simpleidserver
Missing validations, some Bad Request are returning server error 500 instead of 400 http code
After some testing from swagger I found some responses with ServerError 500 status code instead of error 400 BadRequest. Tested with version "2.0.9" and the latest beta version "2.0.16-ci-00324" from this other bug.
ERROR 1: POST /Users/.search { "filter": "usernAme Eq "uSerName444"" }
Response: Error 500 Should be 401 Bad request due to the body json bad quotation not escaping double quotes.
Response Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "500",
"scimType": "internalServerError",
"detail": "System.NullReferenceException: Object reference not set to an instance of an object.\n at SimpleIdServer.Scim.Api.BaseApiController.InternalSearch(SearchSCIMResourceParameter searchRequest)"
}
ERROR 2: GET /Users?sortBy=userName Returns Error 500 it should work using a default "sortOrder" or return error 400 stating that "sortOrder" param is required or even better, using a default sortOrder (either ascending or descending).
Response Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "500",
"scimType": "internalServerError",
"detail": "System.InvalidOperationException: Nullable object must have a value.\n at System.Nullable`1.get_Value()\n at SimpleIdServer.Scim.Persistence.EF.EFSCIMRepresentationQueryRepository.FindSCIMRepresentations(SearchSCIMRepresentationsParameter parameter)\n at SimpleIdServer.Scim.Api.BaseApiController.InternalSearch(SearchSCIMResourceParameter searchRequest)"
}
ERROR 3: /Users?filter=userName%20sw%20%22ki%22%20and%20emails.value%20pr RETURNS Error 500 It should either return the users for that filter: "userName sw "ki" and emails.value pr" or return 400 Bad response if that is not the syntax.
Response Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "500",
"scimType": "internalServerError",
"detail": "System.NullReferenceException: Object reference not set to an instance of an object.\n at SimpleIdServer.Scim.Parser.Expressions.SCIMExpressionLinqExtensions.Evaluate(SCIMPresentExpression presentExpression, ParameterExpression parameterExpression)\n at SimpleIdServer.Scim.Parser.Expressions.SCIMExpressionLinqExtensions.Evaluate(SCIMExpression expression, ParameterExpression parameterExpression)\n at SimpleIdServer.Scim.Parser.Expressions.SCIMExpressionLinqExtensions.Evaluate(SCIMLogicalExpression logicalExpression, ParameterExpression parameterExpression)\n at SimpleIdServer.Scim.Parser.Expressions.SCIMExpressionLinqExtensions.Evaluate(SCIMExpression expression, ParameterExpression parameterExpression)\n at SimpleIdServer.Scim.Parser.Expressions.SCIMExpressionLinqExtensions.Evaluate(SCIMExpression expression, IQueryable`1 representations)\n at SimpleIdServer.Scim.Persistence.EF.EFSCIMRepresentationQueryRepository.FindSCIMRepresentations(SearchSCIMRepresentationsParameter parameter)\n at SimpleIdServer.Scim.Api.BaseApiController.InternalSearch(SearchSCIMResourceParameter searchRequest)"
}
Hello,
The errors 1, 2 and 3 are fixed in the branch master.
- Error 1 : Error is returned when Bad JSON is passed to the search operation.
-
Error 2 : If SortBy is null then default value is
Descending. - Error 3 : There was an issue in the algorithm used to parse Expression Tree. Now complex attribute used by a Present operation contains the correct Attribute definition.
KR,
SID
