Skip to content
This repository
Browse code

Do not allow unrecognized parameters in read API

  • Loading branch information...
commit 2bc24e55856e3c551f90a8b3818574d833aff0e6 1 parent 694427e
authored March 28, 2013
51  backdrop/read/validation.py
@@ -2,6 +2,7 @@
2 2
 
3 3
 
4 4
 MESSAGES = {
  5
+    'unrecognised': 'An unrecognised parameter was provided',
5 6
     'start_at': {
6 7
         'invalid': 'start_at is not a valid datetime'
7 8
     },
@@ -36,38 +37,48 @@
36 37
 
37 38
 
38 39
 def validate_request_args(request_args):
39  
-    if 'start_at' in request_args:
40  
-        if not value_is_valid_datetime_string(request_args['start_at']):
  40
+    request_args = request_args.copy()
  41
+    start_at = request_args.pop('start_at', None)
  42
+    end_at = request_args.pop('end_at', None)
  43
+    filter_by = request_args.pop('filter_by', None)
  44
+    period = request_args.pop('period', None)
  45
+    group_by = request_args.pop('group_by', None)
  46
+    sort_by = request_args.pop('sort_by', None)
  47
+    limit = request_args.pop('limit', None)
  48
+
  49
+    if len(request_args):
  50
+        return invalid(MESSAGES['unrecognised'])
  51
+    if start_at:
  52
+        if not value_is_valid_datetime_string(start_at):
41 53
             return invalid(MESSAGES['start_at']['invalid'])
42  
-    if 'end_at' in request_args:
43  
-        if not value_is_valid_datetime_string(request_args['end_at']):
  54
+    if end_at:
  55
+        if not value_is_valid_datetime_string(end_at):
44 56
             return invalid(MESSAGES['end_at']['invalid'])
45  
-    if 'filter_by' in request_args:
46  
-        if request_args['filter_by'].find(':') < 0:
  57
+    if filter_by:
  58
+        if filter_by.find(':') < 0:
47 59
             return invalid(MESSAGES['filter_by']['colon'])
48  
-        if request_args['filter_by'].startswith('$'):
  60
+        if filter_by.startswith('$'):
49 61
             return invalid(MESSAGES['filter_by']['dollar'])
50  
-    if 'period' in request_args:
51  
-        if request_args['period'] != 'week':
  62
+    if period:
  63
+        if period != 'week':
52 64
             return invalid(MESSAGES['period']['invalid'])
53  
-        if 'group_by' in request_args:
54  
-            if '_week_start_at' == request_args['group_by']:
  65
+        if group_by:
  66
+            if '_week_start_at' == group_by:
55 67
                 return invalid(MESSAGES['period']['group'])
56  
-        if 'sort_by' in request_args and 'group_by' not in request_args:
  68
+        if sort_by and not group_by:
57 69
             return invalid(MESSAGES['period']['sort'])
58  
-    if 'group_by' in request_args:
59  
-        if request_args['group_by'].startswith('_'):
  70
+    if group_by:
  71
+        if group_by.startswith('_'):
60 72
             return invalid(MESSAGES['group_by']['internal'])
61  
-    if 'sort_by' in request_args:
62  
-        if request_args['sort_by'].find(':') < 0:
  73
+    if sort_by:
  74
+        if sort_by.find(':') < 0:
63 75
             return invalid(MESSAGES['sort_by']['colon'])
64  
-        sort_order = request_args['sort_by'].split(':', 1)[1]
  76
+        sort_order = sort_by.split(':', 1)[1]
65 77
         if sort_order not in ['ascending', 'descending']:
66 78
             return invalid(MESSAGES['sort_by']['direction'])
67  
-    if 'limit' in request_args:
  79
+    if limit:
68 80
         try:
69  
-            limit = int(request_args['limit'])
70  
-            if limit < 0:
  81
+            if int(limit) < 0:
71 82
                 raise ValueError()
72 83
         except ValueError:
73 84
             return invalid(MESSAGES['limit']['invalid'])
6  tests/read/test_validation.py
@@ -104,3 +104,9 @@ def test_accepts_sort_with_grouped_period_query(self):
104 104
             "group_by": "foo"
105 105
         })
106 106
         assert_that( validation_result.is_valid, is_(True) )
  107
+
  108
+    def test_unrecognised_parameters_are_not_allowed(self):
  109
+        validation_result = validate_request_args({
  110
+            "unrecognised_parameter": "value"
  111
+        })
  112
+        assert_that( validation_result.is_valid, is_(False) )

0 notes on commit 2bc24e5

Please sign in to comment.
Something went wrong with that request. Please try again.