From 4cbbe58ad04f515a39e2cd5e5ed5d92e4388da49 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Fri, 14 Oct 2016 08:57:30 +0000 Subject: [PATCH] Bug 17445: Add 'malformed query' error response This patch adds to the x-mojo-around action code to give a meaningful error given a bad query parameter in the query string for a request. Test Plan 1) Submit an api request to an existing restful endpoint with no query parameters 2) Confirm the correct response is being given 3) Submit an api request to an existing restful endpoint with an allowed query parameter 4) Confimr the correct response is being given 5) Submit an api request to an existing restful endpoint with a malformed query paramter 6) Note the 400 response code and helpful json api body https://bugs.koha-community.org/show_bug.cgi?id=17445 Signed-off-by: Josef Moravec Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall --- Koha/REST/V1.pm | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Koha/REST/V1.pm b/Koha/REST/V1.pm index d62ee232bd..35d2bfbf0f 100644 --- a/Koha/REST/V1.pm +++ b/Koha/REST/V1.pm @@ -91,6 +91,15 @@ sub authenticate_api_request { ) if $cookie and $action_spec->{'x-koha-authorization'}; } + # Check for malformed query parameters + my @errors; + my %valid_parameters = map { $_->{name} => 1 if $_->{in} eq 'query' } @{$action_spec->{parameters}}; + my $existing_params = $c->req->query_params->to_hash; + for my $param ( keys %{$existing_params} ) { + push @errors, { path => "/query/".$param, message => 'Malformed query string' } unless exists $valid_parameters{$param}; + } + return $c->render_swagger({},\@errors,400) if @errors; + return $next->($c) unless $action_spec->{'x-koha-authorization'}; unless ($user) { return $c->render_swagger({ error => "Authentication required." },{},401); -- 2.39.5