Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid characters allowed in mobileNumber Field of /notifications/api/v1/orders Endpoint #619

Closed
2 tasks
Ahmed-Ghanam opened this issue Sep 26, 2024 · 3 comments
Closed
2 tasks

Invalid characters allowed in mobileNumber Field of /notifications/api/v1/orders Endpoint #619

Ahmed-Ghanam opened this issue Sep 26, 2024 · 3 comments
Labels
kind/bug Something isn't working

Comments

@Ahmed-Ghanam
Copy link
Contributor

Ahmed-Ghanam commented Sep 26, 2024
edited by olebhansen
Loading

Description

The POST /notifications/api/v1/orders endpoint does not properly handle invalid characters in the mobileNumber field. For example, submitting a value like "+47invalidChar" results in an internal server error (500) without providing a meaningful error message to the user.

Steps to Reproduce

  1. Send a POST request to the /notifications/api/v1/orders endpoint with a mobileNumber field containing invalid characters (e.g., "+47invalidChar").
  2. Observe that the API responds with an internal server error (500) instead of rejecting the request with a meaningful validation error message.

Example Request:

{
    "notificationChannel": "Sms",
    "smsTemplate": {
        "senderNumber": "+4746269164",
        "body": "Hei, Du har en ny melding i Altinn."
    },
    "sendersReference": "907c8054-b2cc-4dca-b4df-c95b89860762",
    "recipients": [
        {
            "mobileNumber": "+47invalidChar"
        }
    ]
}

Expected Behavior

The API should validate the mobileNumber field to ensure it adheres to valid international phone number format standards. If invalid characters are submitted, the API should reject the request with a descriptive error message, such as "Invalid mobile number format," preventing further processing.

Suggested Fix

Introduce or improve input validation on the mobileNumber field to ensure it only accepts valid numeric characters following international phone number standards. When validation fails, return a clear and informative error message, rejecting the request before it reaches internal processing.

Acceptance criteria:

  • Validation-scheme documented at docs.altinn.studio
  • Failed validations give response-code 400 and a message (e.g. "mobileNumber format not adhering to...")
@Ahmed-Ghanam Ahmed-Ghanam added the kind/bug Something isn't working label Sep 26, 2024
@Ahmed-Ghanam Ahmed-Ghanam changed the title Invalid Characters Allowed in mobileNumber Field of /notifications/api/v1/orders Endpoint Invalid Characters allowed in mobileNumber Field of /notifications/api/v1/orders Endpoint Sep 26, 2024
@Ahmed-Ghanam Ahmed-Ghanam changed the title Invalid Characters allowed in mobileNumber Field of /notifications/api/v1/orders Endpoint Invalid characters allowed in mobileNumber Field of /notifications/api/v1/orders Endpoint Sep 27, 2024
@olebhansen
Copy link

Updating issue to be "adhere to validation standard + document this", to avoid confusion on permitted content. Feiled validations should give 400 and a sensible message.

See: https://altinn.slack.com/archives/C069J71UQCQ/p1727789663181299?thread_ts=1727703986.978639&cid=C069J71UQCQ

Skjønner, siste klarering da: Jeg får 400 bad request på visse telefonnumre og formater, kan du si hvilken standard dere bruker for å validere gyldige numre?
Ut ifra testingen min så virker det til å være E.164

@hggutvik hggutvik self-assigned this Oct 4, 2024
@hggutvik
Copy link
Contributor

hggutvik commented Oct 4, 2024

Our initial guess was correct - the 500 error results from the validation package not handling the letters
Image

@hggutvik hggutvik mentioned this issue Oct 7, 2024
Merged
5 tasks
@hggutvik hggutvik removed their assignment Oct 7, 2024
@SandGrainOne
Copy link
Member

Manual tests performed and changes approved.

@SandGrainOne SandGrainOne removed their assignment Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@olebhansen @SandGrainOne @hggutvik @Ahmed-Ghanam