From c4783642833e44e515f50b90ade79a6a0ba048f9 Mon Sep 17 00:00:00 2001
From: Eduardo Navarro <enavarro@suse.com>
Date: Fri, 22 Nov 2019 15:10:56 +0100
Subject: [PATCH] Add well-formed xml check for workflows controller

We check for empty and well-formed xml, providing a better error
message output.

Co-authored-by: David Kang <dkang@suse.com>
---
 src/api/app/controllers/staging/workflows_controller.rb  | 9 +++------
 .../controllers/staging/workflows_controller_spec.rb     | 2 +-
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/api/app/controllers/staging/workflows_controller.rb b/src/api/app/controllers/staging/workflows_controller.rb
index 697898f9d26..9a8cd04c682 100644
--- a/src/api/app/controllers/staging/workflows_controller.rb
+++ b/src/api/app/controllers/staging/workflows_controller.rb
@@ -3,13 +3,14 @@ class Staging::WorkflowsController < Staging::StagingController
   before_action :set_project
   before_action :check_staging_workflow, only: :create
   before_action :set_staging_workflow, only: [:update, :destroy]
+  before_action :set_xml_hash, only: [:create, :update]
   after_action :verify_authorized
 
   def create
     staging_workflow = @project.build_staging
     authorize staging_workflow
 
-    staging_workflow.managers_group = Group.find_by!(title: xml_hash['managers'])
+    staging_workflow.managers_group = Group.find_by!(title: @parsed_xml[:managers])
 
     if staging_workflow.save
       render_ok
@@ -36,7 +37,7 @@ def destroy
   def update
     authorize @staging_workflow
 
-    @staging_workflow.managers_group = Group.find_by!(title: xml_hash['managers'])
+    @staging_workflow.managers_group = Group.find_by!(title: @parsed_xml[:managers])
 
     if @staging_workflow.save
       render_ok
@@ -60,8 +61,4 @@ def check_staging_workflow
       message: "Project #{@project} already has an associated Staging Workflow with id: #{@project.staging.id}"
     )
   end
-
-  def xml_hash
-    Xmlhash.parse(request.body.read) || {}
-  end
 end
diff --git a/src/api/spec/controllers/staging/workflows_controller_spec.rb b/src/api/spec/controllers/staging/workflows_controller_spec.rb
index afde2ab0e90..f7000d76fc0 100644
--- a/src/api/spec/controllers/staging/workflows_controller_spec.rb
+++ b/src/api/spec/controllers/staging/workflows_controller_spec.rb
@@ -48,7 +48,7 @@
         post :create, params: { staging_workflow_project: project, format: :xml }
       end
 
-      it { expect(response).to have_http_status(:not_found) }
+      it { expect(response).to have_http_status(:bad_request) }
       it { expect(project.staging).to be_nil }
     end
   end