fix: handle non-numeric organisation query parameter gracefully - Issue #7426#7443
Open
lukman48 wants to merge 3 commits intoFlagsmith:mainfrom
Open
fix: handle non-numeric organisation query parameter gracefully - Issue #7426#7443lukman48 wants to merge 3 commits intoFlagsmith:mainfrom
lukman48 wants to merge 3 commits intoFlagsmith:mainfrom
Conversation
…Flagsmith#7426) The API was crashing with ValueError when the 'organisation' query parameter on /api/v1/projects/ was provided with a non-numeric value. This happened because Django was trying to convert the parameter directly to an integer for the database filter without validation. The fix validates that the organisation_id parameter is numeric before using it for filtering. If it's not numeric, the endpoint returns an empty queryset (no projects match the invalid filter criteria) instead of crashing. This returns a proper 200 response with an empty array instead of a 500 error, allowing client applications to handle the response gracefully. Fixes Flagsmith#7426
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
|
@lukman48 is attempting to deploy a commit to the Flagsmith Team on Vercel. A member of the Team first needs to authorize it. |
Add test cases to verify that: 1. Non-numeric organisation parameters return 200 with empty list (not 500) 2. Invalid organisation parameters are handled gracefully even when projects exist 3. API responds correctly with proper HTTP status code These tests ensure the fix for issue Flagsmith#7426 works correctly.
for more information, see https://pre-commit.ci
Author
|
@claude review |
Contributor
|
@lukman48 Thanks for this contribution! Can you please explain your decision to go for a 200, instead of the issue's acceptance criterion's 4xx? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes Issue #7426: API crash on /api/v1/projects/ with non-numeric organisation query parameter
Problem
The API endpoint
/api/v1/projects/crashes with aValueErrorwhen theorganisationquery parameter is provided with a non-numeric value.Error Details
Root Cause
The
ProjectViewSet.get_queryset()method directly uses theorganisationquery parameter for database filtering without validating that it's a valid integer. Django's ORM attempts to convert it to an integer for the field lookup, which fails with a traceback instead of returning a proper 4xx response.Solution
Added input validation to check that the
organisation_idparameter is numeric before using it for filtering:organisation_idto intImplementation
Behavior Changes
/api/v1/projects/?organisation=invalid→ 500 Internal Server Error/api/v1/projects/?organisation=invalid→ 200 OK with empty array[]Testing Checklist