stack icon indicating copy to clipboard operation
stack copied to clipboard

Published 20 hours ago verified publisher icon stack-auth

Bug: Improper Handling of Request Body Parameters in User and Team Creation APIs

Open kfahad5607 opened this issue 6 months ago • 3 comments

I have identified a few issues with the server APIs. Some APIs are accepting data in the request body that is not being used in the route handlers.

Issues with following APIs

1. Create User

  • Issue: When creating a new user, the API accepts selected_team_id, but the route handler does not make use of selected_team_id.
  • Untitled design (1)

2. Create a Team

  • Issue: When creating a new team, the API accepts profile_image_url, but the route handler does not add the profile_image_url to the newly created team.
  • Untitled design

Probable Solutions

1. Create User

  • Solution 1: Do not accept selected_team_id at all, as it does not make sense to ask for a team ID when the membership does not exist.
  • Solution 2: Create the membership between the newly created user and selected_team_id, then make the team the selected team.

2. Create a Team

  • Solution: Pass profile_image_url while creating the new team.

Additional Notes:

I would love to work on this issue. Please assign it to me if possible.

kfahad5607 avatar Aug 05 '24 17:08 kfahad5607