Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin recovery link returns 404 for an invalid request body #1664

Closed
gha opened this issue Aug 19, 2021 · 2 comments
Closed

Admin recovery link returns 404 for an invalid request body #1664

gha opened this issue Aug 19, 2021 · 2 comments
Assignees
@aeneasr

Comments

@gha
Copy link

gha commented Aug 19, 2021

Describe the bug

The admin /recovery/link endpoint returns a 404 not found if the JSON body contains invalid properties. It should return a 400 bad request in this case.

I encountered this when accidentally giving the identity_id property as just identity

Reproducing the bug

Steps to reproduce the behavior:

curl --request POST
--url http://localhost:4434/recovery/link
--header 'Content-Type: application/json'
--data '{
"expires_in": "12h",
"identity": "abcd-1234"
}'

Server logs

Server configuration

version: v0.4.6-alpha.1

serve:
  public:
    base_url: http://127.0.0.1:4433/
    cors:
      enabled: true
  admin:
    base_url: http://kratos:4434/

selfservice:
  default_browser_return_url: http://127.0.0.1:4455/
  whitelisted_return_urls:
    - http://127.0.0.1:4455

  methods:
    password:
      enabled: true
    link:
      enabled: true

  flows:
    error:
      ui_url: http://127.0.0.1:4455/error

    settings:
      ui_url: http://127.0.0.1:4455/settings
      privileged_session_max_age: 15m

    recovery:
      enabled: true
      ui_url: http://127.0.0.1:4455/recovery

    verification:
      enabled: false

    logout:
      after:
        default_browser_return_url: http://127.0.0.1:4455/auth/login

    login:
      ui_url: http://127.0.0.1:4455/auth/login
      lifespan: 10m

    registration:
      lifespan: 10m
      ui_url: http://127.0.0.1:4455/

identity:
  default_schema_url: file:///etc/config/kratos/identity.schema.json

Expected behavior

I would expect a 400 bad request possibly with any missing or invalid fields

Environment

  • Version: v0.7.1-alpha.1
  • Environment: Docker
@aeneasr
Copy link
Member

aeneasr commented Aug 19, 2021

Nice find, PRs welcomed :) The 404 happens because the identity is not found (because it is empty)

@gha
Copy link
Author

gha commented Aug 19, 2021

If I can find time I'll push a PR for this 🤞

@aeneasr aeneasr self-assigned this Feb 24, 2022
aeneasr added a commit that referenced this issue Feb 24, 2022
@aeneasr
fix: return 400 instead of 404 on admin recovery
27891c2 
Closes #1664
aeneasr added a commit that referenced this issue Feb 25, 2022
@aeneasr
fix: return 400 instead of 404 on admin recovery
5dc0313 
Closes #1664
aeneasr added a commit that referenced this issue Feb 26, 2022
@aeneasr
fix: return 400 instead of 404 on admin recovery
113168b 
Closes #1664
peturgeorgievv pushed a commit to senteca/kratos-fork that referenced this issue Jun 30, 2023
@aeneasr
fix: return 400 instead of 404 on admin recovery
f4505a9 
Closes ory#1664
@constantoine constantoine mentioned this issue Mar 25, 2024
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeneasr @gha