Add annotation to catch empty request body

2023-05-17 14:00:16 -07:00 · 2023-05-17 14:00:16 -07:00 · 9450f88c8c
parent 0706171264
commit 9450f88c8c
3 changed files with 27 additions and 3 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CallLinkController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CallLinkController.java
@ -11,6 +11,7 @@ import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.entities.CreateCallLinkCredential;
 import org.whispersystems.textsecuregcm.entities.GetCreateCallLinkCredentialsRequest;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
+import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.POST;
@ -52,7 +53,7 @@ public class CallLinkController {
  @ApiResponse(responseCode = "429", description = "Ratelimited.")
  public CreateCallLinkCredential getCreateAuth(
      final @Auth AuthenticatedAccount auth,
-      final @NotNull GetCreateCallLinkCredentialsRequest request
+      final @NotNull @Valid GetCreateCallLinkCredentialsRequest request
  ) throws RateLimitExceededException {

    rateLimiters.getCreateCallLinkLimiter().validate(auth.getAccount().getUuid());
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/GetCreateCallLinkCredentialsRequest.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/GetCreateCallLinkCredentialsRequest.java
@ -1,5 +1,6 @@
 package org.whispersystems.textsecuregcm.entities;

-import javax.validation.constraints.NotNull;
+import javax.validation.constraints.NotEmpty;

-public record GetCreateCallLinkCredentialsRequest(@NotNull byte[] createCallLinkCredentialRequest) {}
+
+public record GetCreateCallLinkCredentialsRequest(@NotEmpty byte[] createCallLinkCredentialRequest) {}
--- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/CallLinkControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/CallLinkControllerTest.java
@ -100,6 +100,28 @@ public class CallLinkControllerTest {
    }
  }

+  @Test
+  void testGetCreateAuthInvalidInputEmptyRequestBody() {
+    try (Response response = resources.getJerseyTest()
+        .target("/v1/call-link/create-auth")
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
+        .post(Entity.json("{}"))) {
+      assertThat(response.getStatus()).isEqualTo(422);
+    }
+  }
+
+  @Test
+  void testGetCreateAuthInvalidInputEmptyField() {
+    try (Response response = resources.getJerseyTest()
+        .target("/v1/call-link/create-auth")
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
+        .post(Entity.json("{\"createCallLinkCredentialRequest\": \"\"}"))) {
+      assertThat(response.getStatus()).isEqualTo(422);
+    }
+  }
+
  @Test
  void testGetCreateAuthRatelimited() throws RateLimitExceededException{
    doThrow(new RateLimitExceededException(null, false))