Skip to content

Commit 1d43c41

Browse files
ayush3797Aniruddh25
ayush3797
and
Aniruddh25
authored
Support for ignoring extraneous fields in rest request body (#1608)
## Why make this change? Add support for allowing extraneous fields in request body as per: #1606. ## What is this change? DAB will expose another CLI option in the `init` command `rest.request-body-strict`, which when set to true/false, would set the property `runtime.rest.request-body-strict` as `true`/`false` in the generated runtime config file. What this essentially means is that, as part of the REST mutations (POST/PUT/PATCH), there can be extraneous fields present in the request body and they will be ignored. Default behavior of DAB will continue to be the same as what it is today, i.e. any extraneous fields in the request body would return an error. So to say, the default value of `runtime.rest.request-body-strict` is `true`. ## Additional change Refactored `RequestValidator.cs` class to be a singleton dependent on `ISqlMetaDataProvider` and `RuntimeConfigProvider` services. Better presents its dependency on the two services and simplifies the code. ## What are the different extraneous fields? 1. Fields in request body that do not map to any backing column in the table/view. They will be ignored. 2. Fields that are repeated - present as PK in the request URL for PUT/PATCH requests and also present in the request body. The ones in the request body will be ignored. 3. Read-only fields. The support for this will be added in a subsequent PR: #1596. -> Read-only field are: **Computed** (or Generated) / **AutoGenerated** fields in MsSql/MySql/PgSql -> **timestamp** fields in MsSql ## Questions: **1. What about authorization of extraneous fields?** When operating in flexible mode, the user is _not_ authorized for extraneous fields NOT defined on table because those fields are ignored. For all other cases, authorization goes as usual. ## How was this tested? - [x] Integration Tests - Added tests to validate that extraneous fields are allowed in the request body for all the 3 relational DBs in the `{*}RestBodyNonStrictModeTests.cs` classes inheriting from the base class `RestBodyNonStrictModeTests.cs`. (* = MsSql,MySql,PostgreSql) - [x] Unit Tests - Added unit test to validate the functionality of the newly added --`rest.request-body-strict` feature in the init command. --------- Co-authored-by: Aniruddh Munde <[email protected]>
1 parent 987df9e commit 1d43c41

158 files changed

Lines changed: 1499 additions & 228 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

config-generators/mysql-commands.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
init --config "dab-config.MySql.json" --database-type mysql --connection-string "server=localhost;database=datagatewaytest;uid=root;pwd=REPLACEME" --host-mode Development --cors-origin "http://localhost:5000"
22
add Publisher --config "dab-config.MySql.json" --source publishers --permissions "anonymous:read"
3-
add Stock --config "dab-config.MySql.json" --source stocks --permissions "anonymous:create,read,update"
3+
add Stock --config "dab-config.MySql.json" --source stocks --permissions "anonymous:create,read,update,delete"
44
add Book --config "dab-config.MySql.json" --source books --permissions "anonymous:create,read,update,delete" --graphql "book:books"
55
add BookWebsitePlacement --config "dab-config.MySql.json" --source book_website_placements --permissions "anonymous:read"
66
add Author --config "dab-config.MySql.json" --source authors --permissions "anonymous:read"

schemas/dab.draft.schema.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,11 @@
133133
"enabled": {
134134
"type": "boolean",
135135
"description": "Allow enabling/disabling REST requests for all entities."
136+
},
137+
"request-body-strict": {
138+
"type": "boolean",
139+
"description": "Does not allow extraneous fields in request body when set to true.",
140+
"default": true
136141
}
137142
}
138143
},

src/Cli.Tests/ConfigGeneratorTests.cs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,8 @@ public void TestSpecialCharactersInConnectionString()
155155
""runtime"": {
156156
""rest"": {
157157
""enabled"": true,
158-
""path"": ""/api""
158+
""path"": ""/api"",
159+
""request-body-strict"": true
159160
},
160161
""graphql"": {
161162
""enabled"": true,
@@ -183,6 +184,8 @@ public void TestSpecialCharactersInConnectionString()
183184
Assert.IsTrue(TryGenerateConfig(options, _runtimeConfigLoader!, _fileSystem!));
184185

185186
StringBuilder actualRuntimeConfigJson = new(_fileSystem!.File.ReadAllText(TEST_RUNTIME_CONFIG_FILE, Encoding.Default));
187+
// The order of these replacements should be identical to the ones being done with expectedRuntimeConfigJson to ensure that
188+
// the replacements done are identical.
186189
actualRuntimeConfigJson = actualRuntimeConfigJson.Replace(" ", string.Empty);
187190
actualRuntimeConfigJson = actualRuntimeConfigJson.Replace("\r\n", string.Empty);
188191
actualRuntimeConfigJson = actualRuntimeConfigJson.Replace("\n", string.Empty);

src/Cli.Tests/EndToEndTests.cs

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -829,4 +829,32 @@ public void TestEnabledDisabledFlagsForApis(
829829
}
830830
}
831831
}
832+
833+
/// <summary>
834+
/// Test to validate that whenever the option rest.request-body-strict is included in the init command,
835+
/// the runtimeconfig is initialized with the appropriate value of the above option in the rest runtime section, as it is assigned in the init command.
836+
/// When the above mentioned option is not included in the init command, the default behavior - that of not allowing any extraneous fields in request body, is observed.
837+
/// </summary>
838+
/// <param name="includeRestRequestBodyStrictFlag">Whether or not to include --rest.request-body-strict option in the init command.</param>
839+
/// <param name="isRequestBodyStrict">Value of the rest.request-body-strict option in the init command.</param>
840+
[DataTestMethod]
841+
[DataRow(true, false, DisplayName = "dab init command specifies --rest.request-body-strict as false - REST request body allows extraneous fields.")]
842+
[DataRow(true, true, DisplayName = "dab init command specifies --rest.request-body-strict as true - REST request body doesn't allow extraneous fields.")]
843+
[DataRow(false, true, DisplayName = "dab init command does not include --rest.request-body-strict flag. The default behavior is followed - REST request body doesn't allow extraneous fields.")]
844+
public void TestRestRequestBodyStrictMode(bool includeRestRequestBodyStrictFlag, bool isRequestBodyStrict)
845+
{
846+
string[] initArgs = { "init", "-c", TEST_RUNTIME_CONFIG_FILE, "--host-mode", "development", "--database-type", "mssql",
847+
"--connection-string", SAMPLE_TEST_CONN_STRING};
848+
849+
if (includeRestRequestBodyStrictFlag)
850+
{
851+
string[] restRequestBodyArgs = { "--rest.request-body-strict", isRequestBodyStrict.ToString() };
852+
initArgs = initArgs.Concat(restRequestBodyArgs).ToArray();
853+
}
854+
855+
Program.Execute(initArgs, _cliLogger!, _fileSystem!, _runtimeConfigLoader!);
856+
857+
Assert.IsTrue(_runtimeConfigLoader!.TryLoadConfig(TEST_RUNTIME_CONFIG_FILE, out RuntimeConfig? runtimeConfig));
858+
Assert.AreEqual(isRequestBodyStrict, runtimeConfig.Runtime.Rest.RequestBodyStrict);
859+
}
832860
}

src/Cli.Tests/Snapshots/AddEntityTests.AddEntityWithAnExistingNameButWithDifferentCase.verified.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@
55
Runtime: {
66
Rest: {
77
Enabled: true,
8-
Path: /api
8+
Path: /api,
9+
RequestBodyStrict: true
910
},
1011
GraphQL: {
1112
Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddEntityWithPolicyAndFieldProperties_70de36ebf1478d0d.verified.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@
55
Runtime: {
66
Rest: {
77
Enabled: true,
8-
Path: /api
8+
Path: /api,
9+
RequestBodyStrict: true
910
},
1011
GraphQL: {
1112
Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddEntityWithPolicyAndFieldProperties_9f612e68879149a3.verified.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@
55
Runtime: {
66
Rest: {
77
Enabled: true,
8-
Path: /api
8+
Path: /api,
9+
RequestBodyStrict: true
910
},
1011
GraphQL: {
1112
Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddEntityWithPolicyAndFieldProperties_bea2d26f3e5462d8.verified.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@
55
Runtime: {
66
Rest: {
77
Enabled: true,
8-
Path: /api
8+
Path: /api,
9+
RequestBodyStrict: true
910
},
1011
GraphQL: {
1112
Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddNewEntityWhenEntitiesEmpty.verified.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@
55
Runtime: {
66
Rest: {
77
Enabled: true,
8-
Path: /api
8+
Path: /api,
9+
RequestBodyStrict: true
910
},
1011
GraphQL: {
1112
Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddNewEntityWhenEntitiesNotEmpty.verified.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@
55
Runtime: {
66
Rest: {
77
Enabled: true,
8-
Path: /api
8+
Path: /api,
9+
RequestBodyStrict: true
910
},
1011
GraphQL: {
1112
Enabled: true,

0 commit comments

Comments
 (0)