search

gematik / epa-deployment

Project includes docker-compose file to start all relevant services (including VAU encryption/decryption) for an ePA environment.
Apache License 2.0
7 stars 1 forks source link

x-useragent validation #21

Closed spilikin closed 1 month ago

spilikin commented 2 months ago

Hi,

It seems there is a difference in RegExp-Validation between the sample Implementation of authorization-service and the OpenAPI

Setting User-Agent like this: x-useragent: Zero-Go/0.0.1

Gives error: vau-proxy-server | 13:06:07.585 VPS ERROR ServerExceptionHandler: {MessageType=Error, Message=Transcript Error: 400 : "{"error":"invalid_request","error_description":"getNonce.userAgent.userAgent: invalid user agent: doesn't match pattern \"^[a-zA-Z0-9]{20}\\/[a-zA-Z0-9\\-\\.]{1,15}$\""}", ErrorCode=5}

Although RegExp in OpenAPI says:

https://github.com/gematik/ePA-Basic/blob/cc2ae0e7e9a8855ac531aa601bd2919e5afed798/src/openapi/I_Authorization_Service.yaml#L884-L888

The symbol - seems to be allowed in first part of user agent string (before the slash). Length is between 1 and 20.

ghifajg commented 2 months ago

Hi all,

I have the same issue here since I updated my Docker Installation "dc-mocks.yml" from version 1.0.9 to 1.0.10 ...

Regards, Jürgen

IrynaKamenska commented 2 months ago

Thank you for reporting this issue. We will create an internal ticket to fix it by adjusting the RegExp validation.

Best, Iryna

IrynaKamenska commented 1 month ago

Fixed with a release version 1.0.11