SCIM POST /Users/.search Error 500 with invalid 'count' property

[LazaroOnline]

POST /Users/.search returns error 500 with an invalid count parameter. Example body:

{ "count": -1 }

SimpleIdServer\src\Scim\SimpleIdServer.Scim\Extensions\SCIMRepresentationExtensions.cs line 77

if (attribute.TryContainsGroupingExpression(out SCIMComplexAttributeExpression complexAttributeExpression))

EXCEPTION: MySqlConnector.MySqlException SearchRepresentationsQueryHandler.cs:line 59

var result = await _scimRepresentationQueryRepository.FindSCIMRepresentations(new SearchSCIMRepresentationsParameter(
...

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1 OFFSET 0
) AS `t0`
LEFT JOIN `SCIMRepresentationAttributeLst` AS `s0` ON `t' at line 10

   at MySqlConnector.Core.ServerSession.ReceiveReplyAsyncAwaited(ValueTask`1 task) in /_/src/MySqlConnector/Core/ServerSession.cs:line 962
   at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /_/src/MySqlConnector/Core/ResultSet.cs:line 43
   at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 130
   at MySqlConnector.MySqlDataReader.CreateAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary`2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 468
   at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(IReadOnlyList`1 commands, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 56
   at MySqlConnector.MySqlCommand.ExecuteReaderAsync(CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 344
   at MySqlConnector.MySqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 337
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken)
   at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
   at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable`1 source, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable`1 source, CancellationToken cancellationToken)
   at SimpleIdServer.Scim.Persistence.EF.Extensions.EFSCIMExpressionLinqExtensions.BuildResult(IQueryable`1 representations, SCIMDbContext dbContext, IEnumerable`1 includedAttributes, IEnumerable`1 excludedAttributes, Int32 total, CancellationToken cancellationToken)
   at SimpleIdServer.Scim.Persistence.EF.EFSCIMRepresentationQueryRepository.FindSCIMRepresentations(SearchSCIMRepresentationsParameter parameter, CancellationToken cancellationToken)
   at SimpleIdServer.Scim.Queries.SearchRepresentationsQueryHandler.Handle(SearchSCIMResourceParameter searchRequest, String resourceType, CancellationToken cancellationToken) in C:\SimpleIdServer\src\Scim\SimpleIdServer.Scim\Queries\SearchRepresentationsQueryHandler.cs:line 59
   at SimpleIdServer.Scim.Api.BaseApiController.InternalSearch(SearchSCIMResourceParameter searchRequest, CancellationToken cancellationToken) in C:\SimpleIdServer\src\Scim\SimpleIdServer.Scim\Api\BaseApiController.cs:line 370

Tested in the current latest of "SimpleIdServer.Scim" v4.0.7

[simpleidserver]

This issue will be fixed in the Release 4.0.8.

[simpleidserver]

This issue has been resolved in the master branch. When a negative value is passed, it is interpreted as "0"

[LazaroOnline]

Tested in the latest master branch, it now returns 200 Ok. Thanks a lot for the quick support!