Content
View differences
Updated by Christophe Bliard 5 days ago
In the appsignal error, the `Calendar::ICalController#show` endpoint is called with a token which refers a `Token::ICal` record which references a user who does no longer exist (the anonymous user with user\_id being 2).
### Steps to reproduce
* Create a user
* Create a calendar in a project with that user
* Subscribe to the calendar (from "ยทยทยท" menu, select "Subscribe to calendar")
* If you don't want to use a real calendar app, use `curl` to check that the ical url works
* for instance `curl -s -I <url> | grep HTTP` to get only the response code
* should see `HTTP/1.1 200 OK`
* Delete the user
* Use the `curl` command again Unclear - AppSignal report
### What is the buggy behavior?
* An exception is triggered: "NoMethodError (undefined method 'time\_zone' for nil)"
* `HTTP/1.1 500 Internal Server Error`
* It happens because the user has been (soft-)deleted, but the token still exists Unclear - AppSignal report
### What is the expected behavior?
* Unclear - AppSignal report
* It should return a 404: as the user does not exist, the ical subscription is not found.
* Additionnally, when a user gets deleted, the associated tokens should be deleted.
* Add code to properly delete tokens when user is deleted
* Add migration to clean dangling tokens
* Add migration to add foreign key constraint from tokens to users
* Actually, the constraint already exists, but the user being soft-deleted, the constraint is respected but the user cannot be found.
<br>
* Bonus question: if user is locked / inactive, should this endpoint return 404 as well?
### **Logs**
[https://appsignal.com/openproject-gmbh/sites/673c529383eb67b55471dda2/exceptions/incidents/1326/samples/last](https://appsignal.com/openproject-gmbh/sites/673c529383eb67b55471dda2/exceptions/incidents/1326/samples/last)
```text
lib/open_project/locale_helper.rb:34 OpenProject::LocaleHelper.with_locale_for
app/models/user.rb:546 User.execute_as
modules/calendar/app/services/calendar/ical_response_service.rb:48 Calendar::ICalResponseService#perform
app/services/base_services/base_callable.rb:42 block in BaseServices::BaseCallable#call
app/services/base_services/base_callable.rb:70 BaseServices::BaseCallable#assign_state
app/services/base_services/base_callable.rb:41 BaseServices::BaseCallable#call
modules/calendar/app/controllers/calendar/ical_controller.rb:36 Calendar::ICalController#show
vendor/plugins/openproject-multitenancy/lib/multitenancy/elevators/mapped_domain_elevator.rb:106 block in Multitenancy::Elevators::MappedDomainElevator#call_tenant
vendor/plugins/openproject-multitenancy/lib/multitenancy/elevators/mapped_domain_elevator.rb:103 Multitenancy::Elevators::MappedDomainElevator#call_tenant
vendor/plugins/openproject-multitenancy/lib/multitenancy/elevators/mapped_domain_elevator.rb:69 Multitenancy::Elevators::MappedDomainElevator#try_tenant
vendor/plugins/openproject-multitenancy/lib/multitenancy/elevators/mapped_domain_elevator.rb:39 Multitenancy::Elevators::MappedDomainElevator#call
```
### Steps to reproduce
* Create a user
* Create a calendar in a project with that user
* Subscribe to the calendar (from "ยทยทยท" menu, select "Subscribe to calendar")
* If you don't want to use a real calendar app, use `curl` to check that the ical url works
* for instance `curl -s -I <url> | grep HTTP` to get only the response code
* should see `HTTP/1.1 200 OK`
* Delete the user
* Use the `curl` command again
### What is the buggy behavior?
* An exception is triggered: "NoMethodError (undefined method 'time\_zone' for nil)"
* `HTTP/1.1 500 Internal Server Error`
* It happens because the user has been (soft-)deleted, but the token still exists
### What is the expected behavior?
* Unclear - AppSignal report
* It should return a 404: as the user does not exist, the ical subscription is not found.
* Additionnally, when a user gets deleted, the associated tokens should be deleted.
* Add code to properly delete tokens when user is deleted
* Add migration to clean dangling tokens
* Add migration to add foreign key constraint from tokens to users
* Actually, the constraint already exists, but the user being soft-deleted, the constraint is respected but the user cannot be found.
<br>
* Bonus question: if user is locked / inactive, should this endpoint return 404 as well?
### **Logs**
[https://appsignal.com/openproject-gmbh/sites/673c529383eb67b55471dda2/exceptions/incidents/1326/samples/last](https://appsignal.com/openproject-gmbh/sites/673c529383eb67b55471dda2/exceptions/incidents/1326/samples/last)
```text
lib/open_project/locale_helper.rb:34 OpenProject::LocaleHelper.with_locale_for
app/models/user.rb:546 User.execute_as
modules/calendar/app/services/calendar/ical_response_service.rb:48 Calendar::ICalResponseService#perform
app/services/base_services/base_callable.rb:42 block in BaseServices::BaseCallable#call
app/services/base_services/base_callable.rb:70 BaseServices::BaseCallable#assign_state
app/services/base_services/base_callable.rb:41 BaseServices::BaseCallable#call
modules/calendar/app/controllers/calendar/ical_controller.rb:36 Calendar::ICalController#show
vendor/plugins/openproject-multitenancy/lib/multitenancy/elevators/mapped_domain_elevator.rb:106 block in Multitenancy::Elevators::MappedDomainElevator#call_tenant
vendor/plugins/openproject-multitenancy/lib/multitenancy/elevators/mapped_domain_elevator.rb:103 Multitenancy::Elevators::MappedDomainElevator#call_tenant
vendor/plugins/openproject-multitenancy/lib/multitenancy/elevators/mapped_domain_elevator.rb:69 Multitenancy::Elevators::MappedDomainElevator#try_tenant
vendor/plugins/openproject-multitenancy/lib/multitenancy/elevators/mapped_domain_elevator.rb:39 Multitenancy::Elevators::MappedDomainElevator#call
```