Skip to content

Patch validation errors are swallowed (defaults to ScimErrorInvalidValue) #186

New issue
New issue
Open
#187
Open
Patch validation errors are swallowed (defaults to ScimErrorInvalidValue)#186
#187
@Achooo

Description

@Achooo
Achooo
opened on Apr 22, 2025

Issue

Patch validation errors get swallowed up to ScimErrorInvalidValue here:

scim/resource_type.go

Lines 158 to 160 in 172bf2a

value, err := validator.Validate()
if err != nil {
return nil, &errors.ScimErrorInvalidValue

Example

Hence, the ScimType for errors upon patch validation is not always respected, for example:

    { "schemas":
           ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
         "Operations":[
           {
            "op":"remove",
            "path":"",
            "value":"newusername"
           }]
    }

In this example, a remove path must be provided and as per the RFC and we should return a scimType of noTarget:

If "path" is unspecified, the operation fails with HTTP status code 400 and a "scimType" error code of "noTarget".

Although the code does actually do this validation here

scim/internal/patch/remove.go

Lines 15 to 20 in 172bf2a

if v.Path == nil {
return nil, &errors.ScimError{
ScimType: errors.ScimTypeNoTarget,
Status: http.StatusBadRequest,
}
}
, it gets swallowed in validatePatch.

The same issue is seen for other validations (e.g. sometimes a SyntaxError is swallowed).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions