Able to upload add-ons with GUIDs of deleted add-ons

VERIFIED FIXED in 5.12.7

Status

addons.mozilla.org Graveyard
Developer Pages
--
major
VERIFIED FIXED
7 years ago
2 years ago

People

(Reporter: krupa, Assigned: davedash)

Tracking

({regression})

5.12.7
regression

Details

Attachments

(1 attachment)

30.68 KB, application/x-xpinstall
Details
(Reporter)

Description

7 years ago
Created attachment 506522 [details]
test file

steps to reproduce:
1. Upload an add-on with GUID {3EC9C995-8072-4fc0-953E-4F3a620D17F3}
2. After successful submission,delete that add-on
3. Try to upload an add-on with the same GUID

expected behavior:
GUID/UUIDs are not reusable. So, upload fails

actual behavior:
Upload is successful on step #3. 

To reproduce:
Upload the attached test file. submission should fail since it has the same GUID {3EC9C995-8072-4fc0-953E-4F3a620D17F3}. but upload is successful.

regressed from bug 624071
You're saying this is wrong because the highest_status is INCOMPLETE?
Target Milestone: 5.12.7 → Q1 2011
(Reporter)

Comment 2

7 years ago
Once add-on submission is complete the GUID associated with that add-on is blacklisted. If that add-on is deleted, we do not allow reuse of that GUID.

This bug says that, currently we don't enforce that restriction.  This bug should be fixed before 5.12.7 or better, we should back out bug 624071
highest status is 0.... but current status is 3... wtf
Assignee: nobody → dd
Target Milestone: Q1 2011 → 5.12.7
r? http://github.com/davedash/zamboni/compare/delete
Status: NEW → ASSIGNED
(In reply to comment #3)
> highest status is 0.... but current status is 3... wtf

Do you know how we get into that state?  Is it legitimate?
(In reply to comment #5)
> (In reply to comment #3)
> > highest status is 0.... but current status is 3... wtf
> 
> Do you know how we get into that state?  Is it legitimate?

I don't know the business logic around higheststatus.  In my mind it would make sense to attach a signal to listen Addon's pre_save and set higheststatus to status if status is higher than highest status.

I did not see such a signal.

Note,I did not attempt to fix that in this patch, since I don't have a full understanding of how it's supposed to work, and QA would kill me to land something that large.  Mine just checks for status and highest status being 0 (INCOMPLETE)
Yeah, I thought your patch was fine.  I was just wondering if krupa was messing with statuses manually.

The signal is a good idea, but a different bug
(Reporter)

Comment 8

7 years ago
(In reply to comment #7)
>  I was just wondering if krupa was messing
> with statuses manually.
> 
sigh..suspicious minds.
next:
http://github.com/jbalogh/zamboni/commit/9618197
master:
http://github.com/jbalogh/zamboni/commit/41bcd50
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Reporter)

Comment 10

7 years ago
verified fixed
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.