Fix internal server error when providing an association as the filter…

… param (#1052)
omgnetwork · Jun 12, 2019 · 827e21e · 827e21e
1 parent 219923c
commit 827e21e
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 3 deletions.
diff --git a/apps/ewallet/lib/ewallet/web/filters/match_parser.ex b/apps/ewallet/lib/ewallet/web/filters/match_parser.ex
@@ -80,6 +80,9 @@ defmodule EWallet.Web.MatchParser do
       nil ->
         {:error, :not_allowed, field}
 
+      :missing_subfield ->
+        {:error, :missing_subfield, field}
+
       field_definition ->
         {field_definition, comparator, value}
     end
@@ -141,7 +144,10 @@ defmodule EWallet.Web.MatchParser do
   # Returns `{field, nil}` if the type is not given
   defp get_field_definition(field, field), do: {field, nil}
 
-  # Returns `{field, type}` if the type is given
+  # Returns `:missing_subfield` if the field is an association
+  defp get_field_definition(field, {field, type}) when is_list(type), do: :missing_subfield
+
+  # Returns `{field, type}` if the type is given.
   defp get_field_definition(field, {field, type}), do: {field, type}
 
   # Returns nil if the field does not match

diff --git a/apps/ewallet/lib/ewallet/web/orchestrator.ex b/apps/ewallet/lib/ewallet/web/orchestrator.ex
@@ -48,6 +48,9 @@ defmodule EWallet.Web.Orchestrator do
       {:error, :not_allowed, field} ->
         {:error, :query_field_not_allowed, field_name: field}
 
+      {:error, :missing_subfield, field} ->
+        {:error, :query_field_missing_subfield, field_name: field}
+
       {:error, _, _} = error ->
         error
     end

diff --git a/apps/ewallet/lib/ewallet/web/v1/error_handler.ex b/apps/ewallet/lib/ewallet/web/v1/error_handler.ex
@@ -33,6 +33,12 @@ defmodule EWallet.Web.V1.ErrorHandler do
       template:
         "Invalid parameter provided. The queried field is not allowed. Given: '%{field_name}'."
     },
+    query_field_missing_subfield: %{
+      code: "client:invalid_parameter",
+      template:
+        "Invalid parameter provided. The queried field must refer to the object's field," <>
+          " not the object. Given: '%{field_name}'."
+    },
     missing_id: %{
       code: "client:invalid_parameter",
       description: "Invalid parameter provided. `id` is required."

diff --git a/apps/ewallet/test/ewallet/web/filters/match_parser_test.exs b/apps/ewallet/test/ewallet/web/filters/match_parser_test.exs
@@ -156,6 +156,28 @@ defmodule EWallet.Web.MatchParserTest do
                MatchParser.build_query(Transaction, attrs, whitelist, true, MatchAllQuery)
     end
 
+    test "returns error if the given field is an association entity" do
+      whitelist = [from_token: [:id]]
+
+      txn_1 = insert(:transaction)
+      {:ok, txn_1} = Preloader.preload_one(txn_1, :from_token)
+
+      attrs = [
+        %{
+          "field" => "from_token",
+          "comparator" => "eq",
+          "value" => txn_1.from_token.id
+        }
+      ]
+
+      {res, code, params} =
+        MatchParser.build_query(Transaction, attrs, whitelist, true, MatchAllQuery)
+
+      assert res == :error
+      assert code == :missing_subfield
+      assert params == "from_token"
+    end
+
     test "returns error if filtering is not allowed on the field" do
       whitelist = [from_token: [:email]]
 

diff --git a/apps/ewallet/test/ewallet/web/orchestrator_test.exs b/apps/ewallet/test/ewallet/web/orchestrator_test.exs
@@ -28,8 +28,25 @@ defmodule EWallet.Web.OrchestratorTest do
     def default_preload_assocs, do: [:wallets]
     def sort_fields, do: [:id, :name]
     def search_fields, do: [:id, :name]
-    def self_filter_fields, do: [:id, :name, :description, :inserted_at]
-    def filter_fields, do: [:id, :name, :description, :inserted_at]
+
+    def self_filter_fields do
+      [
+        :id,
+        :name,
+        :description,
+        :inserted_at
+      ]
+    end
+
+    def filter_fields do
+      [
+        id: nil,
+        name: nil,
+        description: nil,
+        inserted_at: nil,
+        mock_assoc: [:id, :name]
+      ]
+    end
   end
 
   describe "query/3" do
@@ -68,6 +85,24 @@ defmodule EWallet.Web.OrchestratorTest do
       assert params == [field_name: "status"]
     end
 
+    test "returns :query_field_missing_subfield error if the field is an association" do
+      attrs = %{
+        "match_all" => [
+          %{
+            "field" => "mock_assoc",
+            "comparator" => "eq",
+            "value" => "some_value"
+          }
+        ]
+      }
+
+      {res, error, params} = Orchestrator.query(Account, MockOverlay, attrs)
+
+      assert res == :error
+      assert error == :query_field_missing_subfield
+      assert params == [field_name: "mock_assoc"]
+    end
+
     test "returns records with the given `start_after`, `start_by` and `sort_by` is `desc`" do
       total = 10
       total_records = 5