Add validation for contract definition id.

tuncaytunc-zf · tuncaytunc-zf · commit 11b5e68efe4f · 2022-05-30T15:11:55.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -36,6 +36,7 @@ in the detailed section referring to by linking pull requests or issues.
 * Postgresql end to end test (#1278)
 * Add signing/publishing config (#1147)
 * Verify OpenAPI definitions (#1312)
+* Add validation to contract definition id (#1347)
 
 #### Changed
 
diff --git a/common/util/build.gradle.kts b/common/util/build.gradle.kts
@@ -21,8 +21,11 @@ plugins {
 val jupiterVersion: String by project
 val mockitoVersion: String by project
 val okHttpVersion: String by project
+val jakartaValidationApi: String by project
 
 dependencies {
+    implementation("jakarta.validation:jakarta.validation-api:${jakartaValidationApi}")
+
     testFixturesImplementation("org.mockito:mockito-core:${mockitoVersion}")
     testFixturesImplementation("org.junit.jupiter:junit-jupiter-api:${jupiterVersion}")
     testFixturesRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:${jupiterVersion}")
diff --git a/common/util/src/main/java/org/eclipse/dataspaceconnector/common/annotations/Uuid.java b/common/util/src/main/java/org/eclipse/dataspaceconnector/common/annotations/Uuid.java
@@ -0,0 +1,35 @@
+/*
+ *  Copyright (c) 2022 ZF Friedrichshafen AG
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       ZF Friedrichshafen AG - Initial Implementation
+ *
+ */
+
+package org.eclipse.dataspaceconnector.common.annotations;
+
+import jakarta.validation.Constraint;
+import jakarta.validation.Payload;
+import org.eclipse.dataspaceconnector.common.validator.UuidValidator;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Documented
+@Constraint(validatedBy = UuidValidator.class)
+@Target({ ElementType.METHOD, ElementType.FIELD })
+@Retention(RetentionPolicy.RUNTIME)
+public @interface Uuid {
+    String message() default "Invalid UUID";
+    Class<?>[] groups() default {};
+    Class<? extends Payload>[] payload() default {};
+}
diff --git a/common/util/src/main/java/org/eclipse/dataspaceconnector/common/validator/UuidValidator.java b/common/util/src/main/java/org/eclipse/dataspaceconnector/common/validator/UuidValidator.java
@@ -0,0 +1,43 @@
+/*
+ *  Copyright (c) 2022 ZF Friedrichshafen AG
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       ZF Friedrichshafen AG - Initial Implementation
+ *
+ */
+
+package org.eclipse.dataspaceconnector.common.validator;
+
+import jakarta.validation.ConstraintValidator;
+import jakarta.validation.ConstraintValidatorContext;
+import org.eclipse.dataspaceconnector.common.annotations.Uuid;
+
+import java.util.UUID;
+
+public class UuidValidator implements ConstraintValidator<Uuid, String> {
+
+    @Override
+    public void initialize(Uuid contactNumber) {
+    }
+
+    @Override
+    public boolean isValid(String uuid, ConstraintValidatorContext cxt) {
+        if (uuid == null) {
+            return false;
+        }
+
+        try {
+            UUID.fromString(uuid);
+        } catch (IllegalArgumentException exception) {
+            return false;
+        }
+
+        return true;
+    }
+}
diff --git a/common/util/src/test/java/org/eclipse/dataspaceconnector/common/validator/UuidValidatorTest.java b/common/util/src/test/java/org/eclipse/dataspaceconnector/common/validator/UuidValidatorTest.java
@@ -0,0 +1,24 @@
+package org.eclipse.dataspaceconnector.common.validator;
+
+import org.junit.jupiter.api.Test;
+
+import java.util.UUID;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class UuidValidatorTest {
+
+    UuidValidator uuidValidator = new UuidValidator();
+
+    @Test
+    void isValid_valid_UUID() {
+        String uuid = UUID.randomUUID().toString();
+        assertThat(uuidValidator.isValid(uuid, null)).isTrue();
+    }
+
+    @Test
+    void isValid_invalid_UUID() {
+        String uuid = "invalid-uuid-string";
+        assertThat(uuidValidator.isValid(uuid, null)).isFalse();
+    }
+}
diff --git a/extensions/api/data-management/contractdefinition/src/main/java/org/eclipse/dataspaceconnector/api/datamanagement/contractdefinition/model/ContractDefinitionDto.java b/extensions/api/data-management/contractdefinition/src/main/java/org/eclipse/dataspaceconnector/api/datamanagement/contractdefinition/model/ContractDefinitionDto.java
@@ -19,6 +19,7 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
 import jakarta.validation.constraints.NotNull;
+import org.eclipse.dataspaceconnector.common.annotations.Uuid;
 import org.eclipse.dataspaceconnector.spi.query.Criterion;
 
 import java.util.ArrayList;
@@ -32,7 +33,7 @@ public class ContractDefinitionDto {
     private String contractPolicyId;
     @NotNull
     private List<Criterion> criteria = new ArrayList<>();
-    @NotNull
+    @Uuid
     private String id;
 
     private ContractDefinitionDto() {
diff --git a/extensions/api/data-management/contractdefinition/src/test/java/org/eclipse/dataspaceconnector/api/datamanagement/contractdefinition/ContractDefinitionApiControllerIntegrationTest.java b/extensions/api/data-management/contractdefinition/src/test/java/org/eclipse/dataspaceconnector/api/datamanagement/contractdefinition/ContractDefinitionApiControllerIntegrationTest.java
@@ -104,7 +104,7 @@ void getSingleContractDef_notFound() {
 
     @Test
     void postContractDefinition(ContractDefinitionStore store) {
-        var dto = createDto("definitionId");
+        var dto = createDto(UUID.randomUUID().toString());
 
         baseRequest()
                 .body(dto)
@@ -118,7 +118,7 @@ void postContractDefinition(ContractDefinitionStore store) {
     @Test
     void postContractDefinition_invalidBody(ContractDefinitionStore store) {
         var dto = ContractDefinitionDto.Builder.newInstance()
-                .id("test-id")
+                .id(UUID.randomUUID().toString())
                 .contractPolicyId(null)
                 .accessPolicyId(UUID.randomUUID().toString())
                 .build();
@@ -132,10 +132,28 @@ void postContractDefinition_invalidBody(ContractDefinitionStore store) {
         assertThat(store.findAll()).isEmpty();
     }
 
+    @Test
+    void postContractDefinition_invalidContractDefinitionId(ContractDefinitionStore store) {
+        var dto = ContractDefinitionDto.Builder.newInstance()
+                .id("invalid-id")
+                .contractPolicyId(UUID.randomUUID().toString())
+                .accessPolicyId(UUID.randomUUID().toString())
+                .build();
+
+        baseRequest()
+                .body(dto)
+                .contentType(JSON)
+                .post("/contractdefinitions")
+                .then()
+                .statusCode(400);
+        assertThat(store.findAll()).isEmpty();
+    }
+
     @Test
     void postContractDefinition_alreadyExists(ContractDefinitionLoader loader, ContractDefinitionStore store) {
-        loader.accept(createContractDefinition("definitionId"));
-        var dto = createDto("definitionId");
+        String id = UUID.randomUUID().toString();
+        loader.accept(createContractDefinition(id));
+        var dto = createDto(id);
 
         baseRequest()
                 .body(dto)
