aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2018-12-20 19:17:28 -0800
committerBryan Newbold <bnewbold@robocracy.org>2018-12-20 19:17:28 -0800
commit42933fd13c11dce9dbfe6dd44132a633786e0796 (patch)
treede10881fa5306fe5a6e12050daa8902c00b2abd4
parent623f64d241ebf2bfc68168d12a22423b06584b04 (diff)
downloadfatcat-42933fd13c11dce9dbfe6dd44132a633786e0796.tar.gz
fatcat-42933fd13c11dce9dbfe6dd44132a633786e0796.zip
disallow self-redirects
-rw-r--r--python/tests/api_entity_redirects.py24
-rw-r--r--rust/src/api_entity_crud.rs17
2 files changed, 37 insertions, 4 deletions
diff --git a/python/tests/api_entity_redirects.py b/python/tests/api_entity_redirects.py
index a0cc1ed9..9bcd255c 100644
--- a/python/tests/api_entity_redirects.py
+++ b/python/tests/api_entity_redirects.py
@@ -295,6 +295,10 @@ def test_recursive_redirects_entity(api):
api.accept_editgroup(eg.id)
res = api.get_creator(c2.ident)
assert res.display_name == "test two"
+ with pytest.raises(fatcat_client.rest.ApiException):
+ res = api.lookup_creator(orcid=o3)
+ res = api.lookup_creator(orcid=o2)
+ assert res.ident == c2.ident
# redirect first to third: should be an error at merge time
c1_redirect = CreatorEntity(redirect=c3.ident)
@@ -316,6 +320,8 @@ def test_recursive_redirects_entity(api):
res = api.get_creator(c3.ident)
assert res.display_name == "test two updated"
assert res.state == "redirect"
+ res = api.lookup_creator(orcid=o2)
+ assert res.ident == c2.ident
# delete second; check that third updated
eg = quick_eg(api)
@@ -326,6 +332,8 @@ def test_recursive_redirects_entity(api):
res = api.get_creator(c3.ident)
assert res.state == "redirect"
assert res.display_name is None
+ with pytest.raises(fatcat_client.rest.ApiException):
+ res = api.lookup_creator(orcid=o2)
# undelete second; check that third updated
eg = quick_eg(api)
@@ -362,6 +370,8 @@ def test_recursive_redirects_entity(api):
res = api.get_creator(c3.ident)
assert res.state == "redirect"
assert res.display_name is None
+ with pytest.raises(fatcat_client.rest.ApiException):
+ res = api.lookup_creator(orcid=o2)
eg = quick_eg(api)
api.delete_creator(c3.ident, editgroup=eg.id)
api.accept_editgroup(eg.id)
@@ -376,3 +386,17 @@ def test_recursive_redirects_entity(api):
# c3 already deleted
api.accept_editgroup(eg.id)
+def test_self_redirect(api):
+
+ c1 = CreatorEntity(display_name="test self-redirect")
+
+ # create creator
+ eg = quick_eg(api)
+ c1 = api.get_creator(api.create_creator(c1, editgroup=eg.id).ident)
+ api.accept_editgroup(eg.id)
+
+ # redirect first to itself; should error on PUT
+ c1_redirect = CreatorEntity(redirect=c1.ident)
+ eg = quick_eg(api)
+ with pytest.raises(fatcat_client.rest.ApiException):
+ merge_edit = api.update_creator(c1.ident, c1_redirect, editgroup=eg.id)
diff --git a/rust/src/api_entity_crud.rs b/rust/src/api_entity_crud.rs
index 63e5699e..1b36f71d 100644
--- a/rust/src/api_entity_crud.rs
+++ b/rust/src/api_entity_crud.rs
@@ -207,6 +207,11 @@ macro_rules! generic_db_update {
}
if self.state.is_none() {
+
+ if Some(ident.to_string()) == self.redirect {
+ return Err(ErrorKind::OtherBadRequest(
+ "tried to redirect entity to itself".to_string()).into());
+ }
// special case: redirect to another entity
if let Some(ref redirect_ident) = self.redirect {
let redirect_ident = FatCatId::from_str(&redirect_ident)?.to_uuid();
@@ -458,8 +463,10 @@ macro_rules! generic_db_accept_edits_batch {
.count()
.get_result(conn)?;
if forward_recursive_redirects != 0 {
- // TODO: error type
- bail!("forward recurisve redirects")
+ return Err(ErrorKind::OtherBadRequest(
+ "one or more (forward) recurisve redirects".to_string(),
+ )
+ .into());
}
// assert that we aren't redirecting while something already redirects to us
@@ -474,8 +481,10 @@ macro_rules! generic_db_accept_edits_batch {
.count()
.get_result(conn)?;
if backward_recursive_redirects != 0 {
- // TODO: error type
- bail!("backward recursive redirects")
+ return Err(ErrorKind::OtherBadRequest(
+ "one or more (backward) recurisve redirects".to_string(),
+ )
+ .into());
}
// update any/all redirects for updated entities