search

Altinn / altinn-storage

Altinn platform microservice for handling instance storage
1 stars 3 forks source link

Providing invalid input in the X-Ai-InstanceOwnerIdentifier header results in an internal server error #402

Closed SandGrainOne closed 1 month ago

SandGrainOne commented 2 months ago

Description of the bug

The new input parameter (header) X-Ai-InstanceOwnerIdentifier doesn't handle cases where Register returns bad request. It results in an internal server error.

If the register lookup returns 400, then the operation as a whole should return a Bad Request response.

Steps To Reproduce

Tested in AT22: Endpoint: https://platform.at22.altinn.cloud/storage/api/v1/instances?org=ttd

  1. Create a valid token for application owner ttd using token generator.
  2. Craft a request where the party value in X-Ai-InstanceOwnerIdentifier is invalid . E.g
    1. X-Ai-InstanceOwnerIdentifier=organisation:test
    2. X-Ai-InstanceOwnerIdentifier=person:42
  3. Run the request and observe the error message.
SandGrainOne commented 1 month ago

Tested, approved