Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10468

500 internal error when Referer header not provided with OAuth

    Details

      Description

       

      Without Referer: 

      $ curl 'http://openidm.example.com:8080/openidm/managed/user/6cb583ce-6d76-4b58-b43d-4ba0428f40ee' -H 'Content-Type: application/json' -H 'X-OpenIDM-OAuth-Login: true' -H 'X-OpenIDM-DataStoreToken: '$token -X PATCH -d '[{ "operation" : "replace", "field" : "/givenName", "value" : "test.0.1" }]' | jq .  
      {
        "code": 500,
        "reason": "Internal Server Error",
        "message": "TypeError: Cannot call method \"toString\" of null",
        "detail": {
          "failureReasons": [
            {
              "exception": "TypeError: Cannot call method \"toString\" of null"
            }
          ]
        },
        "cause": {
          "message": "TypeError: Cannot call method \"toString\" of null"
        }
      }

       With Referer:

      $ curl 'http://openidm.example.com:8080/openidm/managed/user/6cb583ce-6d76-4b58-b43d-4ba0428f40ee' -H 'Content-Type: application/json' -H 'X-OpenIDM-OAuth-Login: true' -H 'X-OpenIDM-DataStoreToken: '$token -X PATCH -d '[{ "operation" : "replace", "field" : "/givenName", "value" : "test.0.1" }]' -H 'Referer: http://openidm.example.com:8080' | jq .
      {
        "_id": "6cb583ce-6d76-4b58-b43d-4ba0428f40ee",
        "_rev": "3",
        "displayName": "test.0 last.0",
        "givenName": "test.0.1",
        "mail": "test0@example.com",
        "sn": "test.mod.0",
        "userName": "test.0",
        "kbaInfo": [],
        "accountStatus": "active",
        "lastChanged": {
          "date": "2018-03-16T01:27:43.190Z"
        },
        "effectiveRoles": [],
        "effectiveAssignments": []
      }
      
      

      Cause: 'referer' not checked for null in amSessionCheck.js

        Attachments

          Activity

            People

            • Assignee:
              alin Alin Brici
              Reporter:
              patrickdiligent patrick diligent
              QA Assignee:
              Alexander Dracka
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: