2021-04-16 03:27:11 +02:00
3 changed files with 61 additions and 4 deletions
--- a/src/main/kotlin/fr/dcproject/component/workgroup/routes/CreateWorkgroup.kt
+++ b/src/main/kotlin/fr/dcproject/component/workgroup/routes/CreateWorkgroup.kt
@@ -1,8 +1,9 @@
 package fr.dcproject.component.workgroup.routes

-import fr.dcproject.common.response.toOutput
+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.security.assert
 import fr.dcproject.common.utils.receiveOrBadRequest
+import fr.dcproject.common.validation.isUrl
 import fr.dcproject.component.auth.citizen
 import fr.dcproject.component.auth.citizenOrNull
 import fr.dcproject.component.auth.mustBeAuth
@@ -10,6 +11,9 @@ import fr.dcproject.component.workgroup.WorkgroupAccessControl
 import fr.dcproject.component.workgroup.database.WorkgroupForUpdate
 import fr.dcproject.component.workgroup.database.WorkgroupRepository
 import fr.dcproject.component.workgroup.routes.CreateWorkgroup.PostWorkgroupRequest.Input
+import io.konform.validation.Validation
+import io.konform.validation.jsonschema.maxLength
+import io.konform.validation.jsonschema.minLength
 import io.ktor.application.call
 import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
@@ -29,13 +33,30 @@ object CreateWorkgroup {
            val description: String,
            val logo: String?,
            val anonymous: Boolean?
-        )
+        ) {
+            fun validate() = Validation<Input> {
+                Input::name {
+                    minLength(5)
+                    maxLength(80)
+                }
+                Input::description {
+                    minLength(50)
+                    maxLength(6000)
+                }
+                Input::logo ifPresent {
+                    isUrl()
+                    maxLength(2048)
+                }
+            }.validate(this)
+        }
    }

    fun Route.createWorkgroup(repo: WorkgroupRepository, ac: WorkgroupAccessControl) {
        post<PostWorkgroupRequest> {
            mustBeAuth()
            call.receiveOrBadRequest<Input>().run {
+                validate().badRequestIfNotValid()
+
                WorkgroupForUpdate(
                    id ?: UUID.randomUUID(),
                    name,
--- a/src/main/resources/openapi.yaml
+++ b/src/main/resources/openapi.yaml
@@ -1403,6 +1403,12 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/Workgroup'
+        400:
+          description: BadReqest
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/400'
  /workgroups/{workgroup}:
    parameters:
      - $ref: '#/components/parameters/workgroup'
--- a/src/test/kotlin/integration/Workgroup
+++ b/src/test/kotlin/integration/Workgroup
@@ -77,7 +77,7 @@ class `Workgroup routes` : BaseTest() {
                    {
                        "id":"f496d86d-6654-4068-91ff-90e1dbcc5f38",
                        "name":"Les Bouffons",
-                        "description":"La vie est belle",
+                        "description":"Pellentesque eleifend malesuada aliquam. Maecenas et urna quis nunc lacinia scelerisque.",
                        "anonymous":false
                    }
                    """
@@ -85,7 +85,7 @@ class `Workgroup routes` : BaseTest() {
            } `Then the response should be` Created and {
                `And the response should contain`("$.id", "f496d86d-6654-4068-91ff-90e1dbcc5f38")
                `And the response should contain`("$.name", "Les Bouffons")
-                `And the response should contain`("$.description", "La vie est belle")
+                `And the response should contain`("$.description", "Pellentesque eleifend malesuada aliquam. Maecenas et urna quis nunc lacinia scelerisque.")
                `And the response should contain`("$.anonymous", false)
            }

@@ -95,6 +95,36 @@ class `Workgroup routes` : BaseTest() {
        }
    }

+    @Test
+    @Tag("BadRequest")
+    fun `I cannot create a workgroup with wrong request`() {
+        withIntegrationApplication {
+            `Given I have citizen`("Werner", "Heisenberg")
+            `When I send a POST request`("/workgroups") {
+                `authenticated as`("Werner", "Heisenberg")
+                `with body`(
+                    """
+                    {
+                        "id":"f496d86d-6654-4068-91ff-90e1dbcc5f38",
+                        "name":"sm",
+                        "description":"small",
+                        "anonymous":false,
+                        "logo": "www.plop.com"
+                    }
+                    """
+                )
+            } `Then the response should be` BadRequest and {
+                `And the response should not be null`()
+                `And the response should contain`("$.invalidParams[0].name", ".name")
+                `And the response should contain`("$.invalidParams[0].reason", "must have at least 5 characters")
+                `And the response should contain`("$.invalidParams[1].name", ".description")
+                `And the response should contain`("$.invalidParams[1].reason", "must have at least 50 characters")
+                `And the response should contain`("$.invalidParams[2].name", ".logo")
+                `And the response should contain`("$.invalidParams[2].reason", "is not url")
+            }
+        }
+    }
+
    @Test
    fun `I can edit a workgroup`() {
        withIntegrationApplication {