Handle invalid POST to action resources. (#50)

mrstegeman · web-flow · commit e550e5a9dfbc · 2020-05-04T13:23:03.000-08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+## [0.12.3] - 2020-05-04
+### Changed
+- Invalid POST requests to action resources now generate an error status.
+
 ## [0.12.2] - 2020-03-27
 ### Changed
 - Updated dependencies.
@@ -40,7 +44,8 @@
 ### Changed
 - Property, Action, and Event description now use `links` rather than `href`. - [Spec PR](https://github.com/mozilla-iot/wot/pull/119)
 
-[Unreleased]: https://github.com/mozilla-iot/webthing-rust/compare/v0.12.2...HEAD
+[Unreleased]: https://github.com/mozilla-iot/webthing-rust/compare/v0.12.3...HEAD
+[0.12.3]: https://github.com/mozilla-iot/webthing-rust/compare/v0.12.2...v0.12.3
 [0.12.2]: https://github.com/mozilla-iot/webthing-rust/compare/v0.12.1...v0.12.2
 [0.12.1]: https://github.com/mozilla-iot/webthing-rust/compare/v0.12.0...v0.12.1
 [0.12.0]: https://github.com/mozilla-iot/webthing-rust/compare/v0.11.0...v0.12.0
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "webthing"
-version = "0.12.2"
+version = "0.12.3"
 authors = ["Mozilla IoT <iot@mozilla.com>"]
 repository = "https://github.com/mozilla-iot/webthing-rust"
 homepage = "https://github.com/mozilla-iot/webthing-rust"
@@ -15,7 +15,7 @@ actix-web = { version = "0.7", default-features = false, features = ["brotli", "
 chrono = "0.4"
 get_if_addrs = "0.5"
 hostname = "0.3"
-libmdns = "0.2"
+libmdns = "0.4"
 openssl = { version = "0.10", optional = true }
 serde_json = "1.0"
 uuid = { version = "0.8", features = ["v4"] }
diff --git a/src/server.rs b/src/server.rs
@@ -587,49 +587,56 @@ fn actions_handler_POST(
 
     let message = message.as_object().unwrap();
 
-    let mut response: serde_json::Map<String, serde_json::Value> = serde_json::Map::new();
-    for (action_name, action_params) in message.iter() {
-        let input = action_params.get("input");
+    let keys: Vec<&String> = message.keys().collect();
+    if keys.len() != 1 {
+        return HttpResponse::BadRequest().finish();
+    }
 
-        let action = req.state().get_action_generator().generate(
-            Arc::downgrade(&thing.clone()),
-            action_name.to_string(),
-            input,
-        );
+    let action_name = keys[0];
+    let action_params = message.get(action_name).unwrap();
+    let input = action_params.get("input");
 
-        if action.is_some() {
-            let action = action.unwrap();
-            let id = action.get_id();
-            let action = Arc::new(RwLock::new(action));
+    let action = req.state().get_action_generator().generate(
+        Arc::downgrade(&thing.clone()),
+        action_name.to_string(),
+        input,
+    );
 
-            {
-                let mut thing = thing.write().unwrap();
-                let result = thing.add_action(action.clone(), input);
+    if action.is_some() {
+        let action = action.unwrap();
+        let id = action.get_id();
+        let action = Arc::new(RwLock::new(action));
 
-                if result.is_err() {
-                    continue;
-                }
-            }
+        {
+            let mut thing = thing.write().unwrap();
+            let result = thing.add_action(action.clone(), input);
 
-            response.insert(
-                action_name.to_string(),
-                action
-                    .read()
-                    .unwrap()
-                    .as_action_description()
-                    .get(action_name)
-                    .unwrap()
-                    .clone(),
-            );
+            if result.is_err() {
+                return HttpResponse::BadRequest().finish();
+            }
+        }
 
-            thing
-                .write()
+        let mut response: serde_json::Map<String, serde_json::Value> = serde_json::Map::new();
+        response.insert(
+            action_name.to_string(),
+            action
+                .read()
                 .unwrap()
-                .start_action(action_name.to_string(), id);
-        }
-    }
+                .as_action_description()
+                .get(action_name)
+                .unwrap()
+                .clone(),
+        );
+
+        thing
+            .write()
+            .unwrap()
+            .start_action(action_name.to_string(), id);
 
-    HttpResponse::Created().json(response)
+        HttpResponse::Created().json(response)
+    } else {
+        HttpResponse::BadRequest().finish()
+    }
 }
 
 /// Handle a GET request to /actions/<action_name>.
@@ -676,50 +683,59 @@ fn action_handler_POST(
 
     let message = message.as_object().unwrap();
 
-    let mut response: serde_json::Map<String, serde_json::Value> = serde_json::Map::new();
-    for (name, action_params) in message.iter() {
-        if name != action_name {
-            continue;
-        }
+    let keys: Vec<&String> = message.keys().collect();
+    if keys.len() != 1 {
+        return HttpResponse::BadRequest().finish();
+    }
+
+    if keys[0] != action_name {
+        return HttpResponse::BadRequest().finish();
+    }
 
-        let input = action_params.get("input");
+    let action_params = message.get(action_name).unwrap();
+    let input = action_params.get("input");
 
-        let action = req.state().get_action_generator().generate(
-            Arc::downgrade(&thing.clone()),
-            name.to_string(),
-            input,
-        );
+    let action = req.state().get_action_generator().generate(
+        Arc::downgrade(&thing.clone()),
+        action_name.to_string(),
+        input,
+    );
 
-        if action.is_some() {
-            let action = action.unwrap();
-            let id = action.get_id();
-            let action = Arc::new(RwLock::new(action));
+    if action.is_some() {
+        let action = action.unwrap();
+        let id = action.get_id();
+        let action = Arc::new(RwLock::new(action));
 
-            {
-                let mut thing = thing.write().unwrap();
-                let result = thing.add_action(action.clone(), input);
+        {
+            let mut thing = thing.write().unwrap();
+            let result = thing.add_action(action.clone(), input);
 
-                if result.is_err() {
-                    continue;
-                }
+            if result.is_err() {
+                return HttpResponse::BadRequest().finish();
             }
+        }
 
-            response.insert(
-                name.to_string(),
-                action
-                    .read()
-                    .unwrap()
-                    .as_action_description()
-                    .get(name)
-                    .unwrap()
-                    .clone(),
-            );
+        let mut response: serde_json::Map<String, serde_json::Value> = serde_json::Map::new();
+        response.insert(
+            action_name.to_string(),
+            action
+                .read()
+                .unwrap()
+                .as_action_description()
+                .get(action_name)
+                .unwrap()
+                .clone(),
+        );
 
-            thing.write().unwrap().start_action(name.to_string(), id);
-        }
-    }
+        thing
+            .write()
+            .unwrap()
+            .start_action(action_name.to_string(), id);
 
-    HttpResponse::Created().json(response)
+        HttpResponse::Created().json(response)
+    } else {
+        HttpResponse::BadRequest().finish()
+    }
 }
 
 /// Handle a GET request to /actions/<action_name>/<action_id>.
diff --git a/src/thing.rs b/src/thing.rs
@@ -670,15 +670,13 @@ impl Thing for BaseThing {
     ) -> Result<(), &str> {
         let action_name = action.read().unwrap().get_name();
 
-        {
-            if !self.available_actions.contains_key(&action_name) {
-                return Err("Action type not found");
-            }
+        if !self.available_actions.contains_key(&action_name) {
+            return Err("Action type not found");
+        }
 
-            let action_type = self.available_actions.get(&action_name).unwrap();
-            if !action_type.validate_action_input(input) {
-                return Err("Action input invalid");
-            }
+        let action_type = self.available_actions.get(&action_name).unwrap();
+        if !action_type.validate_action_input(input) {
+            return Err("Action input invalid");
         }
 
         action
@@ -922,7 +920,27 @@ impl AvailableAction {
     fn validate_action_input(&self, input: Option<&serde_json::Value>) -> bool {
         let mut scope = json_schema::Scope::new();
         let validator = if self.metadata.contains_key("input") {
-            let schema = self.metadata.get("input").unwrap();
+            let mut schema = self
+                .metadata
+                .get("input")
+                .unwrap()
+                .as_object()
+                .unwrap()
+                .clone();
+            if schema.contains_key("properties") {
+                let properties = schema
+                    .get_mut("properties")
+                    .unwrap()
+                    .as_object_mut()
+                    .unwrap();
+                for value in properties.values_mut() {
+                    let value = value.as_object_mut().unwrap();
+                    value.remove("@type");
+                    value.remove("unit");
+                    value.remove("title");
+                }
+            }
+
             match scope.compile_and_return(json!(schema), true) {
                 Ok(s) => Some(s),
                 Err(_) => None,
