Fixed delimiter validation in resources endpoint #1998
Conversation
app/models/resource.rb
Outdated
| @@ -105,6 +105,9 @@ def search account: nil, kind: nil, owner: nil, offset: nil, limit: nil, search: | |||
| scope = scope.textsearch(search) if search | |||
|
|
|||
| if offset || limit | |||
| if (offset && !numeric?(offset)) || (limit && !numeric?(limit)) | |||
| raise ApplicationController::UnprocessableEntity, "Delimiter must be an integer if given" | |||
There was a problem hiding this comment.
@shulifink can you please review this message?
There was a problem hiding this comment.
I don't understand. What do you mean "if given"?
There was a problem hiding this comment.
@liavyona Isn't it enough to just say "If you provide a value for Delimiter, it must be an integer greater than or equal to 0".
or simply: "Delimiter must be an integer greater than or equal to 0".
or "... must be an integer", or "must be a positive integer " (depending on what the integer type)
There was a problem hiding this comment.
I would go with "Delimiter offset or limit must be an integer greater than or equal to 0"
There was a problem hiding this comment.
LGTM @liavyona , thanks!
please get a review from @shulifink on the message.
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
| @@ -212,6 +216,11 @@ def bad_request e | |||
| head :bad_request | |||
| end | |||
|
|
|||
| def unprocessable_entity e | |||
There was a problem hiding this comment.
ApplicationController#unprocessable_entity has the parameter name 'e'
| @@ -131,6 +134,10 @@ def textsearch input | |||
| def visible_to role | |||
| from Sequel.function(:visible_resources, role.id).as(:resources) | |||
| end | |||
|
|
|||
| def numeric? val | |||
There was a problem hiding this comment.
Resource#numeric? doesn't depend on instance state (maybe move it to another class?)
|
@liavyona please make sure to add a change log message for this! it's definitely a user-impacting change, and we should let people know we've fixed this. |
liavyona
force-pushed
the
1997-delimiter-validation
branch
from
574535e
to
01199e5
Compare
liavyona
force-pushed
the
1997-delimiter-validation
branch
from
01199e5
to
1faaf94
Compare
| case kind | ||
| when "variable" | ||
| response["secrets"] = secrets_dataset.order(:version).as_json | ||
| .map { |h| h.except 'resource' } | ||
| .map { |h| h.except 'resource' } |
There was a problem hiding this comment.
Use 2 (not 37) spaces for indenting an expression in an assignment spanning multiple lines.
liavyona
force-pushed
the
1997-delimiter-validation
branch
from
1faaf94
to
e11474c
Compare
liavyona
force-pushed
the
1997-delimiter-validation
branch
from
e11474c
to
6a22304
Compare
| # 'offset' must be an integer greater than or equal to 0 if given | ||
| if offset && (!numeric?(offset) || offset.to_i.negative?) | ||
| raise ApplicationController::UnprocessableEntity, "'offset' contains an invalid value. 'offset' must be an integer greater than or equal to 0." | ||
| end |
There was a problem hiding this comment.
UnprocessableEntity is an http level concern. That is, we should only be talking about that error inside of controllers, and specifically in code that is mapping an actual domain error into an http status code.
Inside of the model we should be raising a more specific validation error, with a name that reflects what went wrong. InvalidQueryParameter or something like that.
Separate comment: There's a lot of formatting / clean changes here (which is awesome), but please put those into a separate commit with a subject like "Cleanup formatting" -- otherwise the "meat" of this PR (which is actually pretty small and simple) isn't clear at a glance.
liavyona
force-pushed
the
1997-delimiter-validation
branch
3 times, most recently
from
2a78590
to
a9b50e7
Compare
liavyona
force-pushed
the
1997-delimiter-validation
branch
from
a9b50e7
to
5549927
Compare
app/models/resource.rb
Outdated
| raise "'limit' contains an invalid value. 'limit' must be a positive integer." | ||
| end | ||
| # 'offset' must be an integer greater than or equal to 0 if given | ||
| if offset && (!numeric?(offset) || offset.to_i.negative?) | ||
| raise "'offset' contains an invalid value. 'offset' must be an integer greater than or equal to 0." |
There was a problem hiding this comment.
@liavyona is it possible to move these errors to errors.rb?
we prefer to have all the user-facing messages there
There was a problem hiding this comment.
I think it will be a problem to use a custom exception inside a model class. Ads you can see there is no usage of any error which is defined at errors.rb under app/model. Other model classes use simple raise or ArgumentError. I changed it to use ArgumentError
liavyona
force-pushed
the
1997-delimiter-validation
branch
from
f06a1df
to
442015a
Compare
`GET /resources` endpoints takes 2 optionals numeric delimiters as requests parameters: `limit` & `offset`. Previously, no input validation has been made when receiving these optional parameters. Now, we verify that their value is valid if given.
liavyona
force-pushed
the
1997-delimiter-validation
branch
from
442015a
to
f8679e1
Compare
|
Code Climate has analyzed commit f8679e1 and detected 8 issues on this pull request. Here's the issue category breakdown:
The test coverage on the diff in this pull request is 90.9% (50% is the threshold). This pull request will bring the total coverage in the repository to 89.3% (0.0% change). View more on Code Climate. |
What does this PR do?
resourcesendpointWhat ticket does this PR close?
Resolves #1997
Checklists
Change log
Test coverage
Documentation
READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, or