Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
VOSpace INAF
vospace-rest
Commits
4f474f3e
Commit
4f474f3e
authored
Aug 30, 2021
by
Nicola Fulvio Calabria
Browse files
Added request-payload URI consistency check for SetNodeController
parent
dcea92ca
Changes
4
Hide whitespace changes
Inline
Side-by-side
src/main/java/it/inaf/oats/vospace/BaseNodeController.java
View file @
4f474f3e
...
...
@@ -10,8 +10,10 @@ import it.inaf.oats.vospace.exception.InvalidArgumentException;
import
it.inaf.oats.vospace.exception.InvalidURIException
;
import
javax.servlet.http.HttpServletRequest
;
import
net.ivoa.xml.vospace.v2.LinkNode
;
import
net.ivoa.xml.vospace.v2.Node
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
static
org
.
springframework
.
web
.
servlet
.
function
.
RequestPredicates
.
path
;
public
abstract
class
BaseNodeController
{
...
...
@@ -19,8 +21,8 @@ public abstract class BaseNodeController {
private
HttpServletRequest
servletRequest
;
@Value
(
"${vospace-authority}"
)
protected
String
authority
;
protected
String
authority
;
protected
String
getPath
()
{
String
requestURL
=
servletRequest
.
getRequestURL
().
toString
();
try
{
...
...
@@ -34,6 +36,18 @@ public abstract class BaseNodeController {
return
NodeUtils
.
getParentPath
(
path
);
}
protected
void
validateAndCheckPayloadURIConsistence
(
Node
node
)
{
// Get Node path (and validates it too)
String
decodedURIPathFromNode
=
URIUtils
.
returnVosPathFromNodeURI
(
node
.
getUri
(),
this
.
authority
);
// Check if payload URI is consistent with http request
String
requestPath
=
this
.
getPath
();
if
(!
decodedURIPathFromNode
.
equals
(
this
.
getPath
()))
{
throw
new
InvalidURIException
(
decodedURIPathFromNode
,
requestPath
);
}
}
protected
void
validateInternalLinkNode
(
LinkNode
linkNode
)
{
String
target
=
linkNode
.
getTarget
();
// I validate it here to add context easily
...
...
src/main/java/it/inaf/oats/vospace/CreateNodeController.java
View file @
4f474f3e
...
...
@@ -33,16 +33,7 @@ public class CreateNodeController extends BaseNodeController {
String
path
=
getPath
();
LOG
.
debug
(
"createNodeController called for node with URI {} and PATH {}"
,
node
.
getUri
(),
path
);
// Get Node path (and validates it too)
String
decodedURIPathFromNode
=
URIUtils
.
returnVosPathFromNodeURI
(
node
.
getUri
(),
this
.
authority
);
LOG
.
debug
(
"createNodeController URI: {} decoded as {}"
,
node
.
getUri
(),
decodedURIPathFromNode
);
// Check if payload URI is consistent with http request
if
(!
decodedURIPathFromNode
.
equals
(
path
))
{
throw
new
InvalidURIException
(
decodedURIPathFromNode
,
path
);
}
this
.
validateAndCheckPayloadURIConsistence
(
node
);
// validate format of input node
this
.
validateInputNode
(
node
);
...
...
src/main/java/it/inaf/oats/vospace/SetNodeController.java
View file @
4f474f3e
...
...
@@ -42,6 +42,9 @@ public class SetNodeController extends BaseNodeController {
String
path
=
getPath
();
LOG
.
debug
(
"setNode called for path {}"
,
path
);
// Validate and check payload node URI consistence with request
this
.
validateAndCheckPayloadURIConsistence
(
node
);
//The service SHALL throw a HTTP 404 status code including a NodeNotFound
//fault in the entity-body if the target Node does not exist
...
...
src/test/java/it/inaf/oats/vospace/SetNodeControllerTest.java
View file @
4f474f3e
...
...
@@ -129,7 +129,30 @@ public class SetNodeControllerTest {
.
andDo
(
print
())
.
andExpect
(
status
().
isForbidden
());
}
/* Test case:
request and payload URIs don't match
Forbidden.
*/
@Test
public
void
testRequestPayloadURIMismatch
()
throws
Exception
{
String
requestBody
=
getResourceFileContent
(
"modify-data-node-1_type.xml"
);
// Create node
when
(
nodeDao
.
listNode
(
eq
(
"/"
)))
.
thenReturn
(
Optional
.
of
(
getContainerParentNode
(
"/"
)));
when
(
nodeDao
.
listNode
(
eq
(
"/mydata1"
))).
thenReturn
(
Optional
.
of
(
getWritableDataNode
(
"/mydata1"
)));
mockMvc
.
perform
(
post
(
"/nodes/mydataPippo1"
)
.
header
(
"Authorization"
,
"Bearer user2_token"
)
.
content
(
requestBody
)
.
contentType
(
MediaType
.
APPLICATION_XML
)
.
accept
(
MediaType
.
APPLICATION_XML
))
.
andDo
(
print
())
.
andExpect
(
status
().
isBadRequest
());
}
/* Test case:
try to add accepted views to a node without views.
Forbidden
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment