Add validation when fetching options

Altinn · Nov 12, 2024 · eb296b5 · eb296b5
1 parent 4c50a5c
commit eb296b5
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 3 deletions.
diff --git a/backend/src/Designer/Services/Implementation/OptionsService.cs b/backend/src/Designer/Services/Implementation/OptionsService.cs
@@ -1,7 +1,9 @@
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
+using Altinn.Studio.Designer.Exceptions.Options;
 using Altinn.Studio.Designer.Models;
 using Altinn.Studio.Designer.Services.Interfaces;
 using LibGit2Sharp;
@@ -49,9 +51,26 @@ public async Task<List<Option>> GetOptionsList(string org, string repo, string d
 
         string optionsListString = await altinnAppGitRepository.GetOptionsList(optionsListId, cancellationToken);
         var optionsList = JsonSerializer.Deserialize<List<Option>>(optionsListString);
+
+        try
+        {
+            optionsList.ForEach(ValidateOption);
+        }
+        catch (ValidationException)
+        {
+            throw new InvalidOptionsFormatException($"One or more of the options has invalid format in file: {optionsListId}.");
+        }
+
+
         return optionsList;
     }
 
+    private void ValidateOption(Option option)
+    {
+        var validationContext = new ValidationContext(option);
+        Validator.ValidateObject(option, validationContext, validateAllProperties: true);
+    }
+
     /// <inheritdoc />
     public async Task<List<Option>> CreateOrOverwriteOptionsList(string org, string repo, string developer, string optionsListId, List<Option> payload, CancellationToken cancellationToken = default)
     {

diff --git a/backend/tests/Designer.Tests/Controllers/OptionsController/GetOptionsTests.cs b/backend/tests/Designer.Tests/Controllers/OptionsController/GetOptionsTests.cs
@@ -3,9 +3,12 @@
 using System.Net.Http;
 using System.Text.Json;
 using System.Threading.Tasks;
+using Altinn.Studio.Designer.Filters;
 using Altinn.Studio.Designer.Models;
 using Designer.Tests.Controllers.ApiTests;
+using FluentAssertions;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Testing;
 using Xunit;
 
@@ -96,4 +99,28 @@ public async Task GetSingleOptionsList_Returns404NotFound_WhenOptionsListDoesNot
         // Assert
         Assert.Equal(StatusCodes.Status404NotFound, (int)response.StatusCode);
     }
+
+    [Fact]
+    public async Task GetSingleOptionsList_Returns400BadRequest_WhenOptionsListIsInvalid()
+    {
+        // Arrange
+        const string repo = "app-with-options";
+        const string optionsListId = "options-with-null-fields";
+
+        string apiUrl = $"/designer/api/ttd/{repo}/options/{optionsListId}";
+        using HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, apiUrl);
+
+        // Act
+        using HttpResponseMessage response = await HttpClient.SendAsync(httpRequestMessage);
+
+        // Assert
+        Assert.Equal(StatusCodes.Status400BadRequest, (int)response.StatusCode);
+
+        var problemDetails = JsonSerializer.Deserialize<ProblemDetails>(await response.Content.ReadAsStringAsync());
+        problemDetails.Should().NotBeNull();
+        JsonElement errorCode = (JsonElement)problemDetails.Extensions[ProblemDetailsExtensionsCodes.ErrorCode];
+        errorCode.ToString().Should().Be("InvalidOptionsFormat");
+        JsonElement detail = (JsonElement)problemDetails.Extensions[ProblemDetailsExtensionsCodes.Detail];
+        detail.ToString().Should().Be($"One or more of the options has invalid format in file: {optionsListId}.");
+    }
 }
diff --git a/backend/tests/Designer.Tests/Controllers/OptionsController/UploadOptionsTests.cs b/backend/tests/Designer.Tests/Controllers/OptionsController/UploadOptionsTests.cs
@@ -4,10 +4,13 @@
 using System.Text;
 using System.Text.Json;
 using System.Threading.Tasks;
+using Altinn.Studio.Designer.Filters;
 using Altinn.Studio.Designer.Models;
 using Designer.Tests.Controllers.ApiTests;
 using Designer.Tests.Utils;
+using FluentAssertions;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Testing;
 using Xunit;
 
@@ -135,9 +138,7 @@ public async Task Post_Returns_400BadRequest_When_Uploading_New_OptionsList_With
         await CopyRepositoryForTest(Org, repo, Developer, targetRepository);
 
         string optionsFileName = "invalid-value-options.json";
-        string jsonOptions = @"[
-        {""value"": {}, ""label"": """" }
-    ]";
+        string jsonOptions = @"[{""value"": {}, ""label"": """"}]";
 
         byte[] optionsBytes = Encoding.UTF8.GetBytes(jsonOptions);
         string apiUrl = $"{VersionPrefix}/{Org}/{targetRepository}/options/upload";
@@ -155,5 +156,12 @@ public async Task Post_Returns_400BadRequest_When_Uploading_New_OptionsList_With
 
         // Assert
         Assert.Equal(StatusCodes.Status400BadRequest, (int)response.StatusCode);
+
+        var problemDetails = JsonSerializer.Deserialize<ProblemDetails>(await response.Content.ReadAsStringAsync());
+        problemDetails.Should().NotBeNull();
+        JsonElement errorCode = (JsonElement)problemDetails.Extensions[ProblemDetailsExtensionsCodes.ErrorCode];
+        errorCode.ToString().Should().Be("InvalidOptionsFormat");
+        JsonElement detail = (JsonElement)problemDetails.Extensions[ProblemDetailsExtensionsCodes.Detail];
+        detail.ToString().Should().Be("Unsupported JSON token for Value field, System.Object: StartObject.");
     }
 }
diff --git a/...Data/Repositories/testUser/ttd/app-with-options/App/options/options-with-null-fields.json b/...Data/Repositories/testUser/ttd/app-with-options/App/options/options-with-null-fields.json
@@ -0,0 +1,6 @@
+[
+{
+  "label": null,
+  "value": null
+}
+]