search

simpleidserver / SimpleIdServer

OpenID, OAuth 2.0, SCIM2.0, UMA2.0, FAPI, CIBA & OPENBANKING Framework for ASP.NET Core
https://simpleidserver.com/
Apache License 2.0
708 stars 92 forks source link

Returning BadRequest status code by the GET and DELETE user endpoints #513

Closed alexander-durovich-swi closed 1 year ago

alexander-durovich-swi commented 1 year ago

Hello,

Now the GET ([HttpGet("{id}")]) and DELETE endpoints cannot return the BadRequest (400) status code. We would like to add some validation for the ID parameter and return BadRequest if the Id format is invalid.

By the speicification, the GET and DELETE methods can return 400 status code: https://datatracker.ietf.org/doc/html/rfc7644#page-67: image

Is it possible to add such possibility? (Perhpas it is possible to add processing the SCIMSchemaViolatedException into InternalGet and InternalDelete functions like it is done in the PATCH/UPDATE endpoints: https://github.com/simpleidserver/SimpleIdServer/blob/9500c84b6f072a66785a67a9e3f128c2e8f68a0c/src/Scim/SimpleIdServer.Scim/Api/BaseApiController.cs#L623)

simpleidserver commented 1 year ago

Hello,

We made some changes in the master branch to support this feature. It will be included in the next pre-release candidate :)

It will be possible to add custom validation on any operations (HTTP GET, HTTP PUT, HTTP DELETE). For example, you can check the parameter 'id' from GET operation like this :

public class CustomGetRepresentationQueryHandler : SimpleIdServer.Scim.Queries.GetRepresentationQueryHandler
{
    public CustomGetRepresentationQueryHandler(ISCIMSchemaQueryRepository scimSchemaQueryRepository, ISCIMRepresentationQueryRepository scimRepresentationQueryRepository, ILogger<GetRepresentationQueryHandler> logger) : base(scimSchemaQueryRepository, scimRepresentationQueryRepository, logger)
    {
    }

    public override Task<SCIMRepresentation> Handle(string id, GetSCIMResourceRequest parameter, string resourceType)
    {
        throw new SCIMSchemaViolatedException("error");
        return base.Handle(id, parameter, resourceType);
    }
}
services.Remove(services.First(s => s.ImplementationType == typeof(GetRepresentationQueryHandler)));
services.AddTransient<IGetRepresentationQueryHandler, CustomGetRepresentationQueryHandler>();

We will keep you inform when the pre-release candidate will be published.

KR,

SID

alexander-durovich-swi commented 1 year ago

Hello,

Ok, thank you very much!

Best Regards, Alex

simpleidserver commented 1 year ago

The release 3.0.5-rc1 is published. It contains the following features : https://github.com/simpleidserver/SimpleIdServer/projects/56

alexander-durovich-swi commented 1 year ago

Hello,

Ok, thank you very much!

Best Regards, Alex