Fixed API POST users/{id}/avatar endpoint returns success on error

Affected version
2.2.3 Patch 1

Kier

XenForo developer
Staff member
I'm struggling to reproduce this with a properly constructed API request...

This request works successfully, and returns a success message:
HTTP:
POST http://localhost/xf22/api/users/7/avatar
Content-Type: multipart/form-data; boundary=WebAppBoundary
Accept: application/json
XF-Api-Key: {{XF-Api-Key}}
XF-Api-User: {{XF-Api-User}}

--WebAppBoundary
Content-Disposition: form-data; name="avatar"; filename="5m.jpg"

< ./img/5m.jpg
--WebAppBoundary--

// success message
JSON:
{
  "success": true
}

Response code: 200 (OK); Time: 944ms; Content length: 23 bytes

However, if I trigger a failure in one of the only ways that is possible with avatars, namely the file being larger than post_max_size or upload_max_filesize in php.ini, or by the number of pixels in the image exceeding $config[‘maxImageResizePixelCount’], then I get proper failure messages like this:

// exceeds php.ini upload_max_filesize
JSON:
{
  "errors": [
    {
      "code": "uploaded_file_is_too_large_for_server_to_process",
      "message": "The uploaded file is too large for the server to process.",
      "params": []
    }
  ]
}

Response code: 400 (Bad Request); Time: 393ms; Content length: 226 bytes

// exceeds XF $config['maxImageResizePixelCount']
JSON:
{
  "errors": [
    {
      "code": "uploaded_image_is_too_big",
      "message": "The uploaded image is too big.",
      "params": []
    }
  ]
}

Response code: 400 (Bad Request); Time: 432ms; Content length: 176 bytes
So, can anyone demonstrate a properly formed request that returns a success message with failure?
 

BubbaLovesCheese

Active member
I think the issue is that an improperly formed request returns a success message when there is a failure. When I assume, it should return a failure....
 

Kier

XenForo developer
Staff member
As @BubbaLovesCheese says, if the request is properly formed, the system works as expected. The problems arise with malformed requests, where avatar is missing from the request, or the wrong encoding is specified.

I've updated the docs to reflect the fact that avatar is required (they'll be automatically rebuilt with the next XF release) and I've changed the necessary methods to throw an error if the file is missing from the request, either by virtue of having the wrong variable name or by being entirely omitted.

JSON:
{
  "errors": [
    {
      "code": "required_input_missing",
      "message": "Required input missing: avatar",
      "params": {
        "missing": [
          "avatar"
        ]
      }
    }
  ]
}

Response code: 400 (Bad Request); Time: 274ms; Content length: 262 bytes
 

XF Bug Bot

XenForo bug fixer bot
Staff member
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.4).

Change log:
Throw a required input missing error if the `avatar` file is not included in the request. PHPdoc updated to reflect the requirement in the online API docs.
There may be a delay before changes are rolled out to the XenForo Community.
 
Top