Uploaded image for project: 'Nuxeo Studio'
  1. Nuxeo Studio
  2. NXS-6879

Enforce version deletion on the marketplace

    XMLWordPrintable

    Details

      Description

      Description

      One can make such a call to delete a version of a given package:

      GET https://connect.nuxeo.com/nuxeo/site/marketplace/package/<PACKAGE>/delete?version=<VERSION>

      And it will effectively make the deletion.

      But, replaying the same call will not only work, it will actually delete the last version from the package. Going even further, setting anything in version will delete the last version.

      Here are some logs:

      # The version exists, removal is done
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): connect.nuxeo.com:443
DEBUG:urllib3.connectionpool:https://connect.nuxeo.com:443 "GET /nuxeo/site/marketplace/package/hylander-package/delete?version=1.0.0-b11-SNPSHOT HTTP/1.1" 303 0
DEBUG:urllib3.connectionpool:https://connect.nuxeo.com:443 "GET /nuxeo/site/marketplace/package/hylander-package HTTP/1.1" 200 None

# The version no more exists, removal of the last version is done
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): connect.nuxeo.com:443
DEBUG:urllib3.connectionpool:https://connect.nuxeo.com:443 "GET /nuxeo/site/marketplace/package/hylander-package/delete?version=1.0.0-b11-SNPSHOT HTTP/1.1" 303 0
DEBUG:urllib3.connectionpool:https://connect.nuxeo.com:443 "GET /nuxeo/site/marketplace/package/hylander-package HTTP/1.1" 200 None

# The version is a completely wrong, removal of the last version is done
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): connect.nuxeo.com:443
DEBUG:urllib3.connectionpool:https://connect.nuxeo.com:443 "GET /nuxeo/site/marketplace/package/hylander-package/delete?version=1.0.0dqsdqsd-b11-SNAqsdqsPSHOT HTTP/1.1" 303 0
DEBUG:urllib3.connectionpool:https://connect.nuxeo.com:443 "GET /nuxeo/site/marketplace/package/hylander-package HTTP/1.1" 200 None

      Expected Behavior

      • When a version is given in the parameters, and it doesn't exist, then ignore the request, or throw a 404 HTTP error.

      Side Notes

      I don't have all the cards so my notes can be completely wrong

      • I am wondering why we do a GET for such a call? FWIW I was more expecting something like: 
        DELETE https://connect.nuxeo.com/nuxeo/site/marketplace/package/<PACKAGE>/<VERSION>
      • Going even further, returning a HTTP 303 status code seems weird, a 200/204 would be more logic.

        Attachments

          Activity

            People

            • Assignee:
              mschoentgen Mickaël Schoentgen
              Reporter:
              mschoentgen Mickaël Schoentgen
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: