Bug #33: Service Line Field Accepts Non existing random ID Without Validation - aKinderWellness Testing and Quality analysis - Redmine

Actions

Copy link

Bug #33

closed

Service Line Field Accepts Non existing random ID Without Validation

Added by Vivek Kumar about 1 month ago. Updated 30 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Start date:

03/21/2026

Due date:

% Done:

100%

Estimated time:

Spent time:

1:00 h

Description

The serviceLine field in the organization update API accepts arbitrary values (Non existinng random IDs) without proper validation or verification against existing records.

Steps to Reproduce:

Send request to POST https://api.akinderwellness.com:4001/api/organizations/update
Modify the serviceLine parameter:
serviceLine = random_non_existing_id (e.g., 68c3f959d0742f0f57243221, 68c3f959d0742f0f50d0d0d3 )
Send the request

Expected Result:
API should:

Verify that the serviceLine exists
Reject invalid IDs

Actual Result:
Any valid ObjectId format is accepted
No verification of existence is performed
Request succeeds

Suggested Fix:
Validate that serviceLine exists before updating
Return error if ID is invalid:Invalid serviceLine ID
Enforce strict reference validation at backend level

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

aKinderWellness Testing and Quality analysis

Custom queries

Bug #33

Service Line Field Accepts Non existing random ID Without Validation

Updated by Adhi Narayanan about 1 month ago

Updated by Vivek Kumar 30 days ago