Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace op with value of empty object results in circular reference #489

Closed
blairlunceford opened this issue Sep 18, 2023 · 1 comment · Fixed by #527
Closed

Replace op with value of empty object results in circular reference #489

blairlunceford opened this issue Sep 18, 2023 · 1 comment · Fixed by #527
Assignees
@thomaspoignant

Comments

@blairlunceford
Copy link

Describe the bug
We've seen Azure AD SCIM send replace operations with an empty object in the value field:

{
  op: 'replace',
  path: 'phoneNumbers[type eq "work"].value',
  value: {},
}

They sometimes send this operation when there isn't a multi-valued attribute of that type. When this happens, the scim-patch library applies the update in a way that introduces a circular reference to the resource object. This causes errors when we call JSON.stringify on the resource object.

To Reproduce

const scimPatch = require("scim-patch")
const assert = require("assert")

const resource = {
   phoneNumbers: [
    {
      type: 'mobile',
      value: '7865439908',
    },
  ],
}

const operation = {
  op: 'replace',
  path: 'phoneNumbers[type eq "work"].value',
  value: {},
}

const expected = {
  phoneNumbers: [
    {
      type: 'mobile',
      value: '7865439908',
    },
    {
      type: 'work',
      value: {},
    },
  ],
}

const patchedResource = scimPatch.scimPatch(resource, [operation], { mutateDocument: false, treatMissingAsAdd: true },)

assert.deepStrictEqual(patchedResource, expected)

console.log(patchedResource);
=> {
      phoneNumbers: [
        { type: 'mobile', value: '7865439908' },
        { type: 'work', value: [Circular *1] }
      ]
    }

Expected behavior
We would expect operations to be applied to resources in a way that doesn't introduce a circular reference in the object. Though, admittedly, this update is a bit strange from Azure AD SCIM (the value should be a string here I believe, and this only seems to happen with an empty object).

Additional context
We wanted to flag this in the upstream library. We're currently looking at workarounds on our end to either edit the resource before sending it to the library, or checking for circular references when we get the resource from the library.
@blairlunceford blairlunceford changed the title Specific replace op results in circular reference Replace op with value of empty object results in circular reference Sep 18, 2023
@thomaspoignant thomaspoignant mentioned this issue Oct 23, 2023
Merged
5 tasks
@thomaspoignant
Copy link
Owner

thomaspoignant commented Oct 23, 2023
edited

Hey @blairlunceford thanks for your report, I will release a version 0.8.0 today containing the fix for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thomaspoignant thomaspoignant

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix Replace op with value of empty object results in circular reference thomaspoignant/scim-patch
2 participants
@thomaspoignant @blairlunceford