From: Daniel Axtens <dja@axtens.net>
Date: Tue, 30 Apr 2019 06:03:04 +0000 (+1000)
Subject: REST: A check must specify a state
X-Git-Tag: v2.1.2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=233e6849f636c67048ef81290d48a168f7d1c766;p=thirdparty%2Fpatchwork.git

REST: A check must specify a state

The Ozlabs crew noticed that a check without a state caused a
KeyError in data['state']. Mark state as mandatory, check for
it, and add a test.

NOTE(daxtens): Swagger changes are excluded from the backport

Reported-by: Russell Currey <ruscur@russell.cc>
Reported-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Daniel Axtens <dja@axtens.net>
(cherry picked from commit 7a20ccda99e48dab643d1fbd7e170fe3e4c47185)
---

diff --git a/patchwork/api/check.py b/patchwork/api/check.py
index 62e6fd19..1498abbb 100644
--- a/patchwork/api/check.py
+++ b/patchwork/api/check.py
@@ -26,6 +26,7 @@ from rest_framework.generics import RetrieveAPIView
 from rest_framework.serializers import CurrentUserDefault
 from rest_framework.serializers import HiddenField
 from rest_framework.serializers import HyperlinkedModelSerializer
+from rest_framework.serializers import ValidationError
 
 from patchwork.api.base import CheckHyperlinkedIdentityField
 from patchwork.api.base import MultipleFieldLookupMixin
@@ -50,6 +51,9 @@ class CheckSerializer(HyperlinkedModelSerializer):
     user = UserSerializer(default=CurrentUserDefault())
 
     def run_validation(self, data):
+        if 'state' not in data or data['state'] == '':
+            raise ValidationError({'state': ["A check must have a state."]})
+
         for val, label in Check.STATE_CHOICES:
             if label != data['state']:
                 continue
diff --git a/patchwork/tests/api/test_check.py b/patchwork/tests/api/test_check.py
index f5a8eca1..e3ad099c 100644
--- a/patchwork/tests/api/test_check.py
+++ b/patchwork/tests/api/test_check.py
@@ -147,6 +147,22 @@ class TestCheckAPI(APITestCase):
         self.assertEqual(status.HTTP_400_BAD_REQUEST, resp.status_code)
         self.assertEqual(0, Check.objects.all().count())
 
+    def test_create_missing_state(self):
+        """Create a check using invalid values.
+
+        Ensure we handle the state being absent.
+        """
+        check = {
+            'target_url': 'http://t.co',
+            'description': 'description',
+            'context': 'context',
+        }
+
+        self.client.force_authenticate(user=self.user)
+        resp = self.client.post(self.api_url(), check)
+        self.assertEqual(status.HTTP_400_BAD_REQUEST, resp.status_code)
+        self.assertEqual(0, Check.objects.all().count())
+
     def test_create_invalid_patch(self):
         """Ensure we handle non-existent patches."""
         check = {