-cms/pull/46493#issuecomment-3592627482
• Seen "success": False without error description

  "data": {
    "type": "updates",
    "id": "finalizeUpdate",
    "attributes": {
      "success": false
    }
  }
  

• Applied PR in overwriting api/components/com_joomlaupdate/src/View/Updates/JsonapiView.php
• Error description is also listed:

  "data": {
    "type": "updates",
    "id": "finalizeUpdate",
    "attributes": {
      "success": false,
      "errors": [
        "Exception: installer::parseSchemaUpdates finished with \"false\" result. in public_html/administrator/components/com_joomlaupdate/src/Model/UpdateModel.php:1067\nStack trace:\n#0 public_html/api/components/com_joomlaupdate/src/View/Updates/JsonapiView.php(120): Joomla\\Component\\Joomlaupdate\\Administrator\\Model\\UpdateModel->finaliseUpgrade()\n#1 public_html/api/components/com_joomlaupdate/src/Controller/UpdatesController.php(104): Joomla\\Component\\Joomlaupdate\\Api\\View\\Updates\\JsonapiView->finalizeUpdate()\n#2 public_html/libraries/src/MVC/Controller/BaseController.php(730): Joomla\\Component\\Joomlaupdate\\Api\\Controller\\UpdatesController->finalizeUpdate()\n#3 public_html/libraries/src/Dispatcher/ApiDispatcher.php(61): Joomla\\CMS\\MVC\\Controller\\BaseController->execute()\n#4 public_html/libraries/src/Component/ComponentHelper.php(361): Joomla\\CMS\\Dispatcher\\ApiDispatcher->dispatch()\n#5 public_html/libraries/src/Application/ApiApplication.php(433): Joomla\\CMS\\Component\\ComponentHelper::renderComponent()\n#6 public_html/libraries/src/Application/ApiApplication.php(116): Joomla\\CMS\\Application\\ApiApplication->dispatch()\n#7 public_html/libraries/src/Application/CMSApplication.php(304): Joomla\\CMS\\Application\\ApiApplication->doExecute()\n#8 public_html/api/includes/app.php(50): Joomla\\CMS\\Application\\CMSApplication->execute()\n#9 public_html/api/index.php(31): require_once('...')\n#10 {main}"
      ]
    }
  }

• Deleted invalid blubb SQL-statement and checked "success": true without errors is still working

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/46493.}

[muhme]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/46493.}

[richard67]

@SniperSister Thanks for this PR, and thanks @muhme for testing.