Unexpected behaviour of empty PUT payload to /resources/resource_id.json

maretodoric commented 1 year ago

Unexpected behaviour of empty PUT payload to /resources/resource_id.json

Passbolt Version: 4.1.2-1-ce
Platform and Target: -- Operating system: Ubuntu 20.04 LTS (Focal Fossa) -- PHP: from docker image -- Web server: from docker image -- Database server: MariaDB 10.3 -- etc.: Using docker image : passbolt/passbolt:4.1.2-1-ce

What you did

Accidentally discovered this, not sure if it's by design but doesn't look like it. When you call PUT /resources/{resource_id}.json without any payload, it will change the password to json string: {"password": "<current_password>", "description": "<current_description>"}

What happened

Explained in What you did, but pretty much password is set to plaintext json string.

What you expected to happen

Nothing should happen or http code above 400 should be issued? Or maybe even 500?

cedricalfonsi commented 1 year ago

An internal ticket PB-25997 was created to assess the issue.

ishanvyas22 commented 1 year ago

Hey @maretodoric, we are not able to reproduce the issue you are having. Can you upgrade your passbolt app to latest version and see if you are still facing the problem?

ishanvyas22 commented 1 year ago

Closing this issue for now, if you are still facing the problem then feel free to reach out to our community forum.

passbolt / passbolt_api