You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The /ids/Users endpoint allows passing a SCIM filter as a URL parameter. For validating this filter string, the value is parsed and subsequently traversed recursively, checking each clause for validity.
When handling clauses joined by the operator or or and, we saw that an OR-operator is used for combining the validation result of the left-hand side and the right-hand-side of the expression (see
If the RHS of the expression is valid (i.e., checkFilter returned true for it) while the LHS is invalid (i.e., checkFilter returned false for it), the method will return true for the joined expression.
Instead, the two clauses should be combined by using an AND operator, so that both clauses are required to be valid.
If the current state of the code is however correct, this shall be made clear in the comments of the code.
The text was updated successfully, but these errors were encountered:
The /ids/Users endpoint allows passing a SCIM filter as a URL parameter. For validating this filter string, the value is parsed and subsequently traversed recursively, checking each clause for validity.
When handling clauses joined by the operator
or
orand
, we saw that an OR-operator is used for combining the validation result of the left-hand side and the right-hand-side of the expression (seeuaa/server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java
Line 123 in d962dd6
If the RHS of the expression is valid (i.e.,
checkFilter
returnedtrue
for it) while the LHS is invalid (i.e.,checkFilter
returnedfalse
for it), the method will returntrue
for the joined expression.Instead, the two clauses should be combined by using an AND operator, so that both clauses are required to be valid.
If the current state of the code is however correct, this shall be made clear in the comments of the code.
The text was updated successfully, but these errors were encountered: