"Invalid input syntax" when reading current_setting('request.jwt.claim.user_id')
#1775
-
Environment
Description of issuePostgREST sometimes parses CREATE TABLE users (
id serial NOT NULL PRIMARY KEY,
created timestamp WITH time zone NOT NULL DEFAULT now(),
user_minilock_id text NOT NULL CHECK (40 <= LENGTH(user_minilock_id) AND LENGTH(user_minilock_id) <= 55),
user_auth_minilock_id text NOT NULL CHECK (40 <= LENGTH(user_auth_minilock_id) AND LENGTH(user_auth_minilock_id) <= 55),
csrf_token text NOT NULL,
is_invitee boolean NOT NULL DEFAULT false;
);
ALTER TABLE users ENABLE ROW LEVEL SECURITY;
CREATE TABLE csrf_tokens (
token text NOT NULL PRIMARY KEY CHECK (LENGTH(token) = 36),
created timestamp WITH time zone NOT NULL DEFAULT now()
);
CREATE ROLE can_insert_users_if_csrf_header;
CREATE ROLE can_select_users_if_self_or_csrf_header;
CREATE POLICY insert_users
ON users
FOR INSERT
TO can_insert_users_if_csrf_header
WITH CHECK (
current_setting('request.header.X-Csrf-Token', true) = ANY(SELECT token FROM csrf_tokens)
);
CREATE POLICY select_users
ON users
FOR SELECT
TO can_select_users_if_self_or_csrf_header
USING (
users.id = (current_setting('request.jwt.claim.user_id', true) || 'RACE_CONDITION')::integer
OR
users.csrf_token = current_setting('request.header.X-Csrf-Token', true)
);
Then run this once in
And run this many times till you get the error curl -i -X POST -H 'Content-Type: application/json; charset=utf-8' -H 'Prefer: return=representation' -H 'X-Csrf-Token: 7bca85c4-2510-4c29-7789-29c89f8b8fcc' -d '{"csrf_token": "7bca85c4-2510-4c29-7789-29c89f8b8fcc", "is_invitee": true, "user_auth_minilock_id": "3NTxSJmFBYY94aNeiLyepKQvw2N2Xbp8reNY6mEXKhigz", "user_minilock_id": "sR8avZPD2zKj5TqxSjHFYk4vUaLp8TbcuvYHDd3p1AQvs"}' localhost:3000/users Again, the fundamental problem is that |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
(In my real DB I make various things |
Beta Was this translation helpful? Give feedback.
-
@elimisteve This is a pg limitation. To reproduce, check: #1642 (comment) You need to use |
Beta Was this translation helpful? Give feedback.
-
@steve-chavez Whew, thanks! |
Beta Was this translation helpful? Give feedback.
@elimisteve This is a pg limitation. To reproduce, check: #1642 (comment)
You need to use
nullif
to address it, like mentioned here: #1642 (comment)