500 when creating user via API

We’re getting a 500 internal server error when trying to create a user via the API, here’s what I get from production.log:

Started POST "/users" for 127.0.0.1 at 2018-03-06 13:28:04 +0000
Processing by UsersController#create as */*
  Parameters: {"email"=>"removed", "api_key"=>"[FILTERED]", "api_username"=>"removed", "username"=>"removed", "name"=>"removed", "password"=>"[FILTERED]"}
  Rendering text template
  Rendered text template (0.0ms)
Completed 500 Internal Server Error in 42ms (Views: 1.7ms | ActiveRecord: 9.6ms)

I’m just using curl on the machine itself, so via:

curl -k -v -X POST -F 'email=removed' -F 'api_key=removed' -F 'api_username=removed' -F 'username=removed' -F 'name=removed' -F 'password=removed' https://foo.bar/users

Worth noting that getting the list of users via the API works just fine. Same api_key and api_username.

New user registration is enabled, and invite only is enabled.

We’re using the LDAP plugin, but I can’t see what that’d have to do with the API.

Our version’s at v2.0.0.beta3 +292, which might also be a problem, since this stopped working after an upgrade.

Doing a rebuild app doesn’t fix the issue.

If needed, I can provide the verbose curl out as well, but the only important bit there is:

< HTTP/1.1 100 Continue
< HTTP/1.1 500 Internal Server Error
< Server: nginx
< Date: Tue, 06 Mar 2018 13:52:25 GMT
< Content-Type: text/plain; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Discourse-Username: removed
< X-Discourse-Route: users/create
< Cache-Control: no-store, must-revalidate, no-cache, private
< X-Request-Id: d8dfb524-26b7-4a76-a4a8-96f70cb9e244
< Set-Cookie: __profilin=p%3Dt%2Ca%3D5b595ba25bbff59a6b51f6d39f6ace45%7C0b364c7fb766ced5be17866e10020175; path=/
< X-Runtime: 0.027306
* HTTP error before end of send, stop sending

We’ve also got some older backups, so restoring to a previous version can be done. We’ve not gone live with this yet, so we can break it (further) to some extent.

Cheers,
Juraj

If you are using the LDAP plugin, isn’t LDAP responsible for creating users? It’s certainly responsible for passwords. Does it work if you disable LDAP?

Just tried disabling it, same thing.

Mind you, this used to work just fine prior to the upgrade we did today. LDAP plugin enabled and all.

Alright. I’ve done a complete rebuild of Discourse and tried the user creation, and now it works.

I still haven’t the slightest why it broke in the first place.

I’ve a snapshot of the previous version, so if needed I can switch back to that for debugging purposes.

I’d still like to figure out what exactly went wrong, in case something similar happens again.

Just an update on this, since I believe I’ve figured it out.

Mistake on my part, although it wasn’t all that clear.

To reiterate, the API was providing no response on user creation. So not even a failure response in the JSON, there was just no JSON.

The only thing that popped up was a 500 in the web server logs.

The API was providing a response for other actions such as getting all of the users, or getting a single user.

The problem seems to be that the API key/API username I was using was linked to a local account.

Local account auth was disabled due to the fact that we only use LDAP auth.

Enabling local account auth caused the API to respond properly to the user creation calls.

I’ll update this with some more information once I have access to the machine.

Should be fairly easy to reproduce, now.