search

Altinn / altinn-notifications

Altinn platform microservice for handling notifications (mail, sms, etc)
MIT License
2 stars 3 forks source link

Limited validaton of ssn and orgnr #536

Closed tba76 closed 5 months ago

tba76 commented 5 months ago

Description of the bug

The validation in EmailNotificationOrderController and SmsNotificationOrderController accepts ssn and orgnr if they are'nt empty. They should at least validate number of characters when they receive new requests.

Consideration

Steps To Reproduce

Add new request with invalid ssn/orgnr and see that 202 Accepted is returned

Suggested solution

We can add basic validation of the length of the values and ensure that the characters are all digits. 9 for org number, 11 for national identity number

acn-sbuad commented 5 months ago

Validated in AT22. Bad request if invalid recipient provided for both email and sms.

{
  "type": "https://tools.ietf.org/html/rfc9110#section-15.5.1",
  "title": "One or more validation errors occurred.",
  "status": 400,
  "errors": {
    "Recipients[0].OrganizationNumber": [
      "Organization number must be 9 digits long."
    ]
  },
  "traceId": "00-b5f0b5af928169f395cc43e226326ce1-8da6ff6f40b1ca7c-00"
}