We seem to be missing a word boundary check when lexing the input into tokens. I added an attribute called primaryEmail and when I query it like this, it fails with a strange error. If I rename it to mainEmail or something else that doesn't start with one of the operators like pr/co/eq/etc, it works fine.
$ curl -H 'Authorization: Bearer deadbeef' -X GET 'https://example.com/scim/Users?filter=primaryEmail+co+%22gsar%22' | jq .
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"detail": "The specified filter syntax was invalid, or the specified attribute and filter comparison combination is not supported:\nUnexpected operator 'pr'.\nInput: 'primaryEmail co \"gsar\"'\n",
"status": "400",
"scimType": "invalidFilter"
}
We seem to be missing a word boundary check when lexing the input into tokens. I added an attribute called
primaryEmail
and when I query it like this, it fails with a strange error. If I rename it tomainEmail
or something else that doesn't start with one of the operators likepr
/co
/eq
/etc, it works fine.