Error when new user is created and role is left blank

[robinsonjohn]

Describe the Bug

When a new user is created in the app, the role is not required. If a role is not chosen, the user is added to the database correctly, but a can't convert undefined to object error message is returned to the user.

To Reproduce

Do not select a role when creating a new user:

Unexpected error appears:

User is added without apparent incident:

Directus Version

v10.11.0

Hosting Strategy

Self-Hosted (Docker Image)

Database

MySQL 8

[DanielBiegler]

Just tested this, but under sqlite, and it works for me. Mh your response should also not be code 204 but a 200 since we do return the primary key of the created user(s), see:

directus/api/src/controllers/users.ts

Lines 45 to 53 in 9a6e236

	try {
	if (Array.isArray(req.body)) {
	const items = await service.readMany(savedKeys, req.sanitizedQuery);
	res.locals['payload'] = { data: items };
	} else {
	const item = await service.readOne(savedKeys[0]!, req.sanitizedQuery);
	res.locals['payload'] = { data: item };
	}
	} catch (error: any) {

[hanneskuettner]

One possible reason I can see the /users request return a 204 is if the item service can not read the just created user by its id, causing a ForbiddenError that is silently transformed into a 204 response.

I can replicate this issue if I set the permissions of the current user, that is creating the new user, to be too restrictive, such that they are not able to read the just created user. Do you have any permissions (on directus_users) set up for the role that are different from the standard minimal app permissions?

[robinsonjohn]

Here are some steps I've taken:

• Disabled all flows
• Created a new role with full access permissions to CRUD to directus_users and full read permissions to directus_roles (see screenshot)
• Login as a user with that role
• Attempt to create a user, only entering the first name, email, and password
• POST to /users shows the request body of the three fields. A 204 status is returned along with [UNKNOWN] can't convert undefined to object error
• Docker console simply shows a POST /users 204 with no other errors, even with log level of debug

This only happens when a role is not selected from the non-required select input when creating a user. Strangely, when I follow the same steps as an admin, the user is created without incident, and no error is returned.

[hanneskuettner]

Any hooks that are run by any of your extensions? That it works as an admin still leads me to believe this might be permissions related 🤔

[robinsonjohn]

@hanneskuettner Good question, but no, I have no extensions loaded.

I agree it seems like a permissions issue, but the role was just created and the only thing modified are assigning full permissions to directus_users. Debugging Directus would be a whole lot easier if status codes weren't invisibly changed and meaningful error messages were at least outputted to the console...

I'll keep looking in to it and post back any findings.

[hanneskuettner]

Debugging Directus would be a whole lot easier if status codes weren't invisibly changed and meaningful error messages were at least outputted to the console...

As far as I can tell from your report, the [UNKNOWN] can't convert undefined to object error is actually a frontend only error, that is thrown because the create endpoint unexpectedly returns no content (which is an improvement all on it's own), but there aren't any errors in the API side of things, since it returns a successful 204 (just without the expected content).

[robinsonjohn]

@hanneskuettner Thank you for all your insight on this issue. It's much appreciated. I'll be looking in to this further.