Loading src/main/java/it/inaf/oats/vospace/BaseNodeController.java +16 −2 Original line number Original line Diff line number Diff line Loading @@ -10,8 +10,10 @@ import it.inaf.oats.vospace.exception.InvalidArgumentException; import it.inaf.oats.vospace.exception.InvalidURIException; import it.inaf.oats.vospace.exception.InvalidURIException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest; import net.ivoa.xml.vospace.v2.LinkNode; import net.ivoa.xml.vospace.v2.LinkNode; import net.ivoa.xml.vospace.v2.Node; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value; import static org.springframework.web.servlet.function.RequestPredicates.path; public abstract class BaseNodeController { public abstract class BaseNodeController { Loading @@ -34,6 +36,18 @@ public abstract class BaseNodeController { return NodeUtils.getParentPath(path); return NodeUtils.getParentPath(path); } } protected void validateAndCheckPayloadURIConsistence(Node node) { // Get Node path (and validates it too) String decodedURIPathFromNode = URIUtils.returnVosPathFromNodeURI(node.getUri(), this.authority); // Check if payload URI is consistent with http request String requestPath = this.getPath(); if (!decodedURIPathFromNode.equals(this.getPath())) { throw new InvalidURIException(decodedURIPathFromNode, requestPath); } } protected void validateInternalLinkNode(LinkNode linkNode) { protected void validateInternalLinkNode(LinkNode linkNode) { String target = linkNode.getTarget(); String target = linkNode.getTarget(); // I validate it here to add context easily // I validate it here to add context easily Loading src/main/java/it/inaf/oats/vospace/CreateNodeController.java +1 −10 Original line number Original line Diff line number Diff line Loading @@ -33,16 +33,7 @@ public class CreateNodeController extends BaseNodeController { String path = getPath(); String path = getPath(); LOG.debug("createNodeController called for node with URI {} and PATH {}", node.getUri(), path); LOG.debug("createNodeController called for node with URI {} and PATH {}", node.getUri(), path); this.validateAndCheckPayloadURIConsistence(node); // Get Node path (and validates it too) String decodedURIPathFromNode = URIUtils.returnVosPathFromNodeURI(node.getUri(), this.authority); LOG.debug("createNodeController URI: {} decoded as {}", node.getUri(), decodedURIPathFromNode); // Check if payload URI is consistent with http request if (!decodedURIPathFromNode.equals(path)) { throw new InvalidURIException(decodedURIPathFromNode, path); } // validate format of input node // validate format of input node this.validateInputNode(node); this.validateInputNode(node); Loading src/main/java/it/inaf/oats/vospace/SetNodeController.java +3 −0 Original line number Original line Diff line number Diff line Loading @@ -43,6 +43,9 @@ public class SetNodeController extends BaseNodeController { String path = getPath(); String path = getPath(); LOG.debug("setNode called for path {}", path); LOG.debug("setNode called for path {}", path); // Validate and check payload node URI consistence with request this.validateAndCheckPayloadURIConsistence(node); //The service SHALL throw a HTTP 404 status code including a NodeNotFound //The service SHALL throw a HTTP 404 status code including a NodeNotFound //fault in the entity-body if the target Node does not exist //fault in the entity-body if the target Node does not exist Node toBeModifiedNode = nodeDao.listNode(path) Node toBeModifiedNode = nodeDao.listNode(path) Loading src/test/java/it/inaf/oats/vospace/SetNodeControllerTest.java +23 −0 Original line number Original line Diff line number Diff line Loading @@ -130,6 +130,29 @@ public class SetNodeControllerTest { .andExpect(status().isForbidden()); .andExpect(status().isForbidden()); } } /* Test case: request and payload URIs don't match Forbidden. */ @Test public void testRequestPayloadURIMismatch() throws Exception { String requestBody = getResourceFileContent("modify-data-node-1_type.xml"); // Create node when(nodeDao.listNode(eq("/"))) .thenReturn(Optional.of(getContainerParentNode("/"))); when(nodeDao.listNode(eq("/mydata1"))).thenReturn(Optional.of(getWritableDataNode("/mydata1"))); mockMvc.perform(post("/nodes/mydataPippo1") .header("Authorization", "Bearer user2_token") .content(requestBody) .contentType(MediaType.APPLICATION_XML) .accept(MediaType.APPLICATION_XML)) .andDo(print()) .andExpect(status().isBadRequest()); } /* Test case: /* Test case: try to add accepted views to a node without views. try to add accepted views to a node without views. Forbidden Forbidden Loading Loading
src/main/java/it/inaf/oats/vospace/BaseNodeController.java +16 −2 Original line number Original line Diff line number Diff line Loading @@ -10,8 +10,10 @@ import it.inaf.oats.vospace.exception.InvalidArgumentException; import it.inaf.oats.vospace.exception.InvalidURIException; import it.inaf.oats.vospace.exception.InvalidURIException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest; import net.ivoa.xml.vospace.v2.LinkNode; import net.ivoa.xml.vospace.v2.LinkNode; import net.ivoa.xml.vospace.v2.Node; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value; import static org.springframework.web.servlet.function.RequestPredicates.path; public abstract class BaseNodeController { public abstract class BaseNodeController { Loading @@ -34,6 +36,18 @@ public abstract class BaseNodeController { return NodeUtils.getParentPath(path); return NodeUtils.getParentPath(path); } } protected void validateAndCheckPayloadURIConsistence(Node node) { // Get Node path (and validates it too) String decodedURIPathFromNode = URIUtils.returnVosPathFromNodeURI(node.getUri(), this.authority); // Check if payload URI is consistent with http request String requestPath = this.getPath(); if (!decodedURIPathFromNode.equals(this.getPath())) { throw new InvalidURIException(decodedURIPathFromNode, requestPath); } } protected void validateInternalLinkNode(LinkNode linkNode) { protected void validateInternalLinkNode(LinkNode linkNode) { String target = linkNode.getTarget(); String target = linkNode.getTarget(); // I validate it here to add context easily // I validate it here to add context easily Loading
src/main/java/it/inaf/oats/vospace/CreateNodeController.java +1 −10 Original line number Original line Diff line number Diff line Loading @@ -33,16 +33,7 @@ public class CreateNodeController extends BaseNodeController { String path = getPath(); String path = getPath(); LOG.debug("createNodeController called for node with URI {} and PATH {}", node.getUri(), path); LOG.debug("createNodeController called for node with URI {} and PATH {}", node.getUri(), path); this.validateAndCheckPayloadURIConsistence(node); // Get Node path (and validates it too) String decodedURIPathFromNode = URIUtils.returnVosPathFromNodeURI(node.getUri(), this.authority); LOG.debug("createNodeController URI: {} decoded as {}", node.getUri(), decodedURIPathFromNode); // Check if payload URI is consistent with http request if (!decodedURIPathFromNode.equals(path)) { throw new InvalidURIException(decodedURIPathFromNode, path); } // validate format of input node // validate format of input node this.validateInputNode(node); this.validateInputNode(node); Loading
src/main/java/it/inaf/oats/vospace/SetNodeController.java +3 −0 Original line number Original line Diff line number Diff line Loading @@ -43,6 +43,9 @@ public class SetNodeController extends BaseNodeController { String path = getPath(); String path = getPath(); LOG.debug("setNode called for path {}", path); LOG.debug("setNode called for path {}", path); // Validate and check payload node URI consistence with request this.validateAndCheckPayloadURIConsistence(node); //The service SHALL throw a HTTP 404 status code including a NodeNotFound //The service SHALL throw a HTTP 404 status code including a NodeNotFound //fault in the entity-body if the target Node does not exist //fault in the entity-body if the target Node does not exist Node toBeModifiedNode = nodeDao.listNode(path) Node toBeModifiedNode = nodeDao.listNode(path) Loading
src/test/java/it/inaf/oats/vospace/SetNodeControllerTest.java +23 −0 Original line number Original line Diff line number Diff line Loading @@ -130,6 +130,29 @@ public class SetNodeControllerTest { .andExpect(status().isForbidden()); .andExpect(status().isForbidden()); } } /* Test case: request and payload URIs don't match Forbidden. */ @Test public void testRequestPayloadURIMismatch() throws Exception { String requestBody = getResourceFileContent("modify-data-node-1_type.xml"); // Create node when(nodeDao.listNode(eq("/"))) .thenReturn(Optional.of(getContainerParentNode("/"))); when(nodeDao.listNode(eq("/mydata1"))).thenReturn(Optional.of(getWritableDataNode("/mydata1"))); mockMvc.perform(post("/nodes/mydataPippo1") .header("Authorization", "Bearer user2_token") .content(requestBody) .contentType(MediaType.APPLICATION_XML) .accept(MediaType.APPLICATION_XML)) .andDo(print()) .andExpect(status().isBadRequest()); } /* Test case: /* Test case: try to add accepted views to a node without views. try to add accepted views to a node without views. Forbidden Forbidden Loading
