Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filtering roles with special characters give 500 error response #21776

Closed
piraveena opened this issue Nov 21, 2024 · 1 comment · Fixed by wso2/carbon-identity-framework#6440
Closed

Filtering roles with special characters give 500 error response #21776

piraveena opened this issue Nov 21, 2024 · 1 comment · Fixed by wso2/carbon-identity-framework#6440
Assignees
@AfraHussaindeen
Labels
Severity/Major Team/User & identity adminstration Type/Bug

Comments

@piraveena
Copy link
Contributor

piraveena commented Nov 21, 2024
edited
Loading

Describe the issue:
Filtering roles with special characters give 500 error response
How to reproduce:

  1. login to console
  2. User management > Roles
  3. and filter roles with Contains OR or Contains AND or filtering with any other special character gives error
    API Request:
https://api.asgardeo.io/t/test/scim2/v2/Roles?count=10&excludedAttributes=users,groups,permissions,associatedApplications&filter=audience.value+ne+fad83b69-ff3e-4d5b-bdf4-46d2a20b8deb+and+displayName+co+and&startIndex=0

API Response:

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "detail": "Error occurred while listing roles based on the search filter: audienceId ne fad83b69-ff3e-4d5b-bdf4-46d2a20b8deb and name co and",
    "status": "500"
}
Screenshot 2024-11-21 at 14 30 45

Expected behavior:

Environment information (Please complete the following information; remove any unnecessary fields) :

  • Product Version: [e.g., IS 5.10.0, IS 5.9.0]
  • OS: [e.g., Windows, Linux, Mac]
  • Database: [e.g., MySQL, H2]
  • Userstore: [e.g., LDAP, JDBC]

Optional Fields

Related issues:

Suggested labels:
@AfraHussaindeen AfraHussaindeen self-assigned this Feb 3, 2025
@AfraHussaindeen AfraHussaindeen moved this to In Progress in Identity Server 7.1.0 Feb 5, 2025
@AfraHussaindeen AfraHussaindeen mentioned this issue Feb 5, 2025
Closed
@AfraHussaindeen
Copy link
Contributor

AfraHussaindeen commented Feb 6, 2025
edited
Loading

Analysis

Upon calling the GET /scim2/v2/Roles API with filtering option, the listWithGETRole() method is executed, leading to the creation of a Node associated with the filter (Node creation). The FilterTreeManager class is then used to build the filter tree, where the logic (Filter Processing) processes the filter string and generates an intermediate filter expressions list (tempTokenList).

For example, if the filter string is audienceId ne test and displayName co or, the tempTokenList will be ["audienceId ne test", "and", "displayName co", "or"]. Subsequently, another logic step (Final Token List Generation) converts this into the final filter expressions list(tokenList) as ["audienceId ne test", "and", "displayName co or"], ensuring proper expression generation for processing.

Next, the listRolesWithGET() method is invoked, which internally invokebuildSearchFilter(), which constructs and returns the search filter string ("audienceId ne test and displayName co or") to the role service layer (SCIMRoleManagerV2.java#L498).

Within the role service layer, getExpressionNodes() is called, utilizing the FilterTreeBuilder class to construct the filter tree.

The root cause of the internal server error occurs at this stage. Within FilterTreeBuilder.java, the filter expression list(token list) remains unchanged: ["audienceId ne test", "and", "displayName co", "or"] as no additional processing is defined to handleand andor correctly when it is expected to be value string.
Hence, when the system attempts to build the filter tree, it fails leading to an exception.

To resolve this issue, two possible solutions are available:

@AfraHussaindeen AfraHussaindeen mentioned this issue Feb 6, 2025
Merged
19 tasks
@github-project-automation github-project-automation bot moved this from In Progress to Done in Identity Server 7.1.0 Feb 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AfraHussaindeen AfraHussaindeen

Labels
Severity/Major Team/User & identity adminstration Type/Bug
Projects
Identity Server 7.1.0
Status: Done
Milestone
No milestone
3 participants
@piraveena @nilasini @AfraHussaindeen