[stable9.1] Skip null groups in group manager #26871
Conversation
|
@PVince81, thanks for your PR! By analyzing the history of the files in this pull request, we identified @DeepDiver1975, @bartv2 and @macjohnny to be potential reviewers. |
|
Steps to reproduce: Problem can be reproduced with memcache/redis by manually causing a cache inconsistency by meddling with the keys:
Note: the cache key can also exist if the group does not exist, its contents will be the value "false" in JSON format. Before the fix: After the fix, the warning from this PR is logged: |
|
So I'd say this PR is mostly about hardening against such inconsistencies until we figure out why they are happening in the first place. Here's a starting point for LDAP's crappy caching: owncloud/user_ldap#30 Please review @DeepDiver1975 @jvillafanez @PhilippSchaffrath @felixboehm @butonic |
lib/private/Group/Manager.php
Outdated
| if (!is_null($aGroup)) { | ||
| $groups[$groupId] = $aGroup; | ||
| } else { | ||
| \OC::$server->getLogger()->debug('Warning: user "' . $uid . '" belongs to deleted group: "' . $groupId . '"', array('app' => 'core')); |
There was a problem hiding this comment.
Would not be better instead debug a higher log level? I would suggest 2
There was a problem hiding this comment.
debug log level makes sense, with this code it is a designed functionality to handle users in deleted groups.
There was a problem hiding this comment.
The change makes oc gracefully handle null groups. So no warning necessary IMO. But starting the debug log line with 'Warning' is weird. Either the admin should do something to fix this or he shouldn't. If he should we need to tell him whit to do to make the warning go away.
There was a problem hiding this comment.
This situation should never happen. The purpose of the warning is to make it possible to find out about such scenarios where the LDAP server (or our LDAP impl) returns inconsistent results.
I'm fine removing the "Warning: " piece of the string.
|
Please add test for deleted groups. |
@SergioBertolinSG Please help here |
|
The automated test will need to interact directly with memcache to be able to delete the key in question there... good luck |
|
Also skip groups in "search" function that is used by the users page and others: 400baf3 Additionally I searched for usages of "groupManager->get(" and found that some parts of the sharing code doesn't properly check for group existence, so I hardened that as well in 8e7e5a9
|
|
Just had a quick test with local DB users and shares: when deleting a group in the users admin page, it automatically deletes all matching shares. But I think in the case of LDAP the group deletion detection happens with a delay, so it makes sense to harden the sharing code to avoid issues when bumping into shares pointing to deleted groups. |
|
Apparently for LDAP without caching, deleting the group in LDAP has a direct effect in OC and any affected shares disappear in the file listing. However they keep the oc_share entries. This makes the hardening above even more important. |
|
Ewww, with redis memcaching enabled (and on this branch) if I delete a group in LDAP, it is still cached. That's ok. The shared mount still appears but the OCS Share API doesn't return the share anymore. So possibly it's reading from a different cache ?! |
|
I debugged into it and the OCS Share API uses The only thing we can do here is to be prepared to receive inconsistent results. This is what this PR is about. Ok, then let's continue with the unit tests... |
@SergioBertolinSG do we have integration tests for shares related to deleted groups with the database backend ? (LDAP cases will have to be done in the LDAP app as stated above) |
|
@jvillafanez @butonic @PhilippSchaffrath I need a new review, more code was added. |
No, I don't think so. We have one about orphaned shares, this case is be something similar? |
|
|
||
| // such issue can usually happen when dealing with | ||
| // null groups which usually appear with group backend | ||
| // caching inconsistencies |
There was a problem hiding this comment.
I'd rather log something. It will be easier to debug possible errors or to know what is being ignored.
| $share->method('getSharedWith')->willReturn('group2'); | ||
| $this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share])); | ||
|
|
||
| $this->groupManager->method('get')->with('group2')->willReturn($group); |
There was a problem hiding this comment.
I think some adjustments are needed here.
There was a problem hiding this comment.
indeed, forgot to use "groupnull"
tests/lib/Share20/ManagerTest.php
Outdated
| ->with($path) | ||
| ->willReturn([$share2]); | ||
|
|
||
| $this->invokePrivate($this->manager, 'userCreateChecks', [$share]); |
There was a problem hiding this comment.
no assertions in this test?
There was a problem hiding this comment.
No assertion possible here. This is similar to other tests.
Basically we run the method and no exception is thrown.
There was a problem hiding this comment.
Checking sebastianbergmann/phpunit-documentation#171 (comment)
A $this->assertNull($this->invokePrivate(....)) might be enough in this case. It's a kind of dummy check that fills the requirements.
@SergioBertolinSG similar, but not the same. This is about shares that point to deleted groups. Apparently only reproducible with LDAP + caching so far. Would still be good to have tests that confirm that after deleting a group, the matching shares do not appear neither in the PROPFIND nor in the "shared with you" section (OCS Share API query). |
|
@jvillafanez adjusted here c1eea58 |
In some cases, data is inconsistent in the oc_share table due to legacy data. The mount provider might attempt to make it consistent but if the target group does not exist any more it cannot work. In such case we simply ignore the exception as it is not critical. Keeping the exception would break user accounts as they would be unable to use their filesystem.
PVince81
force-pushed
the
stable9.1-skipnullgroups
branch
from
c1eea58 to
56ca62a
Compare
|
@jvillafanez added |
|
👍 |
* Skip null groups in group manager * Also skip null groups in group manager's search function * Add more group null checks in sharing code * Add unit tests for null group safety in group manager * Add unit tests for sharing code null group checks * Added tests for null groups handling in sharing code * Ignore moveShare optional repair in mount provider In some cases, data is inconsistent in the oc_share table due to legacy data. The mount provider might attempt to make it consistent but if the target group does not exist any more it cannot work. In such case we simply ignore the exception as it is not critical. Keeping the exception would break user accounts as they would be unable to use their filesystem. * Adjust null group handing + tests
|
Forward port to master: #26956 |
* Skip null groups in group manager (#26871) * Skip null groups in group manager * Also skip null groups in group manager's search function * Add more group null checks in sharing code * Add unit tests for null group safety in group manager * Add unit tests for sharing code null group checks * Added tests for null groups handling in sharing code * Ignore moveShare optional repair in mount provider In some cases, data is inconsistent in the oc_share table due to legacy data. The mount provider might attempt to make it consistent but if the target group does not exist any more it cannot work. In such case we simply ignore the exception as it is not critical. Keeping the exception would break user accounts as they would be unable to use their filesystem. * Adjust null group handing + tests * Fix new group manager tests
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Description
Skip null groups in group manager, because data inconsistency could cause some backends (LDAP?) to return null groups.
Related Issue
Motivation and Context
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist:
@felixboehm @jvillafanez @butonic