Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(plugin-consortium-manual): OpenAPI spec validation missing from plugin REST endpoints #1297

Closed
elenaizaguirre opened this issue Sep 1, 2021 · 0 comments · Fixed by #1298
Assignees
Labels
bug Something isn't working

Comments

@elenaizaguirre
Copy link
Contributor

Describe the bug

Right now the constraints we define for request/response objects are not checked when a request comes in.

To Reproduce

Send an invalid request to some plugin endpoint that is invalid in a certain way and watch how it crashes the plugin resulting in internal server error vs. bad request.

Expected behavior

Fail with bad request even before the plugin's back-end code is reached if a request is sent that does not comply with the open api specs defined for that endpoint.

Logs/Stack traces

N/A

Screenshots

N/A

Cloud provider or hardware configuration:

N/A

Operating system name, version, build:

N/A

Hyperledger Cactus release version or commit (git rev-parse --short HEAD):

main

Hyperledger Cactus Plugins/Connectors Used

Consortium-manual

Additional context

The interface of the web service plugins should be extended with a getOpenApiSpecs() method that returns an OpenAPI v3 spec document (see the openapi-types package)
Then the api-server calls up this method when it's installing the web services of the plugin, obtains the open api specs and creates a validator instance from it.

@elenaizaguirre elenaizaguirre added the bug Something isn't working label Sep 1, 2021
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Sep 1, 2021
add missing validation for consortium-manual plugin rest endpoints

Closes: hyperledger-cacti#1297
Signed-off-by: Elena Izaguirre <e.izaguirre.equiza@accenture.com>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Sep 3, 2021
add missing validation for consortium-manual plugin rest endpoints

Closes: hyperledger-cacti#1297
Signed-off-by: Elena Izaguirre <e.izaguirre.equiza@accenture.com>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Sep 14, 2021
Includes tests for endpoints getConsortiumJwsV1 and
getNodeJwsV1, each one of them with test cases:
  - Right request
  - Sending an invalid parameter

closes hyperledger-cacti#1297

relationed with hyperledger-cacti#847

Signed-off-by: Elena Izaguirre <e.izaguirre.equiza@accenture.com>
petermetz pushed a commit that referenced this issue Sep 17, 2021
Includes tests for endpoints getConsortiumJwsV1 and
getNodeJwsV1, each one of them with test cases:
  - Right request
  - Sending an invalid parameter

closes #1297

relationed with #847

Signed-off-by: Elena Izaguirre <e.izaguirre.equiza@accenture.com>
izuru0 pushed a commit to izuru0/cactus that referenced this issue Oct 1, 2021
Includes tests for endpoints getConsortiumJwsV1 and
getNodeJwsV1, each one of them with test cases:
  - Right request
  - Sending an invalid parameter

closes hyperledger-cacti#1297

relationed with hyperledger-cacti#847

Signed-off-by: Elena Izaguirre <e.izaguirre.equiza@accenture.com>
brioux pushed a commit to brioux/cactus that referenced this issue Oct 4, 2021
Includes tests for endpoints getConsortiumJwsV1 and
getNodeJwsV1, each one of them with test cases:
  - Right request
  - Sending an invalid parameter

closes hyperledger-cacti#1297

relationed with hyperledger-cacti#847

Signed-off-by: Elena Izaguirre <e.izaguirre.equiza@accenture.com>
RafaelAPB pushed a commit to RafaelAPB/blockchain-integration-framework that referenced this issue Mar 9, 2022
Includes tests for endpoints getConsortiumJwsV1 and
getNodeJwsV1, each one of them with test cases:
  - Right request
  - Sending an invalid parameter

closes hyperledger-cacti#1297

relationed with hyperledger-cacti#847

Signed-off-by: Elena Izaguirre <e.izaguirre.equiza@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant