search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
746 stars 724 forks source link

Null pointer exception when attempting to create group with name "Internal/abcd" #19840

Closed Lakshan-Banneheke closed 7 months ago

Lakshan-Banneheke commented 7 months ago

Describe the issue: A null pointer exception is thrown in the server when attempting to create group with name "Internal/abcd". Seems like group names with the keyword "Internal/" are handled separately (In IS 6.1.0, creating a group with name "Internal/abcd" creates a role with the name "abcd").

[2024-02-26 12:48:16,163] [db72b3a2-cbe1-4888-ad7d-ab05a9858b02] ERROR {org.wso2.carbon.tomcat.ext.valves.CompositeValve} - Could not handle request: /t/carbon.super/scim2/Groups java.lang.NullPointerException
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.isAnInternalRole(AbstractUserStoreManager.java:11144)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.handlePreAddRoleWithID(AbstractUserStoreManager.java:15852)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addGroup(AbstractUserStoreManager.java:17258)
    at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.createGroup(SCIMUserManager.java:2668)
    at org.wso2.charon3.core.protocol.endpoints.GroupResourceManager.create(GroupResourceManager.java:159)
    at org.wso2.carbon.identity.scim2.provider.resources.GroupResource.processRequest(GroupResource.java:450)
    at org.wso2.carbon.identity.scim2.provider.resources.GroupResource.createGroup(GroupResource.java:260)

Furthermore, a 200 response is received when this operation is done as well, even though there is an internal server error.

How to reproduce: Go to groups page and try to create a group with name "Internal/abcd"

Expected behavior: The previous behaviour in IS 6.1 where a role is created with name "abcd" when a group with name "Internal/abcd" is created should not be present in IS 7 as per discussion with @ashensw . However, the following needs to be fixed.

  1. An internal server error should not be thrown.
  2. A 200 response should not be sent to the user.
  3. An appropriate error response indicating that the "Internal/" should not be used for the group name should be sent to the user.
  4. There should be frontend and api level validation to prevent creating a group with name "Internal/".

Environment information (Please complete the following information; remove any unnecessary fields) :

UdeshAthukorala commented 7 months ago