Commit cae27471 authored by Giorgos Korfiatis's avatar Giorgos Korfiatis Committed by Christos Stavrakakis
Browse files

astakos: Use common JSON util in API

Use the 'get_json_body' function, which takes care of encoding errors.
Also, check that the POST body is a dictionary, where needed.
parent 0328b22c
......@@ -42,7 +42,8 @@ from astakos.api.util import json_response
from snf_django.lib import api
from snf_django.lib.api import faults
from .util import user_from_token, invert_dict, read_json_body
from snf_django.lib.api import utils
from .util import user_from_token, invert_dict, check_is_dict
from astakos.im import functions
from astakos.im.models import (
......@@ -319,8 +320,7 @@ def _get_projects(query, mode="default", request_user=None):
@transaction.commit_on_success
def create_project(request):
user = request.user
data = request.body
app_data = json.loads(data)
app_data = utils.get_json_body(request)
return submit_new_project(app_data, user)
......@@ -357,8 +357,7 @@ def _get_project(project_id, request_user=None):
@transaction.commit_on_success
def modify_project(request, project_id):
user = request.user
data = request.body
app_data = json.loads(data)
app_data = utils.get_json_body(request)
return submit_modification(app_data, user, project_id=project_id)
......@@ -548,6 +547,7 @@ def submit_modification(app_data, user, project_id):
def get_action(actions, input_data):
action = None
data = None
check_is_dict(input_data)
for option in actions.keys():
if option in input_data:
if action:
......@@ -586,8 +586,7 @@ APP_ACTION_FUNCS = APPLICATION_ACTION.values()
@transaction.commit_on_success
def project_action(request, project_id):
user = request.user
data = request.body
input_data = json.loads(data)
input_data = utils.get_json_body(request)
func, action_data = get_action(PROJECT_ACTION, input_data)
with ExceptionHandler():
......@@ -707,7 +706,7 @@ MEMBERSHIP_ACTION = {
@transaction.commit_on_success
def membership_action(request, memb_id):
user = request.user
input_data = read_json_body(request, default={})
input_data = utils.get_json_body(request)
func, action_data = get_action(MEMBERSHIP_ACTION, input_data)
with ExceptionHandler():
func(memb_id, user, reason=action_data)
......
......@@ -31,13 +31,13 @@
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
from django.utils import simplejson as json
from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse
from django.db import transaction
from snf_django.lib import api
from snf_django.lib.api.faults import BadRequest, ItemNotFound
from snf_django.lib.api import utils
from django.core.cache import cache
from astakos.im import settings
......@@ -48,7 +48,7 @@ from astakos.im.quotas import get_user_quotas, service_get_quotas, \
import astakos.quotaholder_app.exception as qh_exception
import astakos.quotaholder_app.callpoint as qh
from .util import (json_response, is_integer, are_integer,
from .util import (json_response, is_integer, are_integer, check_is_dict,
user_from_token, component_from_token)
......@@ -147,11 +147,8 @@ def _provisions_to_list(provisions):
@api.api_method(http_method='POST', token_required=True, user_required=False)
@component_from_token
def issue_commission(request):
data = request.body
try:
input_data = json.loads(data)
except json.JSONDecodeError:
raise BadRequest("POST data should be in json format.")
input_data = utils.get_json_body(request)
check_is_dict(input_data)
client_key = unicode(request.component_instance)
provisions = input_data.get('provisions')
......@@ -237,11 +234,8 @@ def conflictingCF(serial):
@component_from_token
@transaction.commit_on_success
def resolve_pending_commissions(request):
data = request.body
try:
input_data = json.loads(data)
except json.JSONDecodeError:
raise BadRequest("POST data should be in json format.")
input_data = utils.get_json_body(request)
check_is_dict(input_data)
client_key = unicode(request.component_instance)
accept = input_data.get('accept', [])
......@@ -293,11 +287,8 @@ def get_commission(request, serial):
@component_from_token
@transaction.commit_on_success
def serial_action(request, serial):
data = request.body
try:
input_data = json.loads(data)
except json.JSONDecodeError:
raise BadRequest("POST data should be in json format.")
input_data = utils.get_json_body(request)
check_is_dict(input_data)
try:
serial = int(serial)
......
......@@ -81,16 +81,9 @@ def xml_response(content, template, status_code=None):
return response
def read_json_body(request, default=None):
body = request.body
if not body and request.method == "GET":
body = request.GET.get("body")
if not body:
return default
try:
return json.loads(body)
except json.JSONDecodeError:
raise faults.BadRequest("Request body should be in json format.")
def check_is_dict(obj):
if not isinstance(obj, dict):
raise faults.BadRequest("Request should be a JSON dict")
def is_integer(x):
......
......@@ -415,6 +415,22 @@ class QuotaAPITest(TestCase):
self.assertEqual(r.status_code, 405)
self.assertTrue('Allow' in r)
r = client.post(u('commissions'), "\"\xff\"",
content_type='application/json', **s1_headers)
self.assertEqual(r.status_code, 400)
r = client.post(u('commissions'), "\"nodict\"",
content_type='application/json', **s1_headers)
self.assertEqual(r.status_code, 400)
r = client.post(u('commissions/' + "123" + '/action'), "\"\xff\"",
content_type='application/json', **s1_headers)
self.assertEqual(r.status_code, 400)
r = client.post(u('commissions/' + "123" + '/action'), "\"nodict\"",
content_type='application/json', **s1_headers)
self.assertEqual(r.status_code, 400)
class TokensApiTest(TestCase):
def setUp(self):
......
......@@ -640,6 +640,21 @@ class ProjectAPITest(TestCase):
body = json.loads(r.content)
self.assertEqual(body["join_policy"], "moderated")
r = self.client.post(reverse("api_projects"), "\xff",
content_type="application/json", **h_owner)
self.assertEqual(r.status_code, 400)
r = self.client.post(reverse("api_project_action",
kwargs={"project_id": "1234"}),
"\"nondict\"", content_type="application/json",
**h_owner)
self.assertEqual(r.status_code, 400)
r = client.get(reverse("api_project",
kwargs={"project_id": u"πρότζεκτ"}),
**h_owner)
self.assertEqual(r.status_code, 404)
class TestProjects(TestCase):
"""
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment