From ea336f4ebcdb97b834020fb199501d10c0c834b7 Mon Sep 17 00:00:00 2001 From: VLE2FE Date: Fri, 29 May 2020 14:26:39 +0200 Subject: [PATCH] forbid condition_template as parameter name for template --- src/routes/template.spec.ts | 23 +++++++++++++++++++++-- src/routes/user.spec.ts | 1 - src/routes/validate/template.ts | 1 + 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/routes/template.spec.ts b/src/routes/template.spec.ts index 7f07d1d..95141af 100644 --- a/src/routes/template.spec.ts +++ b/src/routes/template.spec.ts @@ -5,7 +5,6 @@ import TemplateMeasurementModel from '../models/measurement_template'; import TestHelper from "../test/helper"; // TODO: do not allow usage of old templates for new samples -// TODO: template parameters are not allowed to be condition_template describe('/template', () => { let server; @@ -218,6 +217,16 @@ describe('/template', () => { done(); }); }); + it('rejects `condition_template` as parameter name', done => { + TestHelper.request(server, done, { + method: 'put', + url: '/template/condition/200000000000000000000001', + auth: {basic: 'admin'}, + httpStatus: 400, + req: {parameters: [{name: 'condition_template', range: {}}]}, + res: {status: 'Invalid body format', details: '"parameters[0].name" contains an invalid value'} + }); + }); it('rejects not specified parameters', done => { TestHelper.request(server, done, { method: 'put', @@ -227,7 +236,7 @@ describe('/template', () => { req: {name: 'heat treatment', parameters: [{name: 'material', range: {xx: 5}}]}, res: {status: 'Invalid body format', details: '"parameters[0].range.xx" is not allowed'} }); - }) + }); it('rejects an invalid id', done => { TestHelper.request(server, done, { method: 'put', @@ -327,6 +336,16 @@ describe('/template', () => { res: {status: 'Invalid body format', details: '"name" is required'} }); }); + it('rejects `condition_template` as parameter name', done => { + TestHelper.request(server, done, { + method: 'post', + url: '/template/condition/new', + auth: {basic: 'admin'}, + httpStatus: 400, + req: {name: 'heat aging', parameters: [{name: 'condition_template', range: {min: 1}}]}, + res: {status: 'Invalid body format', details: '"parameters[0].name" contains an invalid value'} + }); + }); it('rejects a number prefix', done => { TestHelper.request(server, done, { method: 'post', diff --git a/src/routes/user.spec.ts b/src/routes/user.spec.ts index a0d67a5..917b734 100644 --- a/src/routes/user.spec.ts +++ b/src/routes/user.spec.ts @@ -2,7 +2,6 @@ import should from 'should/as-function'; import UserModel from '../models/user'; import TestHelper from "../test/helper"; -// TODO: reject usernames containing admin, etc. describe('/user', () => { let server; diff --git a/src/routes/validate/template.ts b/src/routes/validate/template.ts index 111951e..7a63d1d 100644 --- a/src/routes/validate/template.ts +++ b/src/routes/validate/template.ts @@ -14,6 +14,7 @@ export default class TemplateValidate { Joi.object({ name: Joi.string() .max(128) + .invalid('condition_template') .required(), range: Joi.object({