search

SURFnet / rd-sram-integration

Research Drive / SURF Research Access Management Integration
2 stars 3 forks source link

incorrect response to SCIM create call #160

Closed michielbdejong closed 1 year ago

michielbdejong commented 1 year ago

POST /index.php/apps/federatedgroups/scim/Groups body:

2023-05-15 08:45:06,316 INFO {"displayName": "TestGroup (uniharderwijk_surfdrive_test) (SRAM CO)", "externalId": "3f938b6b-cbe0-4856-beb3-91dffa773c15@sram.surf.nl", "members": [{"display": "", "value": "zoete001@surf.nl"}, {"display": "", "value": "wezep001@surf.nl"}, {"display": "", "value": "zoete001@surf.nl"}, {"display": "", "value": "wezep001@surf.nl"}], "urn:mace:surf.nl:sram:scim:extension:Group": {"description": "Provisioned by service Research Drive test - ", "labels": [], "urn": "uniharderwijk:surfdrive_test:srd_test-testgroup"}, "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group", "urn:mace:surf.nl:sram:scim:extension:Group"], "id": "TestGroup (uniharderwijk_surfdrive_test) (SRAM CO)", "meta": {"created": "2023-05-09T09:28:12.589456", "lastModified": "2023-05-09T09:28:12.602001", "location": "/Groups/848a0f5d-b492-4580-80f1-1950cf7be410", "resourceType": "Group"}}

Error logged:

"reqId":"ZGHxEdCWYLFXdgKOCjGO7AAAAAY","level":0,"time":"15\/May\/2023:10:45:06","remoteAddr":"10.234.2.58","user":"--","app":"OC\\Authentication\\Token\\DefaultTokenProvider::invalidateToken","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"invalidating token 9e280f6a48d829cce7fa091a4e2974a7d4bfd3c02b6ceda5deb0775ccc52e16f6f2e1a664b74a4acb9894b1933ab503c96baf5f8b9490188d819a0d5c182853a"}
{"reqId":"ZGHxEdCWYLFXdgKOCjGO7AAAAAY","level":3,"time":"15\/May\/2023:10:45:06","remoteAddr":"10.234.2.58","user":"--","app":"PHP","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"Illegal string offset 'id' at \/var\/www\/owncloud\/apps\/federatedgroups\/lib\/Controller\/ScimController.php#158"}
{"reqId":"ZGHxEdCWYLFXdgKOCjGO7AAAAAY","level":3,"time":"15\/May\/2023:10:45:06","remoteAddr":"10.234.2.58","user":"--","app":"PHP","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"Illegal string offset 'members' at \/var\/www\/owncloud\/apps\/federatedgroups\/lib\/Controller\/ScimController.php#110"}
{"reqId":"ZGHxEdCWYLFXdgKOCjGO7AAAAAY","level":3,"time":"15\/May\/2023:10:45:06","remoteAddr":"10.234.2.58","user":"--","app":"PHP","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"Invalid argument supplied for foreach() at \/var\/www\/owncloud\/apps\/federatedgroups\/lib\/Controller\/ScimController.php#110"}
{"reqId":"ZGHxEssURf9dfHDCb5TweAAAAAA","level":0,"time":"15\/May\/2023:10:45:06","remoteAddr":"10.234.0.3","user":"--","app":"OC\\Authentication\\Token\\DefaultTokenProvider::invalidateToken","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"invalidating token 4b24ec6c2f0d7211a83681c697a2e6c2bc1ded2eee02c62ad11302f3d945719a44cb78b795fb288928f8471ff486f4cf2d3a08a445bf8b0c137125312ddd8bcb"}
{"reqId":"ZGHxEssURf9dfHDCb5TweAAAAAA","level":3,"time":"15\/May\/2023:10:45:06","remoteAddr":"10.234.0.3","user":"--","app":"PHP","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"Illegal string offset 'id' at \/var\/www\/owncloud\/apps\/federatedgroups\/lib\/Controller\/ScimController.php#158"}
{"reqId":"ZGHxEssURf9dfHDCb5TweAAAAAA","level":3,"time":"15\/May\/2023:10:45:06","remoteAddr":"10.234.0.3","user":"--","app":"PHP","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"Illegal string offset 'members' at \/var\/www\/owncloud\/apps\/federatedgroups\/lib\/Controller\/ScimController.php#110"}
{"reqId":"ZGHxEssURf9dfHDCb5TweAAAAAA","level":3,"time":"15\/May\/2023:10:45:06","remoteAddr":"10.234.0.3","user":"--","app":"PHP","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"Invalid argument supplied for foreach() at \/var\/www\/owncloud\/apps\/federatedgroups\/lib\/Controller\/ScimController.php#110"}
T0mWz commented 1 year ago 
2023-05-15 08:35:28,642 DEBUG Would make the following call to HTTP endpoint:
url : https://tst-miskatonic.data.surfsara.nl/index.php/apps/federatedgroups/scim/Groups
 method: POST
 payload:
 json:{"displayName": "TestGroup (uniharderwijk_surfdrive_test) (SRAM CO)", "externalId": "[3f938b6b-cbe0-4856-beb3-91dffa773c15@sram.surf.nl](mailto:3f938b6b-cbe0-4856-beb3-91dffa773c15@sram.surf.nl)", "members": [{"display": "", "value": "[zoete001@surf.nl](mailto:zoete001@surf.nl)"}, {"display": "", "value": "[wezep001@surf.nl](mailto:wezep001@surf.nl)"}, {"display": "", "value": "[zoete001@surf.nl](mailto:zoete001@surf.nl)"}, {"display": "", "value": "[wezep001@surf.nl](mailto:wezep001@surf.nl)"}], "urn:mace:surf.nl:sram:scim:extension:Group": {"description": "Provisioned by service Research Drive test - ", "labels": [], "urn": "uniharderwijk:surfdrive_test:srd_test-testgroup"}, "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group", "urn:mace:surf.nl:sram:scim:extension:Group"], "id": "TestGroup (uniharderwijk_surfdrive_test) (SRAM CO)", "meta": {"created": "2023-05-09T09:28:12.589456", "lastModified": "2023-05-09T09:28:12.602001", "location": "/Groups/848a0f5d-b492-4580-80f1-1950cf7be410", "resourceType": "Group"}}
soltanireza65 commented 1 year ago

We have tested the createGroup endpoint on your deployment on : https://tst-miskatonic.data.surfsara.nl/index.php/apps/federatedgroups/scim/Groups and also on our instances with your request payload and its results in 201, CREATED

can you give us more details on how you are testing it so we can recreate the issue?

image

curl --location 'https://tst-miskatonic.data.surfsara.nl/index.php/apps/federatedgroups/scim/Groups' \
--header 'Content-Type: application/json' \
--header 'Cookie: app_cookie=rd-manager-c-01|ZGNYZ|ZGNYM; dc_cookie=http://10.234.6.57:80; oc_sessionPassphrase=qlf7WJmG1nEY2n24UZIuGVfHUTKtdrRG1XhcssC25uBnl%2BOuzgN09NSECBq2BkWDKktlqmj9Y5rVHi0YVBuMoB0b9ME%2B0%2FI2YgcQoZGChipSKVvZHQSMQrcpixzL4Ji%2F; oco1leooohkc=h55q3mu6nqm65puo6otfnip3cf' \
--data-raw '{
    "displayName": "TestGroup (uniharderwijk_surfdrive_test) (SRAM CO)",
    "externalId": "3f938b6b-cbe0-4856-beb3-91dffa773c15@sram.surf.nl",
    "members": [
        {
            "display": "",
            "value": "zoete001@surf.nl"
        },
        {
            "display": "",
            "value": "wezep001@surf.nl"
        },
        {
            "display": "",
            "value": "zoete001@surf.nl"
        },
        {
            "display": "",
            "value": "wezep001@surf.nl"
        }
    ],
    "urn:mace:surf.nl:sram:scim:extension:Group": {
        "description": "Provisioned by service Research Drive test - ",
        "labels": [],
        "urn": "uniharderwijk:surfdrive_test:srd_test-testgroup"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group",
        "urn:mace:surf.nl:sram:scim:extension:Group"
    ],
    "id": "TestGroup (uniharderwijk_surfdrive_test) (SRAM CO)",
    "meta": {
        "created": "2023-05-09T09:28:12.589456",
        "lastModified": "2023-05-09T09:28:12.602001",
        "location": "/Groups/848a0f5d-b492-4580-80f1-1950cf7be410",
        "resourceType": "Group"
    }
}'
T0mWz commented 1 year ago

That works. But as data-raw and not json:

{"reqId":"ZGNYYn-gfcTgj2cOD@e9AAAAAAM","level":1,"time":"16\/May\/2023:12:18:11","remoteAddr":"10.234.0.3","user":"--","app":"admin_audit","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"Group TestGroup (uniharderwijk_surfdrive_test) (SRAM CO) created by IP 10.234.0.3","action":"group_created","group":"TestGroup (uniharderwijk_surfdrive_test) (SRAM CO)","CLI":false,"userAgent":"PostmanRuntime\/7.32.2","auditGroups":[],"auditUsers":[],"actor":"IP 10.234.0.3"}
T0mWz commented 1 year ago

Why did I not tried that myself 🤦‍♂️ Changed from JSON object to raw object, now it works.

2023-05-16 10:33:53,556 DEBUG Would make the following call to HTTP endpoint:
url : https://tst-miskatonic.data.surfsara.nl/index.php/apps/federatedgroups/scim/Groups
 method: POST
 payload:{"displayName": "TestGroup (uniharderwijk_demo_co_srd) (SRAM CO)", "externalId": "422b006f-e1e8-4af9-957a-4fe0bc785dcd@sram.surf.nl", "members": [{"display": "", "value": "wezep001@surf.nl"}], "urn:mace:surf.nl:sram:scim:extension:Group": {"description": "Provisioned by service Research Drive test - ", "labels": [], "urn": "uniharderwijk:demo_co_srd:srd_test-testgroup"}, "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group", "urn:mace:surf.nl:sram:scim:extension:Group"], "id": "TestGroup (uniharderwijk_demo_co_srd) (SRAM CO)", "meta": {"created": "2023-05-09T09:28:12.500065", "lastModified": "2023-05-09T09:28:12.507060", "location": "/Groups/5452203f-468b-49fb-af2d-0d26ed288d8e", "resourceType": "Group"}}
 json:
{"reqId":"ZGNbfuyhEgq1FDj2cFi2jgAAAAE","level":1,"time":"16\/May\/2023:12:31:26","remoteAddr":"10.234.2.58","user":"--","app":"admin_audit","method":"POST","url":"\/index.php\/apps\/federatedgroups\/scim\/Groups","message":"Group TestGroup (uniharderwijk_demo_co_srd) (SRAM CO) created by IP 10.234.2.58","action":"group_created","group":"TestGroup (uniharderwijk_demo_co_srd) (SRAM CO)","CLI":false,"userAgent":"python-requests\/2.28.2","auditGroups":[],"auditUsers":[],"actor":"IP 10.234.2.58"}

Screenshot 2023-05-16 at 12 32 45

yasharpm commented 1 year ago

@T0mWz can you send a curl command that doesn't work? The curl we tested with is setting content type in the header. On our end we are ignoring content type and reading the request body as raw string and the parse it into a JSON.

Which tool are you using to test? Are you OK now? We need a curl command so we can reproduce the error on our end as well.

T0mWz commented 1 year ago

Before this sent it as JSON and not directly data. Make use of the Python Requests library, where I just give it as a JSON or now as data payload

soltanireza65 commented 1 year ago

So everything is working now? right?

soltanireza65 commented 1 year ago

if so we can close the issue?!!