Fix #8785: Handle null name in Users and Account creation #11018
Conversation
📝 WalkthroughWalkthroughThe changes modify the account and user creation endpoints to accept nullable string values for the Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Pre-merge checks and finishing touches✅ Passed checks (5 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Security Scan Results for PRDocker Image Scan Results
Source Code Scan Results🎉 No vulnerabilities found! |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
app/controllers/api/users.php (1)
299-305: Fix/v1/users/scrypt-modifiedendpoint to accept nullablenameparameter and normalize itThe scrypt-modified endpoint at lines 546-553 still uses
string $namewithout normalization, whereas all other "create user with ___ password" variants have been updated to accept?string $namewith a normalization line. SincecreateUserexpects a non-nullable string, this endpoint remains at risk of type errors if the framework passesnullfor the name parameter (e.g., client sendsname: null).Update the endpoint signature to
?string $nameand add$name = $name ?? '';as the first line in the action to match the pattern applied across all other create-user endpoints.Also applies to: 338-343, 376-381, 415-422, 456-461, 499-510, 546-553
🧹 Nitpick comments (2)
app/controllers/api/account.php (1)
369-382: Null-safe name handling foraccount.createis correct; consider validator semanticsChanging the action signature to
?string $nameand normalizing with$name = $name ?? '';safely handles a nullable name inside the handler and downstream (e.g., inPersonalDataand search fields).If the intended behavior is to accept a JSON
name: nullon the wire (not reject it with a 4xx), you may also want to align the parameter validator with that intent by making the param nullable (for example,param('name', null, new Nullable(new Text(128)), ...)) so the framework doesn’t rejectnullbefore it reaches this action. Please verify howTextcurrently treats an explicitnullhere.app/controllers/api/users.php (1)
249-267:/v1/usersnull-name handling is correct, but clean up comments and consider nullable validatorThe updated signature
?string $nameplus$name = $name ?? '';gives you the right runtime behavior and prevents type errors whennameis null.Two follow-ups:
The inline comments
// 1. Add the '?' before string $nameand// 2. Add this line at the very top of the action functionare PR-instructional and should be removed before merge.If the goal is to accept a JSON
name: nulland treat it like “no name” rather than rejecting it at validation, consider making the param nullable (e.g.,param('name', null, new Nullable(new Text(128)), ...)) so the framework doesn’t blocknullbefore it reaches this action. Please verify how the currentTextvalidator behaves fornull.Proposed cleanup for the action header and normalization
- // 1. Add the '?' before string $name - ->action(function (string $userId, ?string $email, ?string $phone, ?string $password, ?string $name, Response $response, Document $project, Database $dbForProject, Hooks $hooks) { - - // 2. Add this line at the very top of the action function - $name = $name ?? ''; + ->action(function (string $userId, ?string $email, ?string $phone, ?string $password, ?string $name, Response $response, Document $project, Database $dbForProject, Hooks $hooks) { + $name = $name ?? '';
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
app/controllers/api/account.phpapp/controllers/api/users.php
🧰 Additional context used
🧠 Learnings (1)
📓 Common learnings
Learnt from: ItzNotABug
Repo: appwrite/appwrite PR: 9693
File: src/Appwrite/Platform/Modules/Databases/Http/Indexes/Get.php:54-54
Timestamp: 2025-05-05T03:49:58.171Z
Learning: In Appwrite's API handlers, path parameters can use `null` as the default value rather than empty strings, as this pattern is consistent with existing code in the codebase.
1 participant
What does this PR do?
This PR resolves a 500 Server Error occurring when a
nullvalue is explicitly passed for thenameparameter in user creation endpoints. I've updated the action signatures to be nullable and added a null-coalescing fallback to an empty string.Which issue does it fix?
Fixes #8785
Checklist
users.php.?string.$name ?? ''added to prevent downstream errors.