Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-16054

Patch validation does not apply onRetrieve script first

    XMLWordPrintable

    Details

    • Story Points:
      2
    • Sprint:
      2021.1 - IDM
    • Support Ticket IDs:

      Description

      When using onRetrieve and onStore scripts to marshal a string DS field to/from a boolean managed object, policy validation is failed when a different attribute is removed.

      i.e.
      User state in DS before:

      fr-idm-uuid: abcd1234-...
      boolAttr: TRUE
      numberAttr: 123
      

      managed.json:

      {
                          "boolField" : {
                              "deleteQueryConfig" : false,
                              "description" : "A boolean field, stored as a string",
                              "isPersonal" : false,
                              "isVirtual" : false,
                              "searchable" : true,
                              "title" : "isSet",
                              "type" : "boolean",
                              "usageDescription" : null,
                              "userEditable" : false,
                              "viewable" : true,
                              "onRetrieve" : {
                                  "type" : "text/javascript",
                                  "globals" : { },
                                  "source" : "var result = (property === \"TRUE\" || property === true ) ? true : false;\nresult;"
                              },
                              "onStore" : {
                                  "type" : "text/javascript",
                                  "globals" : { },
                                  "source" : "var result = (property === true || property === 'TRUE' ) ? 'TRUE' : 'FALSE';\nresult;"
                              }
                          },
      }
      

      Patch:

      {
        "op": "remove",
        "path": "/numberField"
      }
      

      Result in logs:

      failedPolicyRequirements: [
        {
          policyRequirements: [
            {
              params: {
                invalidType: "string"           
                validTypes: [1]           
              }
              policyRequirement: "VALID_TYPE"          
            }
          ]
          property: "boolField"        
        }
      ]
      

      Code Analysis

      This seems to have become a problem since OPENIDM-15687 introduced whole-object validation when a value is removed, which results in checking the whole object's values. However, in a patch the onRetrieve hook has not been run to do any conversions from what is stored in the user repository.

      Possible fix:

      diff --git a/openidm-managed/src/main/java/org/forgerock/openidm/managed/ManagedObjectSet.java b/openidm-managed/src/main/java/org/forgerock/openidm/managed/ManagedObjectSet.java
      index feb4b76222..df60e21bcd 100644
      --- a/openidm-managed/src/main/java/org/forgerock/openidm/managed/ManagedObjectSet.java
      +++ b/openidm-managed/src/main/java/org/forgerock/openidm/managed/ManagedObjectSet.java
      @@ -1382,6 +1382,7 @@ public class ManagedObjectSet implements CollectionResourceProvider, ScriptListe
               ResourceResponse resource =
                       readResource(addRelationshipSchemaContext(context, schema, fields),
                               repoId(resourceId));
      +        onRetrieve(context, request, resourceId, resource);
               return patchResource(context, request, resource, revision, patchOperations);
           }
       
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              jamesphillpotts James Phillpotts
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: