Can create non-existent distroseries

Bug #688043 reported by Michael Nelson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ratings and Reviews server
Fix Released
Low
Danny Tamez

Bug Description

Currently when submitting a new review, if the origin/distroseries (ie. 'ubuntu/lucid') does not already exist in the database, it is simply created without checking with Launchpad. We may eventually want to do the same for architectures too (verifying that the architecture supplied with the review exists in the distroseries).

This is just a bug for an existing XXX which was recently moved to: reviewsapp.forms.ReviewForm._validate_and_populate_repository.

To QA:
I've not yet come up with a reliable way to QA this, but with mvo's help, created:
https://pastebin.canonical.com/42986/
which *should* enable us to verify what happens when submitting a review for Ubuntu 'lucky', but at this point, I either get an API 401 (authentication), or can't login with my staging credentials (which I've checked via the website). Maybe achuni or Danny will fare better. Update: achuni pointed out that the reason for the authentication failure using staging is because the oauth api for staging SSO is currently in a broken state. When: https://login.staging.ubuntu.com/+applications is not erroring, we should be able to QA this on staging.

Related branches

Revision history for this message
Michael Nelson (michael.nelson) wrote :

Related to this, when a software_item is validated (by the ReviewForm), it currently only checks the validity of the package in the specified distroseries if a matching software item does not already exist. It should instead be verifying if a software item with reviews for the given distroseries doesn't already exist.

So currently:
1) Create a valid review for a package in Ubuntu Lucid,
2) Create a second review for the same package, but in Debian DoesntExist

ER: (2) should fail validation
AR: (2) succeeds, creating the new repository in rnr.

tags: added: kb-task
Danny Tamez (zematynnad)
Changed in rnr-server:
status: Confirmed → In Progress
assignee: nobody → Danny Tamez (zematynnad)
Danny Tamez (zematynnad)
Changed in rnr-server:
status: In Progress → Fix Committed
Revision history for this message
Dave Morley (davmor2) wrote :

Created Ostentatious/Ubuntu so I can now add o :)

description: updated
description: updated
Revision history for this message
Dave Morley (davmor2) wrote :

After a long discussion with noodles and achuni, I have decided that if it is this hard to create an api call to test this that an average user is not going to suffer from inside Software-center. Besides which if someone is able to trigger a situation where this is possible then the code should be in place to filter out application anyway.

tags: added: qa-untestable
Changed in rnr-server:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.