search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

Handle error gracefully in Scim2 patch op with large claim value #16900

Closed Yoshani closed 1 week ago

Yoshani commented 1 year ago

Describe the Issue: The following error was observed when a Scim2 patch op with large claim value is executed. Large claim values result in 500 error

TID: [334] Tenant: [XXXX] [2023-09-15 08:37:17,259] [20230915T083716Z-pr0kys8q5d70p60d3f0m8w2nqg00000002v000000001xepr] : iam-cloud-carbon : ERROR {org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager} - Error while updating attributes of user: DEFAULT/**** org.wso2.carbon.user.core.UserStoreException: Error occurred while updating string values to database.
 at org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager.updateProperties(UniqueIDJDBCUserStoreManager.java:2854) ~[org.wso2.carbon.user.core_4.9.12.jar:?]
 at org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager.doSetUserAttributesWithID(UniqueIDJDBCUserStoreManager.java:1892) ~[org.wso2.carbon.user.core_4.9.12.jar:?]
 at org.wso2.carbon.user.core.common.AbstractUserStoreManager.doSetUserClaimValuesWithID(AbstractUserStoreManager.java:897) ~[org.wso2.carbon.user.core_4.9.12.jar:?]
 at org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager.doSetUserClaimValuesWithID(UniqueIDJDBCUserStoreManager.java:1866) ~[org.wso2.carbon.user.core_4.9.12.jar:?]
 at org.wso2.carbon.user.core.common.AbstractUserStoreManager.setUserClaimValuesWithID(AbstractUserStoreManager.java:13410) ~[org.wso2.carbon.user.core_4.9.12.jar:?]
 at org.wso2.carbon.user.core.common.AbstractUserStoreManager.setUserClaimValuesWithID(AbstractUserStoreManager.java:13345) ~[org.wso2.carbon.user.core_4.9.12.jar:?]
 at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.updateUserClaims(SCIMUserManager.java:5219) [org.wso2.carbon.identity.scim2.common_3.4.26.jar:?]
 at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.updateUser(SCIMUserManager.java:1266) [org.wso2.carbon.identity.scim2.common_3.4.26.jar:?]
 at org.wso2.charon3.core.protocol.endpoints.UserResourceManager.updateWithPATCH(UserResourceManager.java:712) [org.wso2.charon3.core_4.0.10.jar:?]
 at org.wso2.carbon.identity.scim2.provider.resources.UserResource.patchUser(UserResource.java:337) [classes/:?]
 at jdk.internal.reflect.GeneratedMethodAccessor873.invoke(Unknown Source) ~[?:?]
 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
 at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
...
Caused by: java.sql.BatchUpdateException: String or binary data would be truncated in table '***.dbo.UM_USER_ATTRIBUTE', column 'UM_ATTR_VALUE'. Truncated value: 'Lorem,ipsum,dolor,sit,amet,consectetur,adipiscing,elit,Sed,ut,faucibus,libero'.
 at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.executeBatch(SQLServerPreparedStatement.java:2116) ~[mssql-jdbc-10.2.1.jre11.jar:?]
 at jdk.internal.reflect.GeneratedMethodAccessor81.invoke(Unknown Source) ~[?:?]
 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
 at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
 at org.wso2.carbon.ndatasource.rdbms.CorrelationLogInterceptor$StatementProxy.invoke(CorrelationLogInterceptor.java:161) ~[org.wso2.carbon.ndatasource.rdbms_4.9.12.jar:?]
 at com.sun.proxy.$Proxy55.executeBatch(Unknown Source) ~[?:?]
 at jdk.internal.reflect.GeneratedMethodAccessor81.invoke(Unknown Source) ~[?:?]
 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
 at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
 at org.apache.tomcat.jdbc.pool.StatementFacade$StatementProxy.invoke(StatementFacade.java:118) ~[jdbc-pool_9.0.65.wso2v1.jar:?]
 at com.sun.proxy.$Proxy55.executeBatch(Unknown Source) ~[?:?]
 at org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager.updateProperties(UniqueIDJDBCUserStoreManager.java:2830) ~[org.wso2.carbon.user.core_4.9.12.jar:?]
 ... 61 more

Sample curl:

curl --location --request PATCH 'https://localhost:9443/scim2/Users/ffe59249-71d4-4c99-b4ae-f34b0a063813' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/scim+json' \
--data '{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp",
    "urn:scim:wso2:schema"
  ],
  "Operations": [
    {
      "op": "replace",
      "value": {
    "urn:scim:wso2:schema": {
        "entitlements": "Lorem,ipsum,dolor,sit,amet,consectetur,adipiscing,elit,Sed,ut,faucibus,libero,in,fermentum,risus,nec,porttitor,ante,Aenean,ut,ultricies,velit,Nullam,efficitur,vel,orci,eu,suscipit,Pellentesque,vitae,neque,id,quam,tincidunt,dignissim,Donec,ut,venenatis,ligula,Curabitur,commodo,placerat,lorem,et,feugiat,Vivamus,pulvinar,sapien,at,ultrices,malesuada,Mauris,aliquam,elit,in,lectus,pharetra,ac,Nunc,fermentum,pellentesque,suscipit,Proin,consequat,est,et,tortor,tempor,ultricies,Quisque,a,ex,sed,ligula,tincidunt,ultrices,Fusce,sit,amet,tellus,id,sem,placerat,efficitur,Fusce,non,mauris,in,mi,faucibus,tempor,Quisque,in,viverra,mauris,Curabitur,non,venenatis,arcu,Proin,mollis,suscipit,ante,in,ultricies,Quisque,nec,orci,id,ipsum,suscipit,cursus,Phasellus,in,hendrerit,elit,Duis,id,purus,quis,risus,consectetur,a,et,orci,Donec,tincidunt,neque,sed,aliquam,vehicula,Nulla,sit,amet,efficitur,sapien,Maecenas,viverra,velit,at,venenatis,Curabitur,porta,lectus,non,dignissim,Proin,sit,amet,urna,in,justo,fringilla,gravida,in,in,arcu,Proin,a,fermentum,sapien,Pellentesque,malesuada,vestibulum,diam,ac,pretium,Phasellus,et,fermentum,justo,Duis,laoreet,lectus,sit,amet,neque,sollicitudin,eu,Fusce,in,lorem,nec,sapien,ultricies,tincidunt,Quisque,eu,massa,eleifend,fermentum,vel,id,ante,Nullam,ac,pharetra,elit,et,fringilla,mi,Vivamus,condimentum,velit,in,euismod,Proin,id,sapien,in,dolor,lacinia,tempus,vel,non,libero,Duis,tincidunt,diam,sit,amet,turpis,tristique,vestibulum,Fusce,ac,fermentum,mi,Maecenas,venenatis,tincidunt,ante,sit,amet,fermentum,Morbi,aliquam,suscipit,massa,in,suscipit,Donec,augue,urna,dapibus,non,dictum,id,sapien,In,aliquet,massa,nec,mauris,mollis,scelerisque,Phasellus,gravida,leo,in,efficitur,efficitur,In,porttitor,tincidunt,quam,eu,tincidunt,Mauris,finibus,massa,in,tincidunt,aliquet,Nullam"
    }
      }
    }
  ]
}'

The DB error should be caught and a 400 should be thrown indicating that the limit has been exceeded.

isharak commented 1 week ago

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!