From 0a2a8208bc85d1f2c8dd1d3faf3f6341ce461952 Mon Sep 17 00:00:00 2001
From: sfiorani <109297780+sfiorani@users.noreply.github.com>
Date: Wed, 12 Jun 2024 17:26:33 +0200
Subject: [PATCH] fix(rest.identity): fixed status codes and error messages for
 malformed requests (#5267)

* fix: fixed status code and error message for malformed request

* test: adding test for null check

* fix: made same changes also for permissions delete

* fix: changed null check with isNull

* fix: added generic validator for properties

* fix: added check to all the request

* fix: missed validation on 'validate' api

* fix: introduced 'name' as constant
---
 .../provider/IdentityRestServiceV2.java       | 26 +++++++++++++++++++
 .../identity/provider/util/StringUtils.java   | 19 ++++++++++++++
 .../test/IdentityV2EndpointsTest.java         | 22 ++++++++++++++++
 3 files changed, 67 insertions(+)

diff --git a/kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/IdentityRestServiceV2.java b/kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/IdentityRestServiceV2.java
index f6dfc8df419..ddae86e9dd2 100644
--- a/kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/IdentityRestServiceV2.java
+++ b/kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/IdentityRestServiceV2.java
@@ -44,6 +44,7 @@
 import org.eclipse.kura.identity.PasswordConfiguration;
 import org.eclipse.kura.identity.PasswordStrengthVerificationService;
 import org.eclipse.kura.internal.rest.identity.provider.util.IdentityDTOUtils;
+import org.eclipse.kura.internal.rest.identity.provider.util.StringUtils;
 import org.eclipse.kura.internal.rest.identity.provider.v2.dto.IdentityConfigurationDTO;
 import org.eclipse.kura.internal.rest.identity.provider.v2.dto.IdentityConfigurationRequestDTO;
 import org.eclipse.kura.internal.rest.identity.provider.v2.dto.IdentityDTO;
@@ -59,6 +60,8 @@
 @Path("identity/v2")
 public class IdentityRestServiceV2 {
 
+    private static final String NAME_REQUEST_FIELD = "name";
+
     private static final Logger logger = LoggerFactory.getLogger(IdentityRestServiceV2.class);
 
     private static final String MQTT_APP_ID = "IDN-V2";
@@ -110,6 +113,9 @@ public Response createIdentity(final IdentityDTO identity) {
         logger.debug(DEBUG_MESSAGE, "createIdentity");
 
         try {
+
+            StringUtils.validateField(NAME_REQUEST_FIELD, identity.getName());
+
             boolean created = this.identityService.createIdentity(identity.getName());
             if (!created) {
                 throw DefaultExceptionHandler.buildWebApplicationException(Status.CONFLICT, "Identity already exists");
@@ -129,6 +135,8 @@ public Response updateIdentity(final IdentityConfigurationDTO identityConfigurat
         logger.debug(DEBUG_MESSAGE, "updateIdentity");
         try {
 
+            StringUtils.validateField(NAME_REQUEST_FIELD, identityConfigurationDTO.getIdentity().getName());
+
             this.identityService
                     .updateIdentityConfiguration(IdentityDTOUtils.toIdentityConfiguration(identityConfigurationDTO));
         } catch (Exception e) {
@@ -147,6 +155,9 @@ public IdentityConfigurationDTO getIdentityByName(
             final IdentityConfigurationRequestDTO identityConfigurationRequestDTO) {
         logger.debug(DEBUG_MESSAGE, "getIdentityByName");
         try {
+
+            StringUtils.validateField(NAME_REQUEST_FIELD, identityConfigurationRequestDTO.getIdentity().getName());
+
             String identityName = identityConfigurationRequestDTO.getIdentity().getName();
 
             Optional<IdentityConfiguration> identityConfiguration = this.identityService.getIdentityConfiguration(
@@ -176,6 +187,9 @@ public IdentityConfigurationDTO getIdentityDefaultByName(
         String identityName = identityConfigurationRequestDTO.getIdentity().getName();
 
         try {
+
+            StringUtils.validateField(NAME_REQUEST_FIELD, identityName);
+
             IdentityConfiguration identityConfiguration = this.identityService.getIdentityDefaultConfiguration(
                     identityName, //
                     IdentityDTOUtils.toIdentityConfigurationComponents(
@@ -195,6 +209,9 @@ public IdentityConfigurationDTO getIdentityDefaultByName(
     public Response deleteIdentity(final IdentityDTO identity) {
         logger.debug(DEBUG_MESSAGE, "deleteIdentity");
         try {
+
+            StringUtils.validateField(NAME_REQUEST_FIELD, identity.getName());
+
             boolean deleted = this.identityService.deleteIdentity(identity.getName());
             if (!deleted) {
                 throw DefaultExceptionHandler.buildWebApplicationException(Status.NOT_FOUND, "Identity not found");
@@ -255,6 +272,9 @@ public Response createPermission(final PermissionDTO permissionDTO) {
         logger.debug(DEBUG_MESSAGE, "createPermission");
 
         try {
+
+            StringUtils.validateField(NAME_REQUEST_FIELD, permissionDTO.getName());
+
             boolean created = this.identityService.createPermission(IdentityDTOUtils.toPermission(permissionDTO));
             if (!created) {
                 throw DefaultExceptionHandler.buildWebApplicationException(Status.CONFLICT,
@@ -273,6 +293,9 @@ public Response createPermission(final PermissionDTO permissionDTO) {
     @Consumes(MediaType.APPLICATION_JSON)
     public Response deletePermission(final PermissionDTO permissionDTO) {
         logger.debug(DEBUG_MESSAGE, "deletePermission");
+
+        StringUtils.validateField(NAME_REQUEST_FIELD, permissionDTO.getName());
+
         boolean deleted = false;
         try {
             deleted = this.identityService.deletePermission(IdentityDTOUtils.toPermission(permissionDTO));
@@ -293,6 +316,9 @@ public Response deletePermission(final PermissionDTO permissionDTO) {
     @Consumes(MediaType.APPLICATION_JSON)
     public Response validateIdentityConfiguration(final IdentityConfigurationDTO identityConfigurationDTO) {
         try {
+
+            StringUtils.validateField(NAME_REQUEST_FIELD, identityConfigurationDTO.getIdentity().getName());
+
             this.identityService
                     .validateIdentityConfiguration(IdentityDTOUtils.toIdentityConfiguration(identityConfigurationDTO));
         } catch (KuraException e) {
diff --git a/kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/util/StringUtils.java b/kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/util/StringUtils.java
index 9a233b5da18..7f89a63ff68 100644
--- a/kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/util/StringUtils.java
+++ b/kura/org.eclipse.kura.rest.identity.provider/src/main/java/org/eclipse/kura/internal/rest/identity/provider/util/StringUtils.java
@@ -12,6 +12,12 @@
  *******************************************************************************/
 package org.eclipse.kura.internal.rest.identity.provider.util;
 
+import static java.util.Objects.isNull;
+
+import javax.ws.rs.core.Response.Status;
+
+import org.eclipse.kura.request.handler.jaxrs.DefaultExceptionHandler;
+
 public class StringUtils {
 
     private StringUtils() {
@@ -23,4 +29,17 @@ public static void requireNotEmpty(String value, String message) {
             throw new IllegalArgumentException(message);
         }
     }
+
+    public static void validateField(String propertyName, String inputToValidate) {
+
+        if (isNull(inputToValidate)) {
+            throw DefaultExceptionHandler.buildWebApplicationException(Status.BAD_REQUEST,
+                    "Missing '" + propertyName + "' property");
+        }
+
+        if (inputToValidate.trim().isEmpty()) {
+            throw DefaultExceptionHandler.buildWebApplicationException(Status.BAD_REQUEST,
+                    "`" + propertyName + "` value can't be empty");
+        }
+    }
 }
diff --git a/kura/test/org.eclipse.kura.rest.identity.provider.test/src/main/java/org/eclipse/kura/internal/rest/identity/provider/test/IdentityV2EndpointsTest.java b/kura/test/org.eclipse.kura.rest.identity.provider.test/src/main/java/org/eclipse/kura/internal/rest/identity/provider/test/IdentityV2EndpointsTest.java
index 07054c09f23..57531244888 100644
--- a/kura/test/org.eclipse.kura.rest.identity.provider.test/src/main/java/org/eclipse/kura/internal/rest/identity/provider/test/IdentityV2EndpointsTest.java
+++ b/kura/test/org.eclipse.kura.rest.identity.provider.test/src/main/java/org/eclipse/kura/internal/rest/identity/provider/test/IdentityV2EndpointsTest.java
@@ -211,6 +211,17 @@ public void shouldReturnErrorDeletingNonExistingIdentity() {
 
     }
 
+    @Test
+    public void shouldReturnErrorDeletingWithMalformedIdentityRequest() {
+
+        whenRequestIsPerformed(new MethodSpec(METHOD_SPEC_DELETE, MQTT_METHOD_SPEC_DEL), "/identities",
+                "{\"nm\":\"identity\"}");
+
+        thenResponseCodeIs(400);
+        thenResponseBodyEqualsJson("{\"message\":\"Missing 'name' property\"}");
+
+    }
+
     @Test
     public void shouldGetDefinedPermissions() {
         whenRequestIsPerformed(new MethodSpec(METHOD_SPEC_GET), "/definedPermissions");
@@ -274,6 +285,17 @@ public void shouldReturnErrorDeletingNonExistingPermission() {
 
     }
 
+    @Test
+    public void shouldReturnErrorDeletingWithMalformedPermissionRequest() {
+
+        whenRequestIsPerformed(new MethodSpec(METHOD_SPEC_DELETE, MQTT_METHOD_SPEC_DEL), "/permissions",
+                "{\"nm\":\"permission\"}");
+
+        thenResponseCodeIs(400);
+        thenResponseBodyEqualsJson("{\"message\":\"Missing 'name' property\"}");
+
+    }
+
     @Test
     public void shouldValidateIdentityConfiguration() {
         givenExistingIdentity(new IdentityDTO(this.testUsername));