Skip to content

fix(delcus): cross-validate body CommCustno vs path, single-space CommDelFailCd#38

Merged
a2chang merged 1 commit intomainfrom
polish/delcus-followups
May 1, 2026
Merged

fix(delcus): cross-validate body CommCustno vs path, single-space CommDelFailCd#38
a2chang merged 1 commit intomainfrom
polish/delcus-followups

Conversation

@a2chang
Copy link
Copy Markdown
Contributor

@a2chang a2chang commented May 1, 2026

Closes #23.

What

Two follow-ups against DelcusController, both flagged at the round-3 cap on PR #21:

1. (medium) Cross-validate body CommCustno against path

On DELETE /api/v1/delcus/remove/{customerNumber}, the body's delCus.commCustno was previously ignored. A request whose path and body disagree would silently delete the path target. Now: when commCustno is supplied (the field's pattern allows the empty string for clients sending only the path), it must equal the path value (compared as long, so leading zeros are tolerated). Mismatch → HTTP 400 with ProblemDetail title="Validation failed", detail="Body CommCustno does not match path customerNumber.".

2. (low) Single-space CommDelFailCd placeholder on success

CommDelFailCd is a fixed-width 1-char commarea slot. The success response now emits " " instead of "" to preserve the length-1 contract for clients porting from COBOL.

Tests

DelcusControllerWebMvcTest (6 tests, all green):

  • returnsSuccessfulResponseForHappyPath — tightened to also assert CommDelFailCd == " ".
  • rejectsBodyCommCustnoThatMismatchesPath — new; path 1, body 0000000002 → 400 with the validation ProblemDetail above.
  • acceptsMatchingBodyCommCustno — new; path 1, body 0000000001 → 200 (also covers the leading-zero tolerance).

Local ./mvnw verify green: 189/189.

augment review

fix(delcus): cross-validate body CommCustno vs path, single-space Com…
1b6ef5e 
…mDelFailCd

Closes #23.

* DelcusController: when the body's CommCustno is non-empty, it must
  match the path customerNumber (compared as long, tolerating leading
  zeros). Mismatch returns HTTP 400 with the standard 'Validation
  failed' ProblemDetail so a misaddressed request can never silently
  delete the path target.
* DelcusController: emit ' ' instead of '' for CommDelFailCd on success
  to preserve the fixed-width 1-char commarea contract for clients
  porting from COBOL.
* DelcusControllerWebMvcTest: tighten happy-path assertion and add
  rejectsBodyCommCustnoThatMismatchesPath +
  acceptsMatchingBodyCommCustno.
@augmentcode
Copy link
Copy Markdown
Contributor

augmentcode Bot commented May 1, 2026

Test Coverage Guardian 🧪

Test coverage looks good. The new/changed behavior in this PR has adequate test coverage. No additional tests needed.

The new validation logic (cross-checking body CommCustno against the path parameter) is well-tested with:

  • Happy path with matching values (including leading-zero tolerance)
  • Error path with mismatching values (proper 400 response verification)
  • Updated assertion for the CommDelFailCd single-space change

augment-app-staging[bot]
augment-app-staging Bot reviewed May 1, 2026
View reviewed changes
Copy link
Copy Markdown

@augment-app-staging augment-app-staging Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

@a2chang a2chang merged commit a52f228 into main May 1, 2026
1 check passed
@a2chang a2chang deleted the polish/delcus-followups branch May 1, 2026 20:20
@a2chang a2chang mentioned this pull request May 1, 2026
Merged
a2chang added a commit that referenced this pull request May 1, 2026
@a2chang
fix(delacc): cross-validate body DelAccAccno and DelAccScode against …
6abce31 
…path / configured sortcode (#39)

Closes #26.

Mirrors the DELCUS path/body cross-validation from PR #38. After
bean-validation, the controller now rejects the request when:

* delAccAccno is non-null and does not equal the path accno, or
* delAccScode is non-empty and does not equal cbsa.sortcode.

Both yield the standard 'Validation failed' ProblemDetail at HTTP 400,
short-circuiting before delaccService.delete is invoked, so a
misaddressed request can never silently delete the path account.

Tests: DelaccControllerWebMvcTest now pins cbsa.sortcode=987654 via
@TestPropertySource and adds rejectsBodyAccnoThatMismatchesPath,
rejectsBodyScodeThatMismatchesConfiguredSortcode, and
allowsEmptyOrNullBodyKeyFields.

Co-authored-by: Augment Agent <agent@augmentcode.com>
@a2chang a2chang mentioned this pull request May 1, 2026
Closed
22 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@augment-app-staging augment-app-staging[bot] augment-app-staging[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DELCUS follow-ups: commarea custno cross-validation, CommDelFailCd placeholder

1 participant

@a2chang