diff options
| author | Bryan Newbold <bnewbold@robocracy.org> | 2018-12-20 19:17:28 -0800 |
|---|---|---|
| committer | Bryan Newbold <bnewbold@robocracy.org> | 2018-12-20 19:17:28 -0800 |
| commit | 42933fd13c11dce9dbfe6dd44132a633786e0796 (patch) | |
| tree | de10881fa5306fe5a6e12050daa8902c00b2abd4 | |
| parent | 623f64d241ebf2bfc68168d12a22423b06584b04 (diff) | |
| download | fatcat-42933fd13c11dce9dbfe6dd44132a633786e0796.tar.gz fatcat-42933fd13c11dce9dbfe6dd44132a633786e0796.zip | |
disallow self-redirects
| -rw-r--r-- | python/tests/api_entity_redirects.py | 24 | ||||
| -rw-r--r-- | rust/src/api_entity_crud.rs | 17 |
2 files changed, 37 insertions, 4 deletions
diff --git a/python/tests/api_entity_redirects.py b/python/tests/api_entity_redirects.py index a0cc1ed9..9bcd255c 100644 --- a/python/tests/api_entity_redirects.py +++ b/python/tests/api_entity_redirects.py @@ -295,6 +295,10 @@ def test_recursive_redirects_entity(api): api.accept_editgroup(eg.id) res = api.get_creator(c2.ident) assert res.display_name == "test two" + with pytest.raises(fatcat_client.rest.ApiException): + res = api.lookup_creator(orcid=o3) + res = api.lookup_creator(orcid=o2) + assert res.ident == c2.ident # redirect first to third: should be an error at merge time c1_redirect = CreatorEntity(redirect=c3.ident) @@ -316,6 +320,8 @@ def test_recursive_redirects_entity(api): res = api.get_creator(c3.ident) assert res.display_name == "test two updated" assert res.state == "redirect" + res = api.lookup_creator(orcid=o2) + assert res.ident == c2.ident # delete second; check that third updated eg = quick_eg(api) @@ -326,6 +332,8 @@ def test_recursive_redirects_entity(api): res = api.get_creator(c3.ident) assert res.state == "redirect" assert res.display_name is None + with pytest.raises(fatcat_client.rest.ApiException): + res = api.lookup_creator(orcid=o2) # undelete second; check that third updated eg = quick_eg(api) @@ -362,6 +370,8 @@ def test_recursive_redirects_entity(api): res = api.get_creator(c3.ident) assert res.state == "redirect" assert res.display_name is None + with pytest.raises(fatcat_client.rest.ApiException): + res = api.lookup_creator(orcid=o2) eg = quick_eg(api) api.delete_creator(c3.ident, editgroup=eg.id) api.accept_editgroup(eg.id) @@ -376,3 +386,17 @@ def test_recursive_redirects_entity(api): # c3 already deleted api.accept_editgroup(eg.id) +def test_self_redirect(api): + + c1 = CreatorEntity(display_name="test self-redirect") + + # create creator + eg = quick_eg(api) + c1 = api.get_creator(api.create_creator(c1, editgroup=eg.id).ident) + api.accept_editgroup(eg.id) + + # redirect first to itself; should error on PUT + c1_redirect = CreatorEntity(redirect=c1.ident) + eg = quick_eg(api) + with pytest.raises(fatcat_client.rest.ApiException): + merge_edit = api.update_creator(c1.ident, c1_redirect, editgroup=eg.id) diff --git a/rust/src/api_entity_crud.rs b/rust/src/api_entity_crud.rs index 63e5699e..1b36f71d 100644 --- a/rust/src/api_entity_crud.rs +++ b/rust/src/api_entity_crud.rs @@ -207,6 +207,11 @@ macro_rules! generic_db_update { } if self.state.is_none() { + + if Some(ident.to_string()) == self.redirect { + return Err(ErrorKind::OtherBadRequest( + "tried to redirect entity to itself".to_string()).into()); + } // special case: redirect to another entity if let Some(ref redirect_ident) = self.redirect { let redirect_ident = FatCatId::from_str(&redirect_ident)?.to_uuid(); @@ -458,8 +463,10 @@ macro_rules! generic_db_accept_edits_batch { .count() .get_result(conn)?; if forward_recursive_redirects != 0 { - // TODO: error type - bail!("forward recurisve redirects") + return Err(ErrorKind::OtherBadRequest( + "one or more (forward) recurisve redirects".to_string(), + ) + .into()); } // assert that we aren't redirecting while something already redirects to us @@ -474,8 +481,10 @@ macro_rules! generic_db_accept_edits_batch { .count() .get_result(conn)?; if backward_recursive_redirects != 0 { - // TODO: error type - bail!("backward recursive redirects") + return Err(ErrorKind::OtherBadRequest( + "one or more (backward) recurisve redirects".to_string(), + ) + .into()); } // update any/all redirects for updated entities |