0001-jsondatastore-check-if-request.body-is-a-json-17168.patch
passerelle/apps/jsondatastore/models.py | ||
---|---|---|
31 | 31 |
return uuid.uuid4().get_hex() |
32 | 32 | |
33 | 33 | |
34 |
def clean_json_data(data): |
|
35 |
try: |
|
36 |
payload = json.loads(data) |
|
37 |
if not isinstance(payload, dict): |
|
38 |
raise APIError('payload must be a dict') |
|
39 |
return payload |
|
40 |
except ValueError: |
|
41 |
raise APIError('could not decode body to json') |
|
42 | ||
43 | ||
34 | 44 |
class JsonData(models.Model): |
35 | 45 |
datastore = models.ForeignKey('JsonDataStore', null=True) |
36 | 46 | |
... | ... | |
76 | 86 |
example_pattern='create', |
77 | 87 |
description=_('Create')) |
78 | 88 |
def create(self, request, name_id=None, **kwargs): |
89 |
content = clean_json_data(request.body) |
|
79 | 90 |
attrs = { |
80 |
'content': json.loads(request.body),
|
|
91 |
'content': content,
|
|
81 | 92 |
'datastore': self, |
82 | 93 |
} |
83 | 94 |
if name_id is not None: |
... | ... | |
106 | 117 |
def get_or_replace(self, request, uuid, name_id=None): |
107 | 118 |
data = self.get_data_object(uuid, name_id) |
108 | 119 |
if request.method == 'POST': |
109 |
data.content = json.loads(request.body) |
|
120 |
new_content = clean_json_data(request.body) |
|
121 |
data.content = new_content |
|
110 | 122 |
data.save() |
111 | 123 |
elif request.method == 'PATCH': |
112 |
data.content.update(json.loads(request.body)) |
|
124 |
new_content = clean_json_data(request.body) |
|
125 |
data.content.update(new_content) |
|
113 | 126 |
data.save() |
114 | 127 |
return {'id': data.uuid, 'text': data.text, 'content': data.content} |
115 | 128 |
tests/test_jsondatastore.py | ||
---|---|---|
35 | 35 |
assert len(resp.json['data']) == 1 |
36 | 36 |
assert resp.json['data'][0]['content'] == {'foo': 'bar'} |
37 | 37 | |
38 |
# check json payload |
|
39 |
resp = app.post('/jsondatastore/foobar/data/create', params='foo=bar') |
|
40 |
assert resp.json['err'] == 1 |
|
41 |
assert resp.json['err_desc'] == 'could not decode body to json' |
|
42 |
resp = app.post_json('/jsondatastore/foobar/data/create', params='foo=bar') |
|
43 |
assert resp.json['err'] == 1 |
|
44 |
assert resp.json['err_desc'] == 'payload must be a dict' |
|
45 | ||
38 | 46 |
resp = app.get('/jsondatastore/foobar/data/%s/' % uuid) |
39 | 47 |
assert resp.json['id'] == uuid |
40 | 48 |
assert resp.json['content'] == {'foo': 'bar'} |
... | ... | |
43 | 51 |
assert resp.json['id'] == uuid |
44 | 52 |
assert resp.json['content'] == {'foo': 'bar2'} |
45 | 53 | |
54 |
# check json payload |
|
55 |
resp = app.post('/jsondatastore/foobar/data/%s/' % uuid, params='foo=bar2') |
|
56 |
assert resp.json['err'] == 1 |
|
57 |
assert resp.json['err_desc'] == 'could not decode body to json' |
|
58 |
resp = app.post_json('/jsondatastore/foobar/data/%s/' % uuid, params='foo=bar2') |
|
59 |
assert resp.json['err'] == 1 |
|
60 |
assert resp.json['err_desc'] == 'payload must be a dict' |
|
61 | ||
46 | 62 |
resp = app.get('/jsondatastore/foobar/data/%s/' % uuid) |
47 | 63 |
assert resp.json['id'] == uuid |
48 | 64 |
assert resp.json['content'] == {'foo': 'bar2'} |
... | ... | |
51 | 67 |
assert resp.json['id'] == uuid |
52 | 68 |
assert resp.json['content'] == {'foo': 'bar2', 'foo2': 'bar2'} |
53 | 69 | |
70 |
# check json payload |
|
71 |
resp = app.patch('/jsondatastore/foobar/data/%s/' % uuid, params='foo2=bar2') |
|
72 |
assert resp.json['err'] == 1 |
|
73 |
assert resp.json['err_desc'] == 'could not decode body to json' |
|
74 |
resp = app.patch_json('/jsondatastore/foobar/data/%s/' % uuid, params='foo2=bar2') |
|
75 |
assert resp.json['err'] == 1 |
|
76 |
assert resp.json['err_desc'] == 'payload must be a dict' |
|
77 | ||
54 | 78 |
resp = app.post_json('/jsondatastore/foobar/data/%s/delete' % uuid) |
55 | 79 |
assert resp.json['err'] == 0 |
56 | 80 | |
57 |
- |