aiolabs/libra
8
0
Fork 1
Code Issues 36 Pull requests Projects Releases 6 Packages Wiki Activity Actions

Re-adding an existing-but-unsynced account returns 409 before the DB sync, leaving it un-mirrored #50

New issue
Closed
opened 2026-06-16 21:59:37 +00:00 by padreug · 1 comment
padreug commented 2026-06-16 21:59:37 +00:00
Owner
Copy link

Found in the high-effort code review of PR #46.

views_api.py:3753 — the admin add-account endpoint raises 409 as soon as add_account reports already_existed, before reaching the libra-DB mirror step at :3761:

if result.get("already_existed"):
    raise HTTPException(status_code=HTTPStatus.CONFLICT, detail=...)
...
synced = await sync_single_account_from_beancount(payload.name)

If an account exists in the Beancount ledger but not in libra's DB — e.g. a prior sync_single_account_from_beancount failed (no cross-DB atomicity), or the open was added out of band — re-adding it via the UI is the natural recovery action, but the 409 short-circuits the sync. The account stays invisible to the permissions layer with no recovery path through this endpoint.

Suggested fix

When the account already exists in the ledger, still run (or fall through to) the DB sync and return a 200/"already existed, synced" rather than a hard 409 — or expose a separate "sync this account" affordance. The 409 should signal "nothing to do," not block reconciliation.

Found in the high-effort code review of PR #46. `views_api.py:3753` — the admin add-account endpoint raises 409 as soon as `add_account` reports `already_existed`, **before** reaching the libra-DB mirror step at `:3761`: ```python if result.get("already_existed"): raise HTTPException(status_code=HTTPStatus.CONFLICT, detail=...) ... synced = await sync_single_account_from_beancount(payload.name) ``` If an account exists in the Beancount ledger but **not** in libra's DB — e.g. a prior `sync_single_account_from_beancount` failed (no cross-DB atomicity), or the `open` was added out of band — re-adding it via the UI is the natural recovery action, but the 409 short-circuits the sync. The account stays invisible to the permissions layer with no recovery path through this endpoint. ### Suggested fix When the account already exists in the ledger, still run (or fall through to) the DB sync and return a 200/"already existed, synced" rather than a hard 409 — or expose a separate "sync this account" affordance. The 409 should signal "nothing to do," not block reconciliation.
padreug commented 2026-06-18 11:09:40 +00:00
Author
Owner
Copy link

Fixed and shipped in v0.4.0 (PR #46, catalog updated).

39440b7 — the endpoint now returns 409 only when the account exists in the ledger and libra's DB; a ledger-only account (prior sync failure / out-of-band open) is synced and returns success instead of being stranded. Covered by a recovery test (create → drop DB row → re-add → synced).

Fixed and shipped in **v0.4.0** (PR #46, catalog updated). `39440b7` — the endpoint now returns 409 only when the account exists in the ledger **and** libra's DB; a ledger-only account (prior sync failure / out-of-band open) is synced and returns success instead of being stranded. Covered by a recovery test (create → drop DB row → re-add → synced).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/authorization-security-refactor
fix/concurrency-protection
v0.4.0
v0.3.0
v0.2.2
v0.2.1
v0.2.0
v0.1.0
v0.0.9
v0.0.8
v0.0.7
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
aiolabs/libra#50
No description provided.