New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Admin can assign User to a Federation with wrong PARAMETER #4068
Comments
This is because our API always ignores keys that aren't a part of the defined request structure, as that's what the Go parser does. Implementing it to do anything else would be a lot of effort for little return, so I don't see this improvement happening any time soon. |
Rejecting that would also be a violation of the Robustness Principle, "Be liberal in what you accept, conservative in what you send." (https://tools.ietf.org/html/rfc1122#section-1.2.2, https://en.wikipedia.org/wiki/Robustness_principle). I know it's common for a lot of APIs to reject unknown things like that, but in general, it makes servers more robust, and makes integration and interoperability better and work more and fail less, when the Robustness Principle is followed. TC mostly follows it, though there's not a hard rule and I'm sure there are places it doesn't. I know I've said this before, but I'll keep saying it: we should follow the Robustness Principle wherever possible. There are cases like this one ( |
this is a bug. I have seen this working working for other endpoints. when the parameter in json body is not specified correctly it spits error saying that the parameter is required. |
That's because Go's json parsing can't determine the difference between a "zero-valued" field and a non-existent field. To oversimplify: So it's not a bug. That's by design. However, there's no reason that parameter shouldn't be required, IMO. |
Does seem like a bug however because something must be required, so why would a 200 be returned from:
Why not just make |
and i'm not sure the title of this issue is correct
as i don't think that's true. using the wrong parameter does nothing as far as i can tell. |
My plan is to make userIds required - replace is a documented optional parameter |
This issue isn't fixed. get the response 200
for request body
|
Did you make sure your environment is latest? |
the environment shows the latest version. as per our discussion, it seems the build doesn't seem to have complete updates. checking on ciab with latest master |
it's working as expected. |
I'm submitting a ...
Traffic Control components affected ...
Current behavior:
Login as ADMIN
POST Request:
https://{{TO_BASE_URL}}/api/{{api_version}}/federations/{{federationsID}}/users.
With wrong json payload parameter like "userIdssss"
It will return
Expected / new behavior:
Should return 400 Bad Request
Minimal reproduction of the problem with instructions:
The text was updated successfully, but these errors were encountered: