search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

[SCIM2] type sub-attribute of member attribute is not validated when creating a Group with members #10972

Closed AnjanaSamindraPerera closed 3 years ago

AnjanaSamindraPerera commented 3 years ago

Describe the issue: As specified in the [1] "type" sub-attribute of the "members" attribute needs canonical values as User, Group but the existing implementation accepts any value as "type" without validation when sending a post request to Groups endpoint. Screenshot from 2021-01-15 14-12-05

How to reproduce: 1.Create 2 users with userName 'samindra' and 'lawyers-new9'. 2.Create a group using the below data and send a post request to https://localhost:9443/scim2/Groups API. 

{
  "displayName": "lawyers-new16",
  "members": [
    {
      "display": "lawyers-new9",
      "type":"UnsupporteedType"
    },{
        "display":"samindra",
        "value": "17712b98-3957-48cd-bc49-c4559df817b3"
    }
  ]
}

Expected behavior: If a unsupported type provided in the request body other than the specified canonical types '400 - Unsupported "type" provided' should be given as the response.

Environment information:

References: [1]https://tools.ietf.org/html/rfc7643#page-26

AnuradhaSK commented 3 years ago

Nipun Thilakshan will work on this

nipunthilakshan commented 3 years ago

I'll be working on this