Skip to content

Commit

Permalink
fix(rest.identity): fixed status codes and error messages for malform…
Browse files Browse the repository at this point in the history 
…ed requests (#5267)

* fix: fixed status code and error message for malformed request

* test: adding test for null check

* fix: made same changes also for permissions delete

* fix: changed null check with isNull

* fix: added generic validator for properties

* fix: added check to all the request

* fix: missed validation on 'validate' api

* fix: introduced 'name' as constant
  • Loading branch information
@sfiorani
sfiorani authored Jun 12, 2024
1 parent 40604a1 commit 0a2a820
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 0 deletions.
26 changes: 26 additions & 0 deletions ...src/main/java/org/eclipse/kura/internal/rest/identity/provider/IdentityRestServiceV2.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
import org.eclipse.kura.identity.PasswordConfiguration;
import org.eclipse.kura.identity.PasswordStrengthVerificationService;
import org.eclipse.kura.internal.rest.identity.provider.util.IdentityDTOUtils;
import org.eclipse.kura.internal.rest.identity.provider.util.StringUtils;
import org.eclipse.kura.internal.rest.identity.provider.v2.dto.IdentityConfigurationDTO;
import org.eclipse.kura.internal.rest.identity.provider.v2.dto.IdentityConfigurationRequestDTO;
import org.eclipse.kura.internal.rest.identity.provider.v2.dto.IdentityDTO;
Expand All @@ -59,6 +60,8 @@
@Path("identity/v2")
public class IdentityRestServiceV2 {

private static final String NAME_REQUEST_FIELD = "name";

private static final Logger logger = LoggerFactory.getLogger(IdentityRestServiceV2.class);

private static final String MQTT_APP_ID = "IDN-V2";
Expand Down Expand Up @@ -110,6 +113,9 @@ public Response createIdentity(final IdentityDTO identity) {
logger.debug(DEBUG_MESSAGE, "createIdentity");

try {

StringUtils.validateField(NAME_REQUEST_FIELD, identity.getName());

boolean created = this.identityService.createIdentity(identity.getName());
if (!created) {
throw DefaultExceptionHandler.buildWebApplicationException(Status.CONFLICT, "Identity already exists");
Expand All @@ -129,6 +135,8 @@ public Response updateIdentity(final IdentityConfigurationDTO identityConfigurat
logger.debug(DEBUG_MESSAGE, "updateIdentity");
try {

StringUtils.validateField(NAME_REQUEST_FIELD, identityConfigurationDTO.getIdentity().getName());

this.identityService
.updateIdentityConfiguration(IdentityDTOUtils.toIdentityConfiguration(identityConfigurationDTO));
} catch (Exception e) {
Expand All @@ -147,6 +155,9 @@ public IdentityConfigurationDTO getIdentityByName(
final IdentityConfigurationRequestDTO identityConfigurationRequestDTO) {
logger.debug(DEBUG_MESSAGE, "getIdentityByName");
try {

StringUtils.validateField(NAME_REQUEST_FIELD, identityConfigurationRequestDTO.getIdentity().getName());

String identityName = identityConfigurationRequestDTO.getIdentity().getName();

Optional<IdentityConfiguration> identityConfiguration = this.identityService.getIdentityConfiguration(
Expand Down Expand Up @@ -176,6 +187,9 @@ public IdentityConfigurationDTO getIdentityDefaultByName(
String identityName = identityConfigurationRequestDTO.getIdentity().getName();

try {

StringUtils.validateField(NAME_REQUEST_FIELD, identityName);

IdentityConfiguration identityConfiguration = this.identityService.getIdentityDefaultConfiguration(
identityName, //
IdentityDTOUtils.toIdentityConfigurationComponents(
Expand All @@ -195,6 +209,9 @@ public IdentityConfigurationDTO getIdentityDefaultByName(
public Response deleteIdentity(final IdentityDTO identity) {
logger.debug(DEBUG_MESSAGE, "deleteIdentity");
try {

StringUtils.validateField(NAME_REQUEST_FIELD, identity.getName());

boolean deleted = this.identityService.deleteIdentity(identity.getName());
if (!deleted) {
throw DefaultExceptionHandler.buildWebApplicationException(Status.NOT_FOUND, "Identity not found");
Expand Down Expand Up @@ -255,6 +272,9 @@ public Response createPermission(final PermissionDTO permissionDTO) {
logger.debug(DEBUG_MESSAGE, "createPermission");

try {

StringUtils.validateField(NAME_REQUEST_FIELD, permissionDTO.getName());

boolean created = this.identityService.createPermission(IdentityDTOUtils.toPermission(permissionDTO));
if (!created) {
throw DefaultExceptionHandler.buildWebApplicationException(Status.CONFLICT,
Expand All @@ -273,6 +293,9 @@ public Response createPermission(final PermissionDTO permissionDTO) {
@Consumes(MediaType.APPLICATION_JSON)
public Response deletePermission(final PermissionDTO permissionDTO) {
logger.debug(DEBUG_MESSAGE, "deletePermission");

StringUtils.validateField(NAME_REQUEST_FIELD, permissionDTO.getName());

boolean deleted = false;
try {
deleted = this.identityService.deletePermission(IdentityDTOUtils.toPermission(permissionDTO));
Expand All @@ -293,6 +316,9 @@ public Response deletePermission(final PermissionDTO permissionDTO) {
@Consumes(MediaType.APPLICATION_JSON)
public Response validateIdentityConfiguration(final IdentityConfigurationDTO identityConfigurationDTO) {
try {

StringUtils.validateField(NAME_REQUEST_FIELD, identityConfigurationDTO.getIdentity().getName());

this.identityService
.validateIdentityConfiguration(IdentityDTOUtils.toIdentityConfiguration(identityConfigurationDTO));
} catch (KuraException e) {
Expand Down
19 changes: 19 additions & 0 deletions ...ider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/util/StringUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
*******************************************************************************/
package org.eclipse.kura.internal.rest.identity.provider.util;

import static java.util.Objects.isNull;

import javax.ws.rs.core.Response.Status;

import org.eclipse.kura.request.handler.jaxrs.DefaultExceptionHandler;

public class StringUtils {

private StringUtils() {
Expand All @@ -23,4 +29,17 @@ public static void requireNotEmpty(String value, String message) {
throw new IllegalArgumentException(message);
}
}

public static void validateField(String propertyName, String inputToValidate) {

if (isNull(inputToValidate)) {
throw DefaultExceptionHandler.buildWebApplicationException(Status.BAD_REQUEST,
"Missing '" + propertyName + "' property");
}

if (inputToValidate.trim().isEmpty()) {
throw DefaultExceptionHandler.buildWebApplicationException(Status.BAD_REQUEST,
"`" + propertyName + "` value can't be empty");
}
}
}
22 changes: 22 additions & 0 deletions ...n/java/org/eclipse/kura/internal/rest/identity/provider/test/IdentityV2EndpointsTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,17 @@ public void shouldReturnErrorDeletingNonExistingIdentity() {

}

@Test
public void shouldReturnErrorDeletingWithMalformedIdentityRequest() {

whenRequestIsPerformed(new MethodSpec(METHOD_SPEC_DELETE, MQTT_METHOD_SPEC_DEL), "/identities",
"{\"nm\":\"identity\"}");

thenResponseCodeIs(400);
thenResponseBodyEqualsJson("{\"message\":\"Missing 'name' property\"}");

}

@Test
public void shouldGetDefinedPermissions() {
whenRequestIsPerformed(new MethodSpec(METHOD_SPEC_GET), "/definedPermissions");
Expand Down Expand Up @@ -274,6 +285,17 @@ public void shouldReturnErrorDeletingNonExistingPermission() {

}

@Test
public void shouldReturnErrorDeletingWithMalformedPermissionRequest() {

whenRequestIsPerformed(new MethodSpec(METHOD_SPEC_DELETE, MQTT_METHOD_SPEC_DEL), "/permissions",
"{\"nm\":\"permission\"}");

thenResponseCodeIs(400);
thenResponseBodyEqualsJson("{\"message\":\"Missing 'name' property\"}");

}

@Test
public void shouldValidateIdentityConfiguration() {
givenExistingIdentity(new IdentityDTO(this.testUsername));
Expand Down

0 comments on commit 0a2a820

Please sign in to comment.