WindyMadman/Auto-GPT
1
0
Fork 0
mirror of https://github.com/Significant-Gravitas/Auto-GPT.git synced 2025-01-07 03:17:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(store): Profile updating is handled in an insecure and potentially broken way

Browse Source
This commit is contained in:
SwiftyOS 2024-12-19 10:47:10 +01:00
parent 4646de463a
commit 234e4a35c4
2 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
autogpt_platform/backend/backend/server/v2/store/db.py
View File

@ -620,6 +620,7 @@ async def update_or_create_profile(
"""
Update the store profile for a user. Creates a new profile if one doesn't exist.
Only allows updating if the user_id matches the owning user.
If a field is None, it will not overwrite the existing value in the case of an update.
Args:
user_id: ID of the authenticated user
@ -630,8 +631,9 @@ async def update_or_create_profile(
Raises:
HTTPException: If user is not authorized to update this profile
DatabaseError: If profile cannot be updated due to database issues
"""
logger.debug(f"Updating profile for user {user_id}")
logger.info(f"Updating profile for user {user_id} data: {profile}")
try:
# Check if profile exists for user
@ -641,7 +643,9 @@ async def update_or_create_profile(
# If no profile exists, create a new one
if not existing_profile:
logger.debug(f"Creating new profile for user {user_id}")
logger.debug(
f"No existing profile found. Creating new profile for user {user_id}"
)
# Create new profile since one doesn't exist
new_profile = await prisma.models.Profile.prisma().create(
data={
@ -649,8 +653,9 @@ async def update_or_create_profile(
"name": profile.name,
"username": profile.username,
"description": profile.description,
"links": profile.links,
"links": profile.links or [],
"avatarUrl": profile.avatar_url,
"isFeatured": False,
}
)
@ -666,16 +671,23 @@ async def update_or_create_profile(
)
else:
logger.debug(f"Updating existing profile for user {user_id}")
# Update only provided fields for the existing profile
update_data = {}
if profile.name is not None:
update_data["name"] = profile.name
if profile.username is not None:
update_data["username"] = profile.username
if profile.description is not None:
update_data["description"] = profile.description
if profile.links is not None:
update_data["links"] = profile.links
if profile.avatar_url is not None:
update_data["avatarUrl"] = profile.avatar_url
# Update the existing profile
updated_profile = await prisma.models.Profile.prisma().update(
where={"id": existing_profile.id},
data=prisma.types.ProfileUpdateInput(
name=profile.name,
username=profile.username,
description=profile.description,
links=profile.links,
avatarUrl=profile.avatar_url,
),
data=prisma.types.ProfileUpdateInput(**update_data),
)
if updated_profile is None:
logger.error(f"Failed to update profile for user {user_id}")

8
autogpt_platform/frontend/src/components/agptui/ProfileInfoForm.tsx
View File

@ -26,7 +26,7 @@ export const ProfileInfoForm = ({ profile }: { profile: CreatorDetails }) => {
name: profileData.name,
username: profileData.username,
description: profileData.description,
links: profileData.links,
links: profileData.links.filter((link) => link), // Filter out empty links
avatar_url: profileData.avatar_url,
};
@ -225,11 +225,11 @@ export const ProfileInfoForm = ({ profile }: { profile: CreatorDetails }) => {
defaultValue={link || ""}
className="font-circular w-full border-none bg-transparent text-base font-normal text-neutral-900 placeholder:text-neutral-400 focus:outline-none dark:text-white dark:placeholder:text-neutral-500"
onChange={(e) => {
const newLinks = [...profileData.links];
newLinks[linkNum - 1] = e.target.value;
const newProfileData = {
...profileData,
links: profileData.links.map((link, index) =>
index === linkNum - 1 ? e.target.value : link,
),
links: newLinks,
};
setProfileData(newProfileData);
}}