From a291cb5ca770c98a70824384e7abafde03ba917a Mon Sep 17 00:00:00 2001 From: Gani Georgiev Date: Mon, 22 May 2023 23:59:36 +0300 Subject: [PATCH] [#2535] avoid mutating the cached request data on OAuth2 user create --- CHANGELOG.md | 2 ++ apis/record_auth.go | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c8b7ced..6102a7a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ - Removed unnecessary slice length check in `list.ExistInSlice` ([#2527](https://github.com/pocketbase/pocketbase/pull/2527); thanks @KunalSin9h). +- Avoid mutating the cached request data on OAuth2 user create ([#2535](https://github.com/pocketbase/pocketbase/discussions/2535)). + ## v0.16.0 diff --git a/apis/record_auth.go b/apis/record_auth.go index 9e626c12..5bcf9d87 100644 --- a/apis/record_auth.go +++ b/apis/record_auth.go @@ -190,9 +190,10 @@ func (api *recordAuthApi) authWithOAuth2(c echo.Context) error { form.SetBeforeNewRecordCreateFunc(func(createForm *forms.RecordUpsert, authRecord *models.Record, authUser *auth.AuthUser) error { return createForm.DrySubmit(func(txDao *daos.Dao) error { - requestData := RequestData(c) - requestData.Data = form.CreateData event.IsNewRecord = true + // clone the current request data and assign the form create data as its body data + requestData := *RequestData(c) + requestData.Data = form.CreateData createRuleFunc := func(q *dbx.SelectQuery) error { admin, _ := c.Get(ContextAdminKey).(*models.Admin) @@ -205,7 +206,7 @@ func (api *recordAuthApi) authWithOAuth2(c echo.Context) error { } if *collection.CreateRule != "" { - resolver := resolvers.NewRecordFieldResolver(txDao, collection, requestData, true) + resolver := resolvers.NewRecordFieldResolver(txDao, collection, &requestData, true) expr, err := search.FilterData(*collection.CreateRule).BuildExpr(resolver) if err != nil { return err