feat(impl): [#528] validate policyIDs for update and delete

eclipse-tractusx · May 9, 2024 · fa34764 · fa34764
1 parent b9a120b
commit fa34764
Show file tree

Hide file tree

Showing 7 changed files with 195 additions and 3 deletions.
diff --git a/...src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/...src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java
@@ -56,6 +56,7 @@
 import org.eclipse.tractusx.irs.policystore.services.PolicyStoreService;
 import org.eclipse.tractusx.irs.policystore.validators.BusinessPartnerNumberListValidator;
 import org.eclipse.tractusx.irs.policystore.validators.ValidListOfBusinessPartnerNumbers;
+import org.eclipse.tractusx.irs.policystore.validators.ValidPolicyId;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
@@ -220,7 +221,7 @@ public Map<String, List<PolicyResponse>> getPolicies(//
     @DeleteMapping("/policies/{policyId}")
     @ResponseStatus(HttpStatus.OK)
     @PreAuthorize("hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
-    public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) {
+    public void deleteAllowedPolicy(@ValidPolicyId @PathVariable("policyId") final String policyId) {
         service.deletePolicy(policyId);
     }
 

diff --git a/...-store/src/main/java/org/eclipse/tractusx/irs/policystore/models/UpdatePolicyRequest.java b/...-store/src/main/java/org/eclipse/tractusx/irs/policystore/models/UpdatePolicyRequest.java
@@ -31,6 +31,7 @@
 import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
 import lombok.Builder;
+import org.eclipse.tractusx.irs.policystore.validators.ListOfPolicyIds;
 import org.eclipse.tractusx.irs.policystore.validators.ValidListOfBusinessPartnerNumbers;
 
 /**
@@ -52,6 +53,7 @@ public record UpdatePolicyRequest(
         @Schema(description = "The IDs of the policies to be updated.") //
         @NotNull //
         @NotEmpty //
+        @ListOfPolicyIds //
         List<String> policyIds //
 ) {
 }
diff --git a/...-store/src/main/java/org/eclipse/tractusx/irs/policystore/validators/ListOfPolicyIds.java b/...-store/src/main/java/org/eclipse/tractusx/irs/policystore/validators/ListOfPolicyIds.java
@@ -0,0 +1,47 @@
+/********************************************************************************
+ * Copyright (c) 2022,2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ * Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+package org.eclipse.tractusx.irs.policystore.validators;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import jakarta.validation.Constraint;
+import jakarta.validation.Payload;
+
+/**
+ * Annotation for validating list of policyIDs
+ */
+@Documented
+@Constraint(validatedBy = ListOfPolicyIdsValidator.class)
+@Target({ ElementType.FIELD,
+          ElementType.PARAMETER
+})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface ListOfPolicyIds {
+
+    String message() default "Invalid list of policyIDs";
+
+    Class<?>[] groups() default { };
+
+    Class<? extends Payload>[] payload() default { };
+}
diff --git a/...c/main/java/org/eclipse/tractusx/irs/policystore/validators/ListOfPolicyIdsValidator.java b/...c/main/java/org/eclipse/tractusx/irs/policystore/validators/ListOfPolicyIdsValidator.java
@@ -0,0 +1,51 @@
+/********************************************************************************
+ * Copyright (c) 2022,2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ * Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+package org.eclipse.tractusx.irs.policystore.validators;
+
+import java.util.List;
+
+import jakarta.validation.ConstraintValidator;
+import jakarta.validation.ConstraintValidatorContext;
+
+/**
+ * Validator for list of policyIDs
+ */
+public class ListOfPolicyIdsValidator implements ConstraintValidator<ListOfPolicyIds, List<String>> {
+
+    @Override
+    public boolean isValid(final List<String> value, final ConstraintValidatorContext context) {
+
+        // allow null and empty here (in order to allow flexible combination with @NotNull and @NotEmpty)
+        if (value == null || value.isEmpty()) {
+            return true;
+        }
+
+        for (int index = 0; index < value.size(); index++) {
+            if (!PolicyIdValidator.isValid(value.get(index))) {
+                context.disableDefaultConstraintViolation();
+                final String msg = "The policyId at index %d is invalid (should be a valid UUID)";
+                context.buildConstraintViolationWithTemplate(msg.formatted(index)).addConstraintViolation();
+                return false;
+            }
+        }
+
+        return true;
+    }
+}
diff --git a/...tore/src/main/java/org/eclipse/tractusx/irs/policystore/validators/PolicyIdValidator.java b/...tore/src/main/java/org/eclipse/tractusx/irs/policystore/validators/PolicyIdValidator.java
@@ -38,7 +38,7 @@ public boolean isValid(final String value, final ConstraintValidatorContext cont
         return isNull || isValid(value);
     }
 
-    private static boolean isValid(final String policyId) {
+    public static boolean isValid(final String policyId) {
         return validateUUID(policyId);
     }
 

diff --git a/...g/eclipse/tractusx/irs/policystore/validators/BusinessPartnerNumberListValidatorTest.java b/...g/eclipse/tractusx/irs/policystore/validators/BusinessPartnerNumberListValidatorTest.java
@@ -38,7 +38,7 @@
 import org.mockito.junit.jupiter.MockitoExtension;
 
 @ExtendWith(MockitoExtension.class)
-public class BusinessPartnerNumberListValidatorTest {
+class BusinessPartnerNumberListValidatorTest {
 
     public static final String VALID_BPN_1 = "BPNL1234567890AB";
     public static final String VALID_BPN_2 = "BPNL123456789012";

diff --git a/.../test/java/org/eclipse/tractusx/irs/policystore/validators/PolicyIdListValidatorTest.java b/.../test/java/org/eclipse/tractusx/irs/policystore/validators/PolicyIdListValidatorTest.java
@@ -0,0 +1,91 @@
+/********************************************************************************
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+package org.eclipse.tractusx.irs.policystore.validators;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.verify;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.UUID;
+
+import jakarta.validation.ConstraintValidatorContext;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Answers;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+@ExtendWith(MockitoExtension.class)
+class PolicyIdListValidatorTest {
+
+    @InjectMocks
+    private ListOfPolicyIdsValidator validator;
+
+    @Captor
+    private ArgumentCaptor<String> messageCaptor;
+
+    @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+    private ConstraintValidatorContext contextMock;
+
+    @Test
+    void withEmptyListOfStrings() {
+        assertThat(validator.isValid(Collections.emptyList(), contextMock)).isTrue();
+    }
+
+    @Test
+    void withNull() {
+        assertThat(validator.isValid(null, contextMock)).isTrue();
+    }
+
+    @Test
+    void withValidListOfStrings() {
+        final String policyId1 = UUID.randomUUID().toString();
+        final String policyId2 = UUID.randomUUID().toString();
+        List<String> validList = Arrays.asList(policyId1, policyId2);
+        assertThat(validator.isValid(validList, contextMock)).isTrue();
+    }
+
+    @Test
+    void withListContainingInvalidPolicyId() {
+        List<String> invalidList = Arrays.asList(UUID.randomUUID().toString(), "_INVALID_POLICY_ID_");
+        assertThat(validator.isValid(invalidList, contextMock)).isFalse();
+        verify(contextMock).buildConstraintViolationWithTemplate(messageCaptor.capture());
+        assertThat(messageCaptor.getValue()).contains("policyId").contains(" index 1 ").contains("invalid");
+    }
+
+    //    @ParameterizedTest
+    //    @ValueSource(strings = { "BPN",
+    //                             "BPNL",
+    //                             "BPNACB",
+    //                             "BPNA1234567890AB",
+    //                             "BPNS1234567890AB",
+    //                             "DELETE * FROM Table",
+    //                             "ERRRES"
+    //    })
+    //    void withInvalidBPN(final String invalidBPN) {
+    //        assertThat(validator.isValid(Collections.singletonList(invalidBPN), contextMock)).isFalse();
+    //        verify(contextMock).buildConstraintViolationWithTemplate(messageCaptor.capture());
+    //        assertThat(messageCaptor.getValue()).contains("BPN").contains(" index 0 ").contains("invalid");
+    //    }
+}