src/main/kotlin/fr/dcproject/component/vote/routes/PutVoteOnConstitution.kt

@@ -1,5 +1,6 @@
 package fr.dcproject.component.vote.routes
 
+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.security.assert
 import fr.dcproject.common.utils.receiveOrBadRequest
 import fr.dcproject.component.auth.citizen
@@ -11,6 +12,9 @@ import fr.dcproject.component.vote.VoteAccessControl
 import fr.dcproject.component.vote.database.VoteConstitutionRepository
 import fr.dcproject.component.vote.database.VoteForUpdate
 import fr.dcproject.component.vote.routes.PutVoteOnConstitution.ConstitutionVoteRequest.Input
+import io.konform.validation.Validation
+import io.konform.validation.jsonschema.maximum
+import io.konform.validation.jsonschema.minimum
 import io.ktor.application.call
 import io.ktor.features.NotFoundException
 import io.ktor.http.HttpStatusCode
@@ -26,17 +30,25 @@ object PutVoteOnConstitution {
     @Location("/constitutions/{constitution}/vote")
     class ConstitutionVoteRequest(constitution: UUID) {
         val constitution = ConstitutionRef(constitution)
-        data class Input(var note: Int)
+        data class Input(var note: Int) {
+            fun validate() = Validation<Input> {
+                Input::note {
+                    minimum(-1)
+                    maximum(1)
+                }
+            }.validate(this)
+        }
     }
 
     fun Route.voteConstitution(repo: VoteConstitutionRepository, ac: VoteAccessControl, constitutionRepo: ConstitutionRepository) {
         put<ConstitutionVoteRequest> {
             mustBeAuth()
             val constitution = constitutionRepo.findById(it.constitution.id) ?: throw NotFoundException("Unable to find constitution ${it.constitution.id}")
-            val content = call.receiveOrBadRequest<Input>()
+            val input = call.receiveOrBadRequest<Input>()
+                .apply { validate().badRequestIfNotValid() }
             val vote = VoteForUpdate(
                 target = constitution,
-                note = content.note,
+                note = input.note,
                 createdBy = this.citizen
             )
             ac.assert { canCreate(vote, citizenOrNull) }

src/main/resources/openapi.yaml

@@ -1194,6 +1194,12 @@ paths:
       responses:
         201:
           description: Return only http status 201 on success
+        400:
+          description: BadReqest
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/400'
   /citizens/{citizen}/votes:
     parameters:
       - $ref: '#/components/parameters/citizen'

src/test/kotlin/integration/Vote routes.kt

@@ -88,21 +88,60 @@ class `Vote routes` : BaseTest() {
         }
     }
 
-    @Test
-    fun `I can vote constitution`() {
+    @TestFactory
+    fun `I can vote constitution`(): List<DynamicTest> {
         withIntegrationApplication {
             `Given I have citizen`("Gregor", "Mendel")
             `Given I have constitution`(id = "76e79c89-efc1-492d-9e8f-dc9717363a11")
-            `When I send a PUT request`("/constitutions/76e79c89-efc1-492d-9e8f-dc9717363a11/vote") {
-                `authenticated as`("Gregor", "Mendel")
-                `with body`(
-                    """
-                    {
-                      "note": 1
+        }
+        return (-1..1).map { note ->
+            DynamicTest.dynamicTest("""I can vote constitution with note "$note"""") {
+                withIntegrationApplication {
+                    `When I send a PUT request`("/constitutions/76e79c89-efc1-492d-9e8f-dc9717363a11/vote") {
+                        `authenticated as`("Gregor", "Mendel")
+                        `with body`(
+                            """
+                            {
+                              "note": $note
+                            }²
+                            """
+                        )
+                    } `Then the response should be` Created
+                }
+            }
+        }
+    }
+
+    @TestFactory
+    @Tag("BadRequest")
+    fun `I cannot vote constitution with wrong request`(): List<DynamicTest> {
+        withIntegrationApplication {
+            `Given I have citizen`("Gregor", "Mendel")
+            `Given I have constitution`(id = "76e79c89-efc1-492d-9e8f-dc9717363a11")
+        }
+
+        return listOf(-10, -2, +2, +10).map { note ->
+            DynamicTest.dynamicTest("""I can vote constitution with note "$note"""") {
+                withIntegrationApplication {
+                    `When I send a PUT request`(
+                        "/constitutions/76e79c89-efc1-492d-9e8f-dc9717363a11/vote",
+                        ALL - REQUEST_BODY
+                    ) {
+                        `authenticated as`("Gregor", "Mendel")
+                        `with body`(
+                            """
+                            {
+                              "note": $note
+                            }
+                            """
+                        )
+                    } `Then the response should be` BadRequest and {
+                        `And the response should not be null`()
+                        `And the response should contain`("$.invalidParams[0].name", ".note")
+                        `And the response should contain`("$.invalidParams[0].reason", if (note > 0) "must be at most '1'" else "must be at least '-1'")
                     }
-                    """
-                )
-            } `Then the response should be` Created
+                }
+            }
         }
     }