Commit b8f0c058 authored by Sascha Herzinger's avatar Sascha Herzinger
Browse files

Adding additional checks to the new state controllers and some new tests

parent ec67cfc2
......@@ -28,7 +28,14 @@ def save_state() -> Tuple[Response, int]:
"""
logger.debug("Received POST request on /state.")
# check if task ids in payload are valid
for match in re.findall('\$.+?\$', request.data):
matches = re.findall('\$.+?\$', request.data)
if not matches:
error = "This state cannot be saved because it contains no data " \
"task ids. These are used to verify access to the state and " \
"its potentially sensitive data."
logger.error(error)
return jsonify({'error': error}), 400
for match in matches:
task_id = AnalyticTask.parse_value(match)
value = redis.get('data:{}'.format(task_id))
if value is None:
......@@ -39,8 +46,9 @@ def save_state() -> Tuple[Response, int]:
try:
json.loads(value)['meta']['descriptor']
except (ValueError, KeyError):
error = "Task with id {} was found in redis but it is no valid " \
"data task id. State cannot be saved.".format(task_id)
error = "Task with id {} was found in redis but it represents " \
"no valid data state. " \
"State cannot be saved.".format(task_id)
return jsonify({'error': error}), 400
payload = json.loads(request.data)
uuid = uuid4()
......@@ -68,7 +76,8 @@ def request_state_access(state_id: UUID) -> Tuple[Response, int]:
logger.error(error)
return jsonify({'error': error}), 404
descriptors = []
for match in re.findall('\$.+?\$', value):
matches = re.findall('\$.+?\$', value)
for match in matches:
task_id = AnalyticTask.parse_value(match)
if redis.get('data:{}'.format(task_id)) is None:
error = "The state with id {} exists, but one or more of the " \
......
......@@ -19,8 +19,30 @@ class TestState:
yield test_client
sync.cleanup_all()
def test_400_if_no_task_id_in_payload(self, test_client):
rv = test_client.post('/state', data=flask.json.dumps('$...foo'))
body = flask.json.loads(rv.get_data())
assert rv.status_code == 400, body
assert 'error' in body
assert 'contains no data task ids' in body['error']
def test_400_if_task_id_not_in_redis(self, test_client):
rv = test_client.post('/state', data=flask.json.dumps('$123$'))
body = flask.json.loads(rv.get_data())
assert rv.status_code == 400, body
assert 'error' in body
assert 'could not be found in redis' in body['error']
def test_400_if_task_id_in_redis_but_no_data_state(self, test_client):
redis.set('data:123', '')
rv = test_client.post('/state', data=flask.json.dumps('$123$'))
body = flask.json.loads(rv.get_data())
assert rv.status_code == 400, body
assert 'error' in body
assert 'not valid data state' in body['error']
def test_save_state_saves_and_returns(self, test_client):
rv = test_client.post('/state', data=flask.json.dumps('test'))
rv = test_client.post('/state', data=flask.json.dumps('$123$'))
body = flask.json.loads(rv.get_data())
assert rv.status_code == 201, body
assert UUID(body['state_id'])
......@@ -52,7 +74,7 @@ class TestState:
body = flask.json.loads(rv.get_data())
assert rv.status_code == 400, body
assert 'error' in body
assert 'given payload cannot be saved' in body['error']
assert 'data task ids are missing' in body['error']
def test_202_create_valid_state_if_valid_conditions(self, test_client):
uuid = str(uuid4())
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment