Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix wrong xorm Delete usage #27995

Merged
merged 3 commits into from
Nov 12, 2023
Merged

Fix wrong xorm Delete usage #27995

merged 3 commits into from
Nov 12, 2023

Conversation

lng2020
Copy link
Member

@lng2020 lng2020 commented Nov 11, 2023
edited
Loading

Bug in Gitea

I ran into this bug when I accidentally used the wrong redirect URL for the oauth2 provider when using mssql. But the oauth2 provider still got added.
Most of the time, we use Delete(&some{id: some.id}) or In(condition).Delete(&some{}), which specify the conditions. But the function uses Delete(source) when source.Cfg is a TEXT field and not empty. This will cause xorm Delete function not working in mssql.

gitea/models/auth/source.go

Lines 234 to 240 in 61ff91f

err = registerableSource.RegisterSource()
if err != nil {
// remove the AuthSource in case of errors while registering configuration
if _, err := db.GetEngine(ctx).Delete(source); err != nil {
log.Error("CreateSource: Error while wrapOpenIDConnectInitializeError: %v", err)
}
}

Reason

Because the TEXT field can not be compared in mssql, xorm doesn't support it according to this PR
related code in xorm

if statement.dialect.URI().DBType == schemas.MSSQL && (col.SQLType.Name == schemas.Text ||
   col.SQLType.IsBlob() || col.SQLType.Name == schemas.TimeStampz) {
   if utils.IsValueZero(fieldValue) {
     continue
   }
   return nil, fmt.Errorf("column %s is a TEXT type with data %#v which cannot be as compare condition", col.Name, fieldValue.Interface())
   }
}

When using the Delete function in xorm, the non-empty fields will auto-set as conditions(perhaps some special fields are not?). If TEXT field is not empty, xorm will return an error. I only found this usage after searching, but maybe there is something I missing.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 11, 2023
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Nov 11, 2023
@lng2020 lng2020 added backport/v1.20 This PR should be backported to Gitea 1.20 backport/v1.21 This PR should be backported to Gitea 1.21 labels Nov 11, 2023
lng2020
lng2020 commented Nov 11, 2023
View reviewed changes
Copy link
Member Author

@lng2020 lng2020 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: I didn't use db.WithTX there because registerableSource.RegisterSource() didn't have a context and it will use third-party function. Should the context be added?

@lng2020 lng2020 changed the title Fix wrong xorm Delete usage Fix wrong xorm Delete usage Nov 11, 2023
@lng2020
Copy link
Member Author

lng2020 commented Nov 11, 2023

CI failure is not related. Looks like the docker hub somehow not responding.

delvh
delvh approved these changes Nov 11, 2023
View reviewed changes
models/auth/source.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 11, 2023
@lunny @delvh
Update models/auth/source.go
2a36ebe 
Co-authored-by: delvh <dev.lh@web.de>
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 12, 2023
@lunny lunny added this to the 1.22.0 milestone Nov 12, 2023
@lunny lunny added type/bug reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Nov 12, 2023
@lunny lunny enabled auto-merge (squash) November 12, 2023 05:20
@lunny lunny merged commit d95102d into go-gitea:main Nov 12, 2023
25 checks passed
@GiteaBot
Copy link
Contributor

I was unable to create a backport for 1.20. @lng2020, please send one manually. 🍵

go run ./contrib/backport 27995
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added backport/manual No power to the bots! Create your backport yourself! and removed reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Nov 12, 2023
@GiteaBot
Copy link
Contributor

I was unable to create a backport for 1.21. @lng2020, please send one manually. 🍵

go run ./contrib/backport 27995
...  // fix git conflicts if any
go run ./contrib/backport --continue

This was referenced Nov 12, 2023
Merged
Merged
lafriks pushed a commit that referenced this pull request Nov 12, 2023
@lng2020
Fix wrong xorm Delete usage(backport for 1.20) (#28003)
c077a08 
manually backport for #27995
The conflict is `ctx` and `db.Defaultctx`.
lafriks pushed a commit that referenced this pull request Nov 12, 2023
@lng2020
Fix wrong xorm Delete usage(backport for 1.21) (#28002)
97f4239 
manually backport for #27995
The conflict is `ctx` and `db.Defaultctx`.
@lng2020 lng2020 deleted the fix_delete_usage branch November 12, 2023 12:59
@lng2020 lng2020 added backport/done All backports for this PR have been created and removed backport/manual No power to the bots! Create your backport yourself! labels Nov 12, 2023
zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 13, 2023
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
8c55452 
* giteaofficial/main:
  [skip ci] Updated licenses and gitignores
  Fix wrong xorm Delete usage (go-gitea#27995)
  Move some JS code from `fomantic.js` to standalone files (go-gitea#27994)
  Fix the wrong oauth2 name (go-gitea#27993)
  Render email addresses as such if followed by punctuation (go-gitea#27987)
  Show error toast when file size exceeds the limits (go-gitea#27985)
fuxiaohei pushed a commit to fuxiaohei/gitea that referenced this pull request Jan 17, 2024
@lng2020 @delvh @fuxiaohei
Fix wrong xorm Delete usage (go-gitea#27995)
202fe1f 
## Bug in Gitea
I ran into this bug when I accidentally used the wrong redirect URL for
the oauth2 provider when using mssql. But the oauth2 provider still got
added.
Most of the time, we use `Delete(&some{id: some.id})` or
`In(condition).Delete(&some{})`, which specify the conditions. But the
function uses `Delete(source)` when `source.Cfg` is a `TEXT` field and
not empty. This will cause xorm `Delete` function not working in mssql.

https://github.com/go-gitea/gitea/blob/61ff91f9603806df2505907614b9006bf721b9c8/models/auth/source.go#L234-L240

## Reason
Because the `TEXT` field can not be compared in mssql, xorm doesn't
support it according to [this
PR](https://gitea.com/xorm/xorm/pulls/2062)
[related
code](https://gitea.com/xorm/xorm/src/commit/b23798dc987af776bec867f4537ca129fd66328e/internal/statements/statement.go#L552-L558)
in xorm
```go
if statement.dialect.URI().DBType == schemas.MSSQL && (col.SQLType.Name == schemas.Text ||
   col.SQLType.IsBlob() || col.SQLType.Name == schemas.TimeStampz) {
   if utils.IsValueZero(fieldValue) {
     continue
   }
   return nil, fmt.Errorf("column %s is a TEXT type with data %#v which cannot be as compare condition", col.Name, fieldValue.Interface())
   }
}
```
When using the `Delete` function in xorm, the non-empty fields will
auto-set as conditions(perhaps some special fields are not?). If `TEXT`
field is not empty, xorm will return an error. I only found this usage
after searching, but maybe there is something I missing.

---------

Co-authored-by: delvh <dev.lh@web.de>
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Feb 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created backport/v1.20 This PR should be backported to Gitea 1.20 backport/v1.21 This PR should be backported to Gitea 1.21 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/bug
Projects
None yet
Milestone
1.22.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@lng2020 @GiteaBot @lunny @delvh