From b8803e401d312ccb08bbb57e72c313445908c40e Mon Sep 17 00:00:00 2001 From: verdie-g Date: Sun, 25 Feb 2024 22:12:58 -0500 Subject: [PATCH 1/3] Return proper response for empty parameter name --- .../QueryStrings/QueryStringReader.cs | 5 ++++ .../QueryStrings/QueryStringTests.cs | 24 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/src/JsonApiDotNetCore/QueryStrings/QueryStringReader.cs b/src/JsonApiDotNetCore/QueryStrings/QueryStringReader.cs index c412d03c94..c96c0bb458 100644 --- a/src/JsonApiDotNetCore/QueryStrings/QueryStringReader.cs +++ b/src/JsonApiDotNetCore/QueryStrings/QueryStringReader.cs @@ -38,6 +38,11 @@ public void ReadAll(DisableQueryStringAttribute? disableQueryStringAttribute) foreach ((string parameterName, StringValues parameterValue) in _queryStringAccessor.Query) { + if (parameterName.Length == 0) + { + throw new InvalidQueryException("Empty query string parameter name.", null); + } + IQueryStringParameterReader? reader = _parameterReaders.FirstOrDefault(nextReader => nextReader.CanRead(parameterName)); if (reader != null) diff --git a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs index 0aa955a219..391f093c9c 100644 --- a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs +++ b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs @@ -63,6 +63,30 @@ public async Task Can_use_unknown_query_string_parameter() httpResponse.ShouldHaveStatusCode(HttpStatusCode.OK); } + [Fact] + public async Task Cannot_use_empty_query_string_parameter_name() + { + // Arrange + var options = (JsonApiOptions)_testContext.Factory.Services.GetRequiredService(); + options.AllowUnknownQueryStringParameters = false; + + const string route = "calendars?="; + + // Act + (HttpResponseMessage httpResponse, Document responseDocument) = await _testContext.ExecuteGetAsync(route); + + // Assert + httpResponse.ShouldHaveStatusCode(HttpStatusCode.BadRequest); + + responseDocument.Errors.ShouldHaveCount(1); + + ErrorObject error = responseDocument.Errors[0]; + error.StatusCode.Should().Be(HttpStatusCode.BadRequest); + error.Title.Should().Be("Empty query string parameter name."); + error.Detail.Should().BeNull(); + error.Source.Should().BeNull(); + } + [Theory] [InlineData("filter")] [InlineData("sort")] From 110d56386f8e613751e73127583b0d79f63ed791 Mon Sep 17 00:00:00 2001 From: verdie-g Date: Mon, 26 Feb 2024 18:26:46 -0500 Subject: [PATCH 2/3] Address PR comments --- .../QueryStrings/QueryStringReader.cs | 2 +- .../QueryStrings/QueryStringTests.cs | 20 +++++++------------ 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/src/JsonApiDotNetCore/QueryStrings/QueryStringReader.cs b/src/JsonApiDotNetCore/QueryStrings/QueryStringReader.cs index c96c0bb458..e3c944a045 100644 --- a/src/JsonApiDotNetCore/QueryStrings/QueryStringReader.cs +++ b/src/JsonApiDotNetCore/QueryStrings/QueryStringReader.cs @@ -40,7 +40,7 @@ public void ReadAll(DisableQueryStringAttribute? disableQueryStringAttribute) { if (parameterName.Length == 0) { - throw new InvalidQueryException("Empty query string parameter name.", null); + continue; } IQueryStringParameterReader? reader = _parameterReaders.FirstOrDefault(nextReader => nextReader.CanRead(parameterName)); diff --git a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs index 391f093c9c..de321a34e3 100644 --- a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs +++ b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs @@ -63,28 +63,22 @@ public async Task Can_use_unknown_query_string_parameter() httpResponse.ShouldHaveStatusCode(HttpStatusCode.OK); } - [Fact] - public async Task Cannot_use_empty_query_string_parameter_name() + [Theory] + [InlineData("")] + [InlineData("foo")] + public async Task Should_ignore_query_parameter_with_empty_name(string parameterValue) { // Arrange var options = (JsonApiOptions)_testContext.Factory.Services.GetRequiredService(); options.AllowUnknownQueryStringParameters = false; - const string route = "calendars?="; + string route = $"calendars?={parameterValue}"; // Act - (HttpResponseMessage httpResponse, Document responseDocument) = await _testContext.ExecuteGetAsync(route); + (HttpResponseMessage httpResponse, Document _) = await _testContext.ExecuteGetAsync(route); // Assert - httpResponse.ShouldHaveStatusCode(HttpStatusCode.BadRequest); - - responseDocument.Errors.ShouldHaveCount(1); - - ErrorObject error = responseDocument.Errors[0]; - error.StatusCode.Should().Be(HttpStatusCode.BadRequest); - error.Title.Should().Be("Empty query string parameter name."); - error.Detail.Should().BeNull(); - error.Source.Should().BeNull(); + httpResponse.ShouldHaveStatusCode(HttpStatusCode.OK); } [Theory] From a6c2e17e09ed61c04507f96fa6851f6aa271bb3c Mon Sep 17 00:00:00 2001 From: verdie-g Date: Tue, 27 Feb 2024 17:21:39 -0500 Subject: [PATCH 3/3] Address comments --- .../IntegrationTests/QueryStrings/QueryStringTests.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs index de321a34e3..4f6ee95ad2 100644 --- a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs +++ b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/QueryStringTests.cs @@ -65,8 +65,8 @@ public async Task Can_use_unknown_query_string_parameter() [Theory] [InlineData("")] - [InlineData("foo")] - public async Task Should_ignore_query_parameter_with_empty_name(string parameterValue) + [InlineData("bar")] + public async Task Can_use_empty_query_string_parameter_name(string parameterValue) { // Arrange var options = (JsonApiOptions)_testContext.Factory.Services.GetRequiredService();