Actions
Bug #69
closedMissing Input Validation Across Multiple Fields (Add Partner API) (Web-API)
Status:
Closed
Priority:
Normal
Assignee:
-
Description
The API lacks proper input validation and accepts invalid, malformed, and excessively long data across multiple fields.
Steps to Reproduce:
- Send a POST request to /api/partners/add
- Provide invalid or malformed values in all fields
- Observe that the API accepts the request without validation errors
ACTUAL RESULT
The fields don't have proper validation in API. Below are the validation issues:
- first_name: No length validation
- last_name: No length validation
- email: No format validation and length validation
- password: No length validation
- secondary_password: No validation
- website: No URL format validation
- address: No length validation
- address2: No length validation
- role: No validation
- role_type: No validation against valid database values (Accepts arbitrary valid but non existing Mongo db object id)
- city: No validation
- state: No validation against allowed values
- zip: No format or length validation
- phone: No format or length validation
- assignedOutlets: No validation against valid database values
Expected Result
The API must validate all the fields and their format.
Actions