scim icon indicating copy to clipboard operation
scim copied to clipboard

Published 20 hours ago verified publisher icon elimity-com

Schema ID is not validated on resource creation

Open icamys opened this issue 11 months ago • 2 comments

I've noticed that if the client sends a resource creation request with an invalid schema, it reaches the HTTP handler:

{
    "schemas":["urn:ietf:params:scim:invalid:schema"],
    "userName":"[email protected]"
}

Considering that schema and its extensions are attached to the resource on server creation, should any schema name validation be present? If so, then I'll be happy to implement this validation.

icamys avatar Mar 18 '24 14:03 icamys

We should indeed check this and not just ignore it, this is a bug. By default we do ignore all fields that are not defined within the schema, but schemas is part of each schema be default.

q-uint avatar Mar 19 '24 14:03 q-uint

@q-uint I've prepared a fix for this. Is it ok if I create a PR after #169 is merged?

icamys avatar Mar 20 '24 10:03 icamys