Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12144

getSessionInfo endpoint _fields parameter doesn't work

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 14.1.1, 14.5.1
    • Fix Version/s: 6.0.0, 14.1.2, 5.5.2
    • Component/s: rest, session
    • Labels:
    • Target Version/s:
    • Sprint:
      AM Sustaining Sprint 46, AM Sustaining Sprint 47
    • Story Points:
      3
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When using the /sessions endpoint with the getSessionInfo action, specifying _fields to restrict the fields being returned in the call has has no effect.

      How to reproduce the issue

      This can be demonstrated/reproduced via the API explorer, entering values in the _fields parameter.

      1. Obtain a session token via the /authenticate rest endpoint (make note of the value)
      2. Log in to the admin console 
      3. Click API explorer
      4. Click on the /sessions endpoint
      5. Under the "Sessions v2.0", select "/sessions#2.0_action_getsessioninfo"
      6. For tokenId, enter the value obtained from the authentication in step 1
      7. in the _fields parameter specify: "username,maxIdleExpirationTime"
      8. Click "Try it out!"
      9. Verify that the response body contains ALL fields and is not restricted

      To ensure this isn't something in the XIU, also tested via curl:

      curl -X POST \
      'http://id.example.com:8080/am/json/realms/root/realms/customers/sessions?tokenId=vDnEIEcH9tF_2P-jqXUR0E6Y9d0.AAJTSQACMDEAAlNLABxtZStVcmxFc09rMVJIS210aGpkd0dzT0xLWlU9AAJTMQAA&_fields=username%2CmaxIdleExpirationTime&_action=getSessionInfo' \
      -H 'cache-control: no-cache' \
      -H 'content-type: application/json'

      Expected behaviour
      Returned fields are restricted to those specified in the _fields parameter
      
      Current behaviour
      ALL fields are returned
      

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                bradley.tarisznyas Brad Tarisznyas
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: