Don't miss out Virtual Happy Hour this Friday (April 26).

Try our conversational search powered by Generative AI!

AI OnAI Off

[ProfileAPI] Error with profile created by PUT with non-existing profileID that follows "0-9,A-Z,a-z,- character" rule

Found in

EPiServer.Profiles 1.4.0

Fixed in

EPiServer.Profiles.Client 1.6.0

(Or a related package)

Created

Apr 20, 2018

Updated

Sep 18, 2018

State

Closed, Fixed and tested

Description

Customers can create a profile with a new profileID using a PUT request. For example,

 https://profilesapi/api/v1.0/Profiles/new-profile-ID

New-profile-ID has to only follow the rule "0-9,A-Z,a-z,- character". So, customers can create a new profileID with a hyphen only, or a new profileID that is a very long string.

Some bugs in that process are listed below.

Expected:

  • Do not allow customers to create new profileID by themselves. ProfileId should be generated automatically by server.
  • OR
    Add more rules for creating a profileID.

Scenario 1:

  • 1. Send Put request to create a new Profile with profileID is "--------------------------------------------------------------------------"
    R1: 201 Created
  • 2. Query to get created profile by: 

    /Profiles/?$filter=profileID eq

    --------------------------------------------------------------------------
    R2: 500 Internal Server Error

Scenario 2:

  • 1. Send Put request to create a new Profile with profileID that has 260 characters (called ProfileID260Character) and body that has all data (name, visit, company, email, phone, mobile...)
    R1: 201 Created
  • 2. Query to get this profile by: /Profiles/?$filter=ProfileID eq ProfileID260Character
    (replace ProfileID260Character by the real ID that is created in step 1)
    R2: 200 OK but body is {"items":[],"total":0,"count":0}
  • 3. Go to Insight
    R3: Created profile in step 1 is displaying
  • 4. Select this profile to view profile details
    R4:
    + Identity, Name, Location, Phone, Last Seen are empty
    + Email, Mobile, Visits are Unknown

Scenario 3:

  • 1. Send Put request to create a new Profile with profileID that has more than 260 characters
    such as 

https://profilesapi/api/v1.0/Profiles/Anprofile-without-spceprofileID-without-121without-sp2aceprofileID-w1ithout-spaceprofileID-without-spaceprofileID-without-spaceprofileID-without-spaceprofileID-w-without--without-spaceprofileID-without-spacepr1234ofileID-without-spaceprofileID-1989699849849abcend

R1: 400 Bad request
Response body:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid URL</h2>
<hr><p>HTTP Error 400. The request URL is invalid.</p>
</BODY></HTML>