Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13160

PATCH may succeed although If-Match does not match _rev

    Details

      Description

      Reported on IDM 5.0.0, although reproducible on 6.5.0.

      In a PATCH replace of a field with the same / existing value, if "If-Match: 12345" is specified (some arbitrary number), the response includes "_rev": "12345" (the arbitrary number).
      The _rev of the object is actually not changed.

       

      TEST CASE:
      ------------

      1. IDM 6.5.0, with existing managed user:

      $ curl -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" "http://host1:8076/openidm/managed/user/82b19bf2-e3ec-4425-86cd-61dab1beb410" | jq .
      
      {
       "_id": "82b19bf2-e3ec-4425-86cd-61dab1beb410",
       "_rev": "00000000e2814900",
       "userName": "test1",
       "givenName": "test1-givenname",
       "sn": "test1-sn",
      ...

      2. PATCH replace a field with a different value, with arbitrary If-Match number. This fails with 412 Precondition Failed, because the object _rev does not match:

      (expected behaviour)

      $ curl -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" \
      -H "Content-type: application/json" -X PATCH \
      -H "If-Match: 12345" \
      -d '[{
       "operation":"replace",
       "field":"sn",
       "value":"foo"
       }]' \
      "http://host1:8076/openidm/managed/user/82b19bf2-e3ec-4425-86cd-61dab1beb410?_prettyPrint=true"
      
      {
       "code" : 412,
       "reason" : "Precondition Failed",
       "message" : "The resource could not be accessed because the expected version '12345' does not match the current version '00000000e2814900'"
      }

      The corresponding response on IDM 5.0.0 would be:

      {
       "code" : 412,
       "reason" : "Precondition Failed",
       "message" : "Update rejected as current Object revision is different than expected by caller, the object has changed since retrieval: Cannot UPDATE the record #12:0 because the version is not the latest. Probably you are updating an old record or it has been modified by another user (db=v2 your=v12345)"
      }

      3. But in a PATCH replace a field with the existing value, with arbitrary If-Match number...
      This appears to succeed although the object _rev does not match.
      The _rev in the response is the same as the arbitrary number in If-Match:

      $ curl -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" \
      -H "Content-type: application/json" -X PATCH \
      -H "If-Match: 12345" \
      -d '[{
       "operation":"replace",
       "field":"sn",
       "value":"test1-sn"
       }]' \
      "http://host1:8076/openidm/managed/user/82b19bf2-e3ec-4425-86cd-61dab1beb410?_prettyPrint=true"
      
      {
       "_id" : "82b19bf2-e3ec-4425-86cd-61dab1beb410",
       "_rev" : "12345",
       "userName" : "test1",
       "givenName" : "test1-givenname",
       "sn" : "test1-sn",
      ...

      Checking the managed object, nothing has changed, and the _rev is the same as before (the PATCH response above is misleading):

      $ curl -u openidm-admin:openidm-admin "http://host1:8076/openidm/managed/user/82b19bf2-e3ec-4425-86cd-61dab1beb410?_prettyPrint=true"
      {
       "_id" : "82b19bf2-e3ec-4425-86cd-61dab1beb410",
       "_rev" : "00000000e2814900",
       "userName" : "test1",
       "givenName" : "test1-givenname",
       "sn" : "test1-sn",
      ...

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                travis.haagen Travis Haagen
                Reporter:
                wei-yee.lum Wei-Yee Lum
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: