SimpleIdServer icon indicating copy to clipboard operation
SimpleIdServer copied to clipboard
verified publisher icon simpleidserver

Get request returns server error when using some attributes in filter query if they start with capital letter

Open andreidabryian opened this issue 3 years ago • 2 comments

Steps to reproduce:

  1. Send Get request with filter specified “https://{{Server}}{{Port}}/Users?filter=meta.version eq 3”

-> success, it returns ListResponse with an object or empty ListResponse depending if such version exists

  1. Change the “version“ attribute name in the filter part to start with a capital letter and send the request again,

example: “https://{{Server}}{{Port}}/Users?filter=meta.Version eq 3“

Actual result: Server error occurs and returned body:

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "status": "500",
    "scimType": "internalServerError",
    "detail": "System.NullReferenceException: Object reference not set to an instance of an object.\n   at SimpleIdServer.Scim.Parser.Expressions.SCIMExpressionLinqExtensions.BuildComparisonExpression(SCIMComparisonExpression comparisonExpression, SCIMSchemaAttribute schemaAttr, MemberExpression propertyValueString, MemberExpression propertyValueInteger, MemberExpression propertyValueDatetime, MemberExpression propertyValueBoolean, MemberExpression propertyValueDecimal, MemberExpression propertyValueBinary, ParameterExpression representationParameter)\n   at SimpleIdServer.Scim.Parser.Expressions.SCIMExpressionLinqExtensions.Evaluate(SCIMComparisonExpression comparisonExpression, ParameterExpression parameterExpression)\n   at SimpleIdServer.Scim.Parser.Expressions.SCIMExpressionLinqExtensions.Evaluate(SCIMExpression expression, IQueryable`1 representations)\n   at SimpleIdServer.Scim.Persistence.InMemory.DefaultSCIMRepresentationQueryRepository.FindSCIMRepresentations(SearchSCIMRepresentationsParameter parameter)\n   at SimpleIdServer.Scim.Api.BaseApiController.InternalSearch(SearchSCIMResourceParameter searchRequest)"
}

I noticed such behavior for attributes under “meta“ object: version, lastModified, created. But it is not reproducible for attributes like userName, name, etc. I.e. the behavior is reproducible only for part of the attributes, not for all of them.

Expected Result:

Looks like, it shouldn’t be a server error. As I understand by SCIM, the behavior depends on the “caseExact“ property for the attribute in the schema.

In my case "caseExact": false, in the schema, so I expect the same response as after the first request in Step 1.

andreidabryian avatar Sep 16 '22 07:09 andreidabryian

Hello,

Indeed there is an issue. According to the RFC7644 Section 3.4.2.2 (https://www.rfc-editor.org/rfc/rfc7644.html#section-3.4.2.2), attribute names and attribute operators used in filters are case insensitive. The issue will be fixed next week :)

KR,

SID

simpleidserver avatar Sep 16 '22 18:09 simpleidserver

The issue is fixed in the master branch.

simpleidserver avatar Sep 19 '22 11:09 simpleidserver