search

onaio / fhir-gateway-extension

This repo holds the OpenSRP permissions checker and data access checker
Other
0 stars 1 forks source link

Bug: Error in Processing Requests with Additional Characters after /fhir/* in REST Endpoint #21

Open rehammuzzamil opened 11 months ago

rehammuzzamil commented 11 months ago

Description: When using the Google's Gateway repository, identified a bug related to REST endpoint with the /fhir/* path. If any characters are appended after /fhir/ in a REST endpoint, the WebServlet accepts and begins processing in the access checkers. However, when the actual handleRequest method executes, it fails with an error stating that the FHIR server does not know how to process the request

Steps to Reproduce:

Hit a GET REST endpoint with the path /fhir/*. Append additional characters to the path (e.g., /fhir/practitioner-details-xyz). Observe the behaviour that it passes through the access checker.

Expected Behavior: The system should handle requests with additional characters after /fhir/* gracefully, or there should be a proper validation step at the beginning of execution to check the existence of the resource type.

Actual Behavior: If you type anything after /fhir/* it returns a response. 

{
    "resourceType": "OperationOutcome",
    "issue": [
        {
            "severity": "error",
            "code": "processing",
            "diagnostics": "User is not authorized to GET http://localhost:8080/fhir/practitioner-dewtails?keycloak-uuid=bccd8c41-1c39-400f-b8f4-2172709a7aaa"
        }
    ]
}

Proposed Solution: I suggest adding a check at the beginning of the execution to validate whether the resource type exists whenever /fhir/* endpoint is triggered.

cc: @ndegwamartin @dubdabasoduba @f-odhiambo