diff --git a/api/client.go b/api/client.go index f32a989..986c14f 100644 --- a/api/client.go +++ b/api/client.go @@ -25,6 +25,19 @@ type ClientAPI struct { NotifyDeleted func(uint, string) } +// Client Params Model +// +// Params allowed to create or update Clients +// +// swagger:model ClientParams +type ClientParams struct { + // The client name + // + // required: true + // example: My Client + Name string `form:"name" query:"name" json:"name" binding:"required"` +} + // UpdateClient updates a client by its id. // swagger:operation PUT /client/{id} client updateClient // @@ -40,7 +53,7 @@ type ClientAPI struct { // description: the client to update // required: true // schema: -// $ref: "#/definitions/Client" +// $ref: "#/definitions/ClientParams" // - name: id // in: path // description: the client id @@ -75,8 +88,8 @@ func (a *ClientAPI) UpdateClient(ctx *gin.Context) { return } if client != nil && client.UserID == auth.GetUserID(ctx) { - newValues := &model.Client{} - if err := ctx.Bind(newValues); err == nil { + newValues := ClientParams{} + if err := ctx.Bind(&newValues); err == nil { client.Name = newValues.Name if success := successOrAbort(ctx, 500, a.DB.UpdateClient(client)); !success { @@ -105,7 +118,7 @@ func (a *ClientAPI) UpdateClient(ctx *gin.Context) { // description: the client to add // required: true // schema: -// $ref: "#/definitions/Client" +// $ref: "#/definitions/ClientParams" // responses: // 200: // description: Ok @@ -124,10 +137,14 @@ func (a *ClientAPI) UpdateClient(ctx *gin.Context) { // schema: // $ref: "#/definitions/Error" func (a *ClientAPI) CreateClient(ctx *gin.Context) { - client := model.Client{} - if err := ctx.Bind(&client); err == nil { - client.Token = auth.GenerateNotExistingToken(generateClientToken, a.clientExists) - client.UserID = auth.GetUserID(ctx) + clientParams := ClientParams{} + if err := ctx.Bind(&clientParams); err == nil { + client := model.Client{ + Name: clientParams.Name, + Token: auth.GenerateNotExistingToken(generateClientToken, a.clientExists), + UserID: auth.GetUserID(ctx), + } + if success := successOrAbort(ctx, 500, a.DB.CreateClient(&client)); !success { return } diff --git a/api/client_test.go b/api/client_test.go index 33fccd1..2102934 100644 --- a/api/client_test.go +++ b/api/client_test.go @@ -76,6 +76,21 @@ func (s *ClientSuite) Test_CreateClient_mapAllParameters() { } } +func (s *ClientSuite) Test_CreateClient_ignoresReadOnlyPropertiesInParams() { + s.db.User(5) + test.WithUser(s.ctx, 5) + + s.withFormData("name=myclient&ID=45&Token=12341234&UserID=333") + + s.a.CreateClient(s.ctx) + expected := &model.Client{ID: 1, UserID: 5, Token: firstClientToken, Name: "myclient"} + + assert.Equal(s.T(), 200, s.recorder.Code) + if clients, err := s.db.GetClientsByUser(5); assert.NoError(s.T(), err) { + assert.Contains(s.T(), clients, expected) + } +} + func (s *ClientSuite) Test_CreateClient_expectBadRequestOnEmptyName() { s.db.User(5) diff --git a/docs/spec.json b/docs/spec.json index bc26043..c011db1 100644 --- a/docs/spec.json +++ b/docs/spec.json @@ -599,7 +599,7 @@ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/Client" + "$ref": "#/definitions/ClientParams" } } ], @@ -665,7 +665,7 @@ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/Client" + "$ref": "#/definitions/ClientParams" } }, { @@ -2092,6 +2092,23 @@ }, "x-go-package": "github.com/gotify/server/v2/model" }, + "ClientParams": { + "description": "Params allowed to create or update Clients", + "type": "object", + "title": "Client Params Model", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "The client name", + "type": "string", + "x-go-name": "Name", + "example": "My Client" + } + }, + "x-go-package": "github.com/gotify/server/v2/api" + }, "CreateUserExternal": { "description": "Used for user creation.", "type": "object",