I created a few custom REST resources that are working as intended with Simple OAuth working as required.

Now I'm trying to create a REST resource where I update a few of the user's fields and I'm getting the following error:

"message": "A fatal error occurred: 'user_id' not found"

when I POST to my custom resource endpoint. This does not happen for other resources and/or HTTP verbs. In my code I'm simply doing the following:

$user = \Drupal\user\Entity\User::load($user_id);
$user->field_myfield[] = $node->id();
$user->save();

to store a Entity reference i the User entity custom field I created. $user_id is coming from $this->currentUser->id() above in my code.

The $user is loaded correctly and when I hit save(), the API returns the above error message with the watchdog reporting the following two statements:

Drupal\Core\Entity\Query\QueryException: 'user_id' not found in Drupal\Core\Entity\Query\Sql\Tables->ensureEntityTable() (line 316 of /vagrant/www/core/lib/Drupal/Core/Entity/Query/Sql/Tables.php).

and

Drupal\Core\Entity\EntityStorageException: 'user_id' not found in Drupal\Core\Entity\Sql\SqlContentEntityStorage->save() (line 777 of /vagrant/www/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php).

Curiously, if the Simple OAuth module is installed and activated, the same error message pops up in the watchdog when submitting Drupal's own User Profile form, which does not happen if I uninstall the Simple OAuth module.

I tried drush entup but nothing changed.

Can someone please help?

CommentFileSizeAuthor
#25 2883862--user_id-not-found-and-security-update--25.patch16.43 KBe0ipso
#25 2883862--interdiff--23-25.txt371 bytese0ipso
#23 2883862--user_id-not-found-and-security-update--23.patch16.44 KBe0ipso
#23 2883862--interdiff--22-23.txt2.42 KBe0ipso
#22 2883862--user_id-not-found-and-security-update--22.patch14.45 KBe0ipso
#22 2883862--interdiff--20-22.txt3.29 KBe0ipso
#20 2883862--user_id-not-found-and-security-update--20.patch12.23 KBe0ipso
#20 2883862--interdiff--17-20.txt3.74 KBe0ipso
#17 2883862--user_id-not-found-and-sec-update.patch10.45 KBe0ipso
#11 2883862-11.patch1.67 KBWim Leers
#6 user_id_field_name.patch550 bytesjoum
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

joum created an issue. See original summary.

joum’s picture

joum
he/him
Location Porto
CreditAttribution: joum commented

Just a note to help you reproduce the error (I did so in simplytest.me):

- install simple_oauth and configure it as usual
- add a custom field to the User profile entity
- try to change the value of that custom field with Drupal's User Profile form
- get the "Unexpected error" message
- check the watchdog logs to verify the error message regarding user_id:

Drupal\Core\Entity\EntityStorageException: 'user_id' not found in Drupal\Core\Entity\Sql\SqlContentEntityStorage->save() (line 777 of /home/dc61s/www/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php).

joum’s picture

joum
he/him
Location Porto
CreditAttribution: joum commented
Issue summary: View changes
joum’s picture

joum
he/him
Location Porto
CreditAttribution: joum commented
Category: Support request » Bug report
joum’s picture

joum
he/him
Location Porto
CreditAttribution: joum commented

I've been trying to track down what is going on and I found out that when I try to change a User entity's fields and save my changes, the oauth tokens generated for that user must be expired - I think that means deleted from the DB.

My issue above did not happen when I changed the field name in ExpiredCollector.php, line 78 from 'user_id' to 'owner_id' which is the field name in the table.

But I have one question: what happens when you "expire" a token being used? Should a token being used expire mid-session?

Is there anyway we could only expire the token if "critical" fields are changed (ie, username, password, etc)?

joum’s picture

joum
he/him
Location Porto
CreditAttribution: joum commented
FileSize
user_id_field_name.patch550 bytes

Anyway, if someone is just worried about refreshing tokens to make the backend usable when changing the User entity, here's a simple patch.

joum’s picture

joum
he/him
Location Porto
CreditAttribution: joum commented
Priority: Normal » Major
Status: Active » Needs review

Status: Needs review » Needs work

The last submitted patch, 6: user_id_field_name.patch, failed testing. View results

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented

The best way to deal with this would be to only clear the tokens for a user if any of the following fields are changed:

  • username
  • password
  • roles

However, detecting changes is still in core's roadmap (see ContentEntityBase) to see the todos there. If we can find a good workaround for this, we can move this forward.

joum’s picture

joum
he/him
Location Porto
CreditAttribution: joum commented

Yes, I agree. Due to time constraints, I ended up clearing the fields I had attached to the User entity and created a different content type with entity reference to users so that I could change them without bumping into this issue.

Even so, my patch probably shouldn't be used lightly because it isn't actually doing what should be done, it just prevents the error, leaving God-knows-what poorly handled behind.

Is there any regression/change that could be made to the ExpiredCollector.php file that could prevent the error while core hasn't caught up?

If our issue is with token cleanup, maybe we should try to handle it ourselves before reaching this point, by checking if the critical fields mentioned are being changed or not. Maybe hook_user_update() could be used to validate this?

Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers at Acquia commented
Priority: Major » Critical
Status: Needs work » Needs review
FileSize
2883862-11.patch1.67 KB

This bug was introduced in http://cgit.drupalcode.org/simple_oauth/commit/?id=7358d41. Specifically, this code:

+    // Also collect the tokens of the clients that have this account as the
+    // default user.
+    $clients = array_values($this->clientStorage->loadByProperties([
+      'user_id' => $account->id(),
+    ]));

The full error:

Drupal\Core\Entity\EntityStorageException: 'user_id' not found in Drupal\Core\Entity\Sql\SqlContentEntityStorage->save() (line 805 of core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php).

This assumes that the user_id base field always exists on oauth2_client entities. But that's not true: it is added by simple_oauth_extras_entity_base_field_info().

Therefore this problem occurs for every site that uses simple_oauth without also using simple_oauth_extras.

Status: Needs review » Needs work

The last submitted patch, 11: 2883862-11.patch, failed testing. View results

hubobbb’s picture

hubobbb CreditAttribution: hubobbb as a volunteer commented

I have the same problem and enable the simple_oauth_extras as #11 Wim Leers said.
thanks.

Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers at Acquia commented

Note that the failures in #11 are all due to tests needing to be updated. They need extra mocking a.o.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented

@Wim Leers thanks for the patch! And sorry it took so long to respond (I could swear I already did!).

I like the direction of the patch. I don't have any significant comments. Once the tests are fixed, we can get this in.

wiifm’s picture

wiifm
Primary language English
Location Wellington, NZ
CreditAttribution: wiifm as a volunteer and at Acquia commented

Can confirm that our Drupal 8 site is also experiencing this issue, which is preventing users from being saved. So about as critical functionality as you can imagine.

access.log:1823:167.83.210.27 - - [02/Aug/2017:09:46:51 +0000] "POST /user/122961/edit?destination=/admin/people HTTP/1.1" 500 68 "http://professionalde.sitename.acsitefactory.com/user/122961/edit?destination=/admin/people" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" vhost=sitename.enterprise-g1.acquia-sites.com host=professionalde.sitename.acsitefactory.com hosting_site=sitename pid=29585 request_time=307557 forwarded_for="..." request_id="v-8248ade2-7767-11e7-88be-025a5dc64075"
drupal-requests.log:1157:[02/Aug/2017:09:46:51 +0000] professionalde.sitename.acsitefactory.com POST /user/122961/edit?destination=/admin/people http_code=500 query=destination=/admin/people uid=122961 php_pid=5492 php_time=0.307 queue_wait=0 request_id="v-8248ade2-7767-11e7-88be-025a5dc64075"
drupal-watchdog.log:6746:Aug  2 09:46:51 web-1030 sitename: http://professionalde.sitename.acsitefactory.com|1501667211|user|167.83.210.27|http://professionalde.sitename.acsitefactory.com/user/122961/edit?destination=%2Fadmin%2Fpeople|http://professionalde.sitename.acsitefactory.com/user/122961/edit?destination=/admin/people|122961||Drupal\Core\Entity\Query\QueryException: 'user_id' not found in Drupal\Core\Entity\Query\Sql\Tables->ensureEntityTable() (line 316 of /mnt/www/html/sitename/docroot/core/lib/Drupal/Core/Entity/Query/Sql/Tables.php). request_id="v-8248ade2-7767-11e7-88be-025a5dc64075"
drupal-watchdog.log:6747:Aug  2 09:46:51 web-1030 sitename: http://professionalde.sitename.acsitefactory.com|1501667211|php|167.83.210.27|http://professionalde.sitename.acsitefactory.com/user/122961/edit?destination=%2Fadmin%2Fpeople|http://professionalde.sitename.acsitefactory.com/user/122961/edit?destination=/admin/people|122961||Drupal\Core\Entity\EntityStorageException: 'user_id' not found in Drupal\Core\Entity\Sql\SqlContentEntityStorage->save() (line 777 of /mnt/www/html/sitename/docroot/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php). request_id="v-8248ade2-7767-11e7-88be-025a5dc64075"
php-errors.log:51:[02-Aug-2017 19:46:51 Australia/Sydney] Uncaught PHP Exception Drupal\Core\Entity\EntityStorageException: "'user_id' not found" at /mnt/www/html/sitename/docroot/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php line 777 request_id="v-8248ade2-7767-11e7-88be-025a5dc64075"

Keen to see some movement on this issue, for now we will likely just patch the module.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented
Status: Needs work » Needs review
FileSize
2883862--user_id-not-found-and-sec-update.patch10.45 KB

This will add a try catch for the error. This also comes with a library update.

Merging if green.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented

I'll merge. Something broke the tests in 8.4. We'll need some more investigation and a separate issue for that.

Status: Needs review » Needs work

The last submitted patch, 17: 2883862--user_id-not-found-and-sec-update.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented
FileSize
2883862--interdiff--17-20.txt3.74 KB
2883862--user_id-not-found-and-security-update--20.patch12.23 KB

Fixes some CS issues, but it does not address the permission issue.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented
Status: Needs work » Needs review
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented
FileSize
2883862--interdiff--20-22.txt3.29 KB
2883862--user_id-not-found-and-security-update--22.patch14.45 KB
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented
FileSize
2883862--interdiff--22-23.txt2.42 KB
2883862--user_id-not-found-and-security-update--23.patch16.44 KB

Status: Needs review » Needs work

The last submitted patch, 23: 2883862--user_id-not-found-and-security-update--23.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented
FileSize
2883862--interdiff--23-25.txt371 bytes
2883862--user_id-not-found-and-security-update--25.patch16.43 KB
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented
Status: Needs work » Needs review

Status: Needs review » Needs work

The last submitted patch, 25: 2883862--user_id-not-found-and-security-update--25.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

  • e0ipso committed 34f0071 on 8.x-2.x 
    fix(collector): Fix user_id not found (#2883862 by e0ipso, joum, Wim...
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
CreditAttribution: e0ipso as a volunteer and at Lullabot commented
Status: Needs work » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.