Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Harden user_status API #49797

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
+38 −8
Open

Harden user_status API #49797

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f1c6e96
fix(user_status): Use constraint for findAll() offset
provokateurin Dec 11, 2024
ad729b1
fix(user_status): Allow null userId in UserStatusController
provokateurin Dec 11, 2024
a0f18aa
fix(user_status): Catch non-existing user status when setting custom …
provokateurin Dec 11, 2024
18b4a62
fix(user_status): Mark UserStatusPredefined as non-required instead o…
provokateurin Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion apps/user_status/lib/Controller/StatusesController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public function __construct(
* Find statuses of users
*
* @param int|null $limit Maximum number of statuses to find
* @param int|null $offset Offset for finding statuses
* @param non-negative-int|null $offset Offset for finding statuses
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m curious, I guess a lot of places in the API expects a positive int and type it as int, why change this one in particular?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found this one because the fuzzer used -1 which triggered an unexpected error.
I didn't search for these problems, but the underlying typing could be improved to find more of them.

* @return DataResponse<Http::STATUS_OK, list<UserStatusPublic>, array{}>
*
* 200: Statuses returned
Expand Down
5 changes: 4 additions & 1 deletion apps/user_status/lib/Controller/UserStatusController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ class UserStatusController extends OCSController {
public function __construct(
string $appName,
IRequest $request,
private string $userId,
private ?string $userId,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any chance to explain psalm and friends that such a property cannot be null when calling an authenticated method?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that is possible and even then we'd still have a problem because the DI will fail when you don't send the authentication (regardless if the method needs it or not).

private LoggerInterface $logger,
private StatusService $service,
private CalendarStatusService $calendarStatusService,
Expand Down Expand Up @@ -123,6 +123,7 @@ public function setPredefinedMessage(string $messageId,
* @param int|null $clearAt When the message should be cleared
* @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
* @throws OCSBadRequestException The clearAt or icon is invalid or the message is too long
* @throws OCSNotFoundException No status for the current user
*
* 200: The message was updated successfully
*/
Expand All @@ -149,6 +150,8 @@ public function setCustomMessage(?string $statusIcon,
} catch (StatusMessageTooLongException $ex) {
$this->logger->debug('New user-status for "' . $this->userId . '" was rejected due to a too long status message.');
throw new OCSBadRequestException($ex->getMessage(), $ex);
} catch (DoesNotExistException $ex) {
throw new OCSNotFoundException('No status for the current user');
}
}

Expand Down
2 changes: 1 addition & 1 deletion apps/user_status/lib/ResponseDefinitions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
* icon: string,
* message: string,
* clearAt: ?UserStatusClearAt,
* visible: ?bool,
* visible?: bool,
* }
*
* @psalm-type UserStatusType = "online"|"away"|"dnd"|"busy"|"offline"|"invisible"
Expand Down
37 changes: 32 additions & 5 deletions apps/user_status/openapi.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,7 @@
"id",
"icon",
"message",
"clearAt",
"visible"
"clearAt"
],
"properties": {
"id": {
Expand All @@ -129,8 +128,7 @@
"nullable": true
},
"visible": {
"type": "boolean",
"nullable": true
"type": "boolean"
}
}
},
Expand Down Expand Up @@ -442,7 +440,8 @@
"schema": {
"type": "integer",
"format": "int64",
"nullable": true
"nullable": true,
"minimum": 0
}
},
{
Expand Down Expand Up @@ -1015,6 +1014,34 @@
}
}
}
},
"404": {
"description": "No status for the current user",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
Expand Down
Loading