Project

General

Profile

Actions
Copy link

Bug #33

closed

Service Line Field Accepts Non existing random ID Without Validation

Added by Vivek Kumar about 1 month ago. Updated 29 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
03/21/2026
Due date:
% Done:

100%

Estimated time:
Spent time:
1:00 h

Description

The serviceLine field in the organization update API accepts arbitrary values (Non existinng random IDs) without proper validation or verification against existing records.

Steps to Reproduce:

  1. Send request to POST https://api.akinderwellness.com:4001/api/organizations/update
  2. Modify the serviceLine parameter:
  3. serviceLine = random_non_existing_id (e.g., 68c3f959d0742f0f57243221, 68c3f959d0742f0f50d0d0d3 )
  4. Send the request

Expected Result:
API should:

  • Verify that the serviceLine exists
  • Reject invalid IDs

Actual Result:
Any valid ObjectId format is accepted
No verification of existence is performed
Request succeeds

Suggested Fix:
Validate that serviceLine exists before updating
Return error if ID is invalid:Invalid serviceLine ID
Enforce strict reference validation at backend level

Actions
Copy link
 #1

Updated by Adhi Narayanan about 1 month ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #2

Updated by Vivek Kumar 29 days ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF