[5.4] Expose finalization errors in autoupdate API response

[SniperSister]

Summary of Changes

So far, the update finalization endpoint of the autoupdate feature has not been exposing any potential cause of a issue during that execution step. This PR adds output.

Testing Instructions

• Install a site
• Enable auto updates
• Apply the patch
• Call the finalizeUpdate endpoint of the API /api/index.php/v1/joomlaupdate/finalizeUpdate and don't forget to supply the X-JUpdate-Token header with the respective token
• Verify the existence of the errors key in the response attributes

Actual result BEFORE applying this Pull Request

Errors missing

Expected result AFTER applying this Pull Request

Errors present

Link to documentations

Please select:

• Documentation link for docs.joomla.org:

• No documentation changes for docs.joomla.org needed

• Pull Request link for manual.joomla.org:

• No documentation changes for manual.joomla.org needed

[richard67]

I have tested this item ✅ successfully on f4b53c8

Hint for other testers how I have tested

On a Linux (or if Windows: WSL) command line, I've called curl to post the request:

curl --user-agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0" -H "X-JUpdate-Token: <my automated updates token>" -X POST https://<my subdomain>/api/index.php/v1/joomlaupdate/finalizeUpdate

The --user-agent parameter was necessary for me because my special hardened .htaccess file on my subdomains blocks certain user agents.

Of course you have to replace the <my automated updates token> by the token you can see in and copy from the automated update parameters of the Joomla Update component, and the <my subdomain> by the actual URL of your site.

Your site should be on Joomla 5.4.1, and automated updates should be enabled.

Result without the PR:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":true}}}

Result without the PR:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":true,"errors":[]}}}

I.e. with the PR there is an additional attribute "errors":[] in the response data.

In case of success (like here) it is an empty array.

For producing an error I have crated a new update SQL script administrator/components/com_admin/sql/updates/mysql/5.4.2-2025-11-30.sql with an invalid SQL statement:

INSERT INTO `#__bla` (`blubb`) VALUES ('');

After that I've repeated the API call.
Result:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":false,"errors":["Exception: installer::parseSchemaUpdates finished with \"false\" result. in test1\/administrator\/components\/com_joomlaupdate\/src\/Model\/UpdateModel.php:1067\nStack trace:\n#0 test1\/api\/components\/com_joomlaupdate\/src\/View\/Updates\/JsonapiView.php(120): Joomla\\Component\\Joomlaupdate\\Administrator\\Model\\UpdateModel->finaliseUpgrade()\n#1 test1\/api\/components\/com_joomlaupdate\/src\/Controller\/UpdatesController.php(104): Joomla\\Component\\Joomlaupdate\\Api\\View\\Updates\\JsonapiView->finalizeUpdate()\n#2 test1\/libraries\/src\/MVC\/Controller\/BaseController.php(730): Joomla\\Component\\Joomlaupdate\\Api\\Controller\\UpdatesController->finalizeUpdate()\n#3 test1\/libraries\/src\/Dispatcher\/ApiDispatcher.php(61): Joomla\\CMS\\MVC\\Controller\\BaseController->execute()\n#4 test1\/libraries\/src\/Component\/ComponentHelper.php(361): Joomla\\CMS\\Dispatcher\\ApiDispatcher->dispatch()\n#5 test1\/libraries\/src\/Application\/ApiApplication.php(433): Joomla\\CMS\\Component\\ComponentHelper::renderComponent()\n#6 test1\/libraries\/src\/Application\/ApiApplication.php(116): Joomla\\CMS\\Application\\ApiApplication->dispatch()\n#7 test1\/libraries\/src\/Application\/CMSApplication.php(304): Joomla\\CMS\\Application\\ApiApplication->doExecute()\n#8 test1\/api\/includes\/app.php(50): Joomla\\CMS\\Application\\CMSApplication->execute()\n#9 test1\/api\/index.php(31): require_once('\/homepages\/38\/d...')\n#10 {main}"]}}}

(with the absolute path to the files removed).

I.e. the new errors attribute contains the exception details and the call stack.

Of course you should remove that bad update SQL script after the test.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/46493.}

[exlemor]

Thanks for the great testing instructions @richard67, unfortunately I have tried on 3 different sites and I am not getting past

curl --user-agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0" -H "X-JUpdate-Token: <my automated updates token>" -X POST https://<my subdomain>/api/index.php/v1/joomlaupdate/finalizeUpdate

(with of course updating <my automated updates token> and <my subdomain>, for 2 sites, I just get a blank line after pressing enter and then eventually,

a. curl: (28) Failed to connect to www.domain.com port 443: Connection timed out

for another site, I get Method Not Allowed and for a 4th, I get a 403 forbidden:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>

so I'm not having much fun :/ lol

[brianteeman]

I assume you added your token and just removed it from your post?

[exlemor]

I assume you added your token and just removed it from your post?

Hi @brianteeman, yes absolutely.

[richard67]

@exlemor SSL is ok for your site? I.e. not a self signed certificate? curl is a bit strict with that.

[exlemor]

@exlemor SSL is ok for your site? I.e. not a self signed certificate? curl is a bit strict with that.

These are all live sites (some testing installations, some not) all on the internet with Let's Encrypt SSL certs not self-signed.

[richard67]

@exlemor I've allowed myself to add the missing tickmarks for quoting code (or markup) on Github to your comment with your result.

a. curl: (28) Failed to connect to www.domain.com port 443: Connection timed out

Sure that this site was reachable with https from that client where you have used curl?

for another site, I get Method Not Allowed and for a 4th, I get a 403 forbidden:

Do these sites have an .htaccess file, and if so, does it contain this section? https://github.com/joomla/joomla-cms/blob/5.4-dev/htaccess.txt#L102-L113

Do they maybe have also an .htaccess file in the parent folder which forbids the api requests?