search

pingidentity / scim2

The UnboundID SCIM 2.0 SDK for Java
175 stars 72 forks source link

Nested fields not patched correctly when path field omitted #224

Open finrod2002 opened 4 weeks ago

finrod2002 commented 4 weeks ago

Describe the bug

When using the following code

final PatchRequest patchToBeApplied = new ObjectMapper()
            .readValue(patchRequest, PatchRequest.class);

final GenericScimResource resource = new ObjectMapper()
            .readValue(resourceJson, GenericScimResource.class);

 patchToBeApplied.apply(value);

in the result the nested fields are added instead of replaced.

patchRequest has the following body

{
    "Operations": [
        {
            "op": "replace",
            "value": {
                "name.familyName": "test",
                "name.formatted": "test test2"
            }
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ]
}

something like the following is produced

{
  "schemas" : [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ],
  ...
  ...
  ...
  "name" : {
    "familyName" : "Young",
    "givenName" : "Joy"
  },
  ...
  ...
  ...
  "name.familyName" : "test",
  "name.formatted" : "test test2"
}

To Reproduce

  1. Given following java code
final PatchRequest patchToBeApplied = new ObjectMapper()
            .readValue(patchRequest, PatchRequest.class);

final GenericScimResource resource = new ObjectMapper()
            .readValue(resourceJson, GenericScimResource.class);

 patchToBeApplied.apply(value);

  1. With resourceJson set to the following JSON

    {
"schemas" : [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ],
"externalId" : "externalId-1",
"meta" : {
"resourceType" : "User"
},
"userName" : "user1",
"name" : {
"familyName" : "Young",
"givenName" : "Joy"
},
"displayName" : "Joy Young",
"active" : true,
"emails" : [ {
"value" : "user@org.com",
"type" : "work",
"primary" : true
}, {
"value" : "user@org-proxy.com",
"type" : "work",
"primary" : false
} ],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" : {
"department" : null,
"manager" : null
}
}

  2. With patchToBeApplied set to

    {
"Operations": [
    {
        "op": "replace",
        "value": {
            "name.familyName": "test",
            "name.formatted": "test test2"
        }
    }
],
"schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}

  3. Result is

    {
"schemas" : [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ],
"externalId" : "externalId-1",
"meta" : {
"resourceType" : "User"
},
"userName" : "user1",
"name" : {
"familyName" : "Young",
"givenName" : "Joy"
},
"displayName" : "Joy Young",
"active" : true,
"emails" : [ {
"value" : "user@org.com",
"type" : "work",
"primary" : true
}, {
"value" : "user@org-proxy.com",
"type" : "work",
"primary" : false
} ],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" : {
"department" : null,
"manager" : null
},
"name.familyName" : "test",
"name.formatted" : "test test2"
}

Expected behavior The following pached JSON would be excpected.

{
  "schemas" : [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ],
  "externalId" : "externalId-1",
  "meta" : {
    "resourceType" : "User"
  },
  "userName" : "user1",
  "name" : {
    "familyName" : "test",
    "givenName" : "Joy",
    "formatted" : "test test2"
  },
  "displayName" : "Joy Young",
  "active" : true,
  "emails" : [ {
    "value" : "user@org.com",
    "type" : "work",
    "primary" : true
  }, {
    "value" : "user@org-proxy.com",
    "type" : "work",
    "primary" : false
  } ],
  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" : {
    "department" : null,
    "manager" : null
  }
}

Additional context Add any other context about the problem here. For example:

kqarryzada commented 3 weeks ago

@finrod2002, which SCIM service provider were you using that generated PATCH requests of this form?

finrod2002 commented 3 weeks ago

@kqarryzada

This was Microsoft/Entra/Azure Scim provider. I use the validator here, this has to pass before an app can be published in the Microsoft Enterprise gallery.

https://scimvalidator.microsoft.com/