Rejecting request when submitting arbitrary data on Registration
DamirSvrtan opened this issue · comments
The specification states:
If the post contains a field that is disabled or not defined by the developer, the library MUST reject the request with an error. We do not allow arbitrary data to be posted to an account's custom data object.
However, the TCK always submits the fields for registration in the following format:
{
"email"=>"fooemail-0daeb1a6-a4ef-4b35-8ab0-0188023449e1@stormpath.com",
"password"=>"[FILTERED]",
"givenName"=>"GivenName-0daeb1a6-a4ef-4b35-8ab0-0188023449e1",
"surname"=>"Surname-0daeb1a6-a4ef-4b35-8ab0-0188023449e1",
"user"=>{
"email"=>"fooemail-0daeb1a6-a4ef-4b35-8ab0-0188023449e1@stormpath.com",
"password"=>"[FILTERED]",
"givenName"=>"GivenName-0daeb1a6-a4ef-4b35-8ab0-0188023449e1",
"surname"=>"Surname-0daeb1a6-a4ef-4b35-8ab0-0188023449e1"
}
}
The data is kind of duplicated -> all the information is repeated twice, once in the root of the json hash, once namespaced with 'user'. The user hash seems arbitrary. I can easily filter that out, but just want to be clear on what the specification is.
Sorry, this seems Rails specific, closing the issue.