wso2-extensions / identity-inbound-provisioning-scim2

Apache License 2.0
8 stars 152 forks source link

Hardcoded policy errors #271

Open geve82 opened 4 years ago

geve82 commented 4 years ago

Description: Policy errors list is hardcoded in org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.handleErrorsOnUserNameAndPasswordPolicy(Throwable e)

Natively all username and password code are not managed. Developers can also add their own custom policies and errors code.

If an unknown error code is received a generic CharonException is thrown and a 500 is returned to the caller. {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Error while updating attributes of user: test","status":"500"} But in those cases it's a user mistake so a 4XX must be returned and an explicit error message must be sent back depending of the policy.

Suggestion: Create an error code range convention for user errors or a specific class exception to catch.

Suggested Labels: BUG

Affected Product Version: All

OS, DB, other environment details and versions:
N/A

Steps to reproduce: Create your own password policy and try a bad pattern.

Related Issues: N/A

ruwanta commented 4 years ago

There are few error codes and types defined in SCIM specification [1] What we can do is to have a error translator, to translate the given exception or error to the standard defined by SCIM.

SCIM allows the error detail to be more verbose and human readable.

So we could think of having translation mechanism to {ErrorCode, DcimType, Detail} tuple from internal exception or error

[1] https://tools.ietf.org/html/rfc7644#page-67