Fixed API POST users/{id}/avatar endpoint returns success on error

[BubbaLovesCheese]

Affected version

2.2.3 Patch 1

Hi,

I've noticed (and read in other posts) that the API endpoint for POST users/{id}/avatar returns success even when no avatar is created.

This has been documented in 2 posts.

1. The API will response with "success" but it doesn't work.
2. Successfully created Avatar, However, no avatars have been created.

Thanks.

 

[inzanty]

Hi,

I've noticed (and read in other posts) that the API endpoint for POST users/{id}/avatar returns success even when no avatar is created.

This has been documented in 2 posts.

1. The API will response with "success" but it doesn't work.
2. Successfully created Avatar, However, no avatars have been created.

Thanks.

Do you set "File" param in your query?

 

[Kier]

I'm struggling to reproduce this with a properly constructed API request...

This request works successfully, and returns a success message:

POST http://localhost/xf22/api/users/7/avatar
Content-Type: multipart/form-data; boundary=WebAppBoundary
Accept: application/json
XF-Api-Key: {{XF-Api-Key}}
XF-Api-User: {{XF-Api-User}}

--WebAppBoundary
Content-Disposition: form-data; name="avatar"; filename="5m.jpg"

< ./img/5m.jpg
--WebAppBoundary--

// success message

{
  "success": true
}

Response code: 200 (OK); Time: 944ms; Content length: 23 bytes

However, if I trigger a failure in one of the only ways that is possible with avatars, namely the file being larger than post_max_size or upload_max_filesize in php.ini, or by the number of pixels in the image exceeding $config[‘maxImageResizePixelCount’], then I get proper failure messages like this:

// exceeds php.ini upload_max_filesize

{
  "errors": [
    {
      "code": "uploaded_file_is_too_large_for_server_to_process",
      "message": "The uploaded file is too large for the server to process.",
      "params": []
    }
  ]
}

Response code: 400 (Bad Request); Time: 393ms; Content length: 226 bytes

// exceeds XF $config['maxImageResizePixelCount']

{
  "errors": [
    {
      "code": "uploaded_image_is_too_big",
      "message": "The uploaded image is too big.",
      "params": []
    }
  ]
}

Response code: 400 (Bad Request); Time: 432ms; Content length: 176 bytes

So, can anyone demonstrate a properly formed request that returns a success message with failure?

 

[BubbaLovesCheese]

I think the issue is that an improperly formed request returns a success message when there is a failure. When I assume, it should return a failure....

 

[Kier]

As @BubbaLovesCheese says, if the request is properly formed, the system works as expected. The problems arise with malformed requests, where avatar is missing from the request, or the wrong encoding is specified.

I've updated the docs to reflect the fact that avatar is required (they'll be automatically rebuilt with the next XF release) and I've changed the necessary methods to throw an error if the file is missing from the request, either by virtue of having the wrong variable name or by being entirely omitted.

{
  "errors": [
    {
      "code": "required_input_missing",
      "message": "Required input missing: avatar",
      "params": {
        "missing": [
          "avatar"
        ]
      }
    }
  ]
}

Response code: 400 (Bad Request); Time: 274ms; Content length: 262 bytes

 

[XF Bug Bot]

Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.4).

Change log:

Throw a required input missing error if the `avatar` file is not included in the request. PHPdoc updated to reflect the requirement in the online API docs.

There may be a delay before changes are rolled out to the XenForo Community.