Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account recovery api v2 returns 500 when invalid channel id added in the request body in recovery api call. #21659

Open
Malith-19 opened this issue Nov 11, 2024 · 3 comments · May be fixed by wso2/identity-api-user#231
Open

Account recovery api v2 returns 500 when invalid channel id added in the request body in recovery api call. #21659

Malith-19 opened this issue Nov 11, 2024 · 3 comments · May be fixed by wso2/identity-api-user#231
Labels
Severity/Major Team/User & identity adminstration Type/Bug

Comments

@Malith-19
Copy link
Contributor

Describe the issue:
The account recovery v2 returns 500 status code when user set the invalid channel id in the request body of the /recovery/password/recover. This should return 400 since the issue is from the invalid request body.

How to reproduce:

  1. Try username/password init api call and get a recovery code for the recovery by following api call.
curl --location 'https://localhost:9443/api/users/v2/recovery/password/init' \
--header 'accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--data '{
  "claims": [
    {
      "uri": "http://wso2.org/claims/username",
      "value": "<username>"
    }
  ]
}'
  1. Then use an invalid channel id in the recovery api call.
curl --location 'https://localhost:9443/api/users/v2/recovery/password/recover' \
--header 'accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--data '{
  "recoveryCode": <recovery_code from the previous api call>,
  "channelId": <invalid channel id>
}'

Current behavior

{
    "code": "UAR-10004",
    "message": "Internal server error",
    "description": "Channel ID does not exist",
    "traceId": "455ba900-e59a-4398-9a94-cb85a4994581"
}
image

Expected behavior:
Status code should be changed to 400.

Environment information (Please complete the following information; remove any unnecessary fields) :

  • Product Version: 7.1.0-m3
  • OS: Mac
  • Database: [e.g., MySQL, H2]
  • Userstore: [e.g., LDAP, JDBC]

Optional Fields

Related issues:

Suggested labels:
@kumardeepak5
Copy link

hi @Malith-19
are you currently working on this issue? I’d like to contribute. Could you please confirm?

@Malith-19
Copy link
Contributor Author

Hi @kumardeepak5, No I'm not working on this issue and you can start working.

@kumardeepak5 kumardeepak5 linked a pull request Nov 20, 2024 that will close this issue
Open
@kumardeepak5
Copy link

Hi @Malith-19 , just a gentle reminder to review the related PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Severity/Major Team/User & identity adminstration Type/Bug
Projects
Identity Server 7.1.0
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for issue product-is/21659 kumardeepak5/identity-api-user
3 participants
@nilasini @Malith-19 @kumardeepak5