Repository: usergrid Updated Branches: refs/heads/master ce34a04e4 -> e0931be42
Change name of application delete protection parameter to confirm_application_identifier and change tests to match. Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/b06190a3 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/b06190a3 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/b06190a3 Branch: refs/heads/master Commit: b06190a35a38163b96c37dd4ac41e1012022851f Parents: 61d0d7a Author: Dave Johnson <[email protected]> Authored: Tue Mar 8 15:26:40 2016 -0500 Committer: Dave Johnson <[email protected]> Committed: Tue Mar 8 15:26:40 2016 -0500 ---------------------------------------------------------------------- .../applications/ApplicationResource.java | 29 ++++++++++++-------- .../rest/applications/ApplicationDeleteIT.java | 17 +++++++----- 2 files changed, 27 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/b06190a3/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java index c353959..a8ed8dc 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java @@ -32,7 +32,6 @@ import org.apache.usergrid.persistence.queue.impl.UsergridAwsCredentials; import org.apache.usergrid.rest.AbstractContextResource; import org.apache.usergrid.rest.ApiResponse; import org.apache.usergrid.rest.applications.ServiceResource; -import org.apache.usergrid.rest.exceptions.UnsupportedRestOperationException; import org.apache.usergrid.rest.management.organizations.applications.imports.ImportsResource; import org.apache.usergrid.rest.security.annotations.RequireOrganizationAccess; import org.apache.usergrid.rest.utils.JSONPUtils; @@ -53,7 +52,6 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; import java.util.HashMap; import java.util.Map; -import java.util.Properties; import java.util.UUID; import static javax.servlet.http.HttpServletResponse.*; @@ -74,6 +72,8 @@ public class ApplicationResource extends AbstractContextResource { private static final Logger logger = LoggerFactory.getLogger(ApplicationResource.class); + public static final String CONFIRM_APPLICATION_IDENTIFIER = "confirm_application_identifier"; + @Autowired protected ExportService exportService; @@ -476,30 +476,35 @@ public class ApplicationResource extends AbstractContextResource { } + /** + * Caller MUST pass confirm_application_identifier that is either the UUID or the + * name of the application to be deleted. Yes, this is redundant and intended to + * be a protection measure to force caller to confirm that they want to do a delete. + */ @DELETE @RequireOrganizationAccess @JSONP @Produces({MediaType.APPLICATION_JSON, "application/javascript"}) public ApiResponse executeDelete( @Context UriInfo ui, @QueryParam("callback") @DefaultValue("callback") String callback, - @QueryParam("application_identifier") String applicationConfirmedDelete) throws Exception { + @QueryParam(CONFIRM_APPLICATION_IDENTIFIER) String confirmApplicationIdentifier) throws Exception { + + if ( application == null && applicationId == null ) { + throw new IllegalArgumentException("Application ID not specified in request"); + } - //If the path uses name then expect name, otherwise if they use uuid then expect uuid. - if(application==null){ - if(!applicationId.toString().equals( applicationConfirmedDelete )){ + // If the path uses name then expect name, otherwise if they use uuid then expect uuid. + if (application == null) { + if (!applicationId.toString().equals( confirmApplicationIdentifier )) { throw new IllegalArgumentException( "Cannot delete application without supplying correct application id."); } - } - else if (!application.getName().equals( applicationConfirmedDelete ) ) { + + } else if (!application.getName().split( "/" )[1].equals( confirmApplicationIdentifier ) ) { throw new IllegalArgumentException( "Cannot delete application without supplying correct application name"); } - if ( applicationId == null ) { - throw new IllegalArgumentException("Application ID not specified in request"); - } - management.deleteApplication( applicationId ); if (logger.isTraceEnabled()) { http://git-wip-us.apache.org/repos/asf/usergrid/blob/b06190a3/stack/rest/src/test/java/org/apache/usergrid/rest/applications/ApplicationDeleteIT.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/applications/ApplicationDeleteIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/applications/ApplicationDeleteIT.java index 7b4751d..5858289 100644 --- a/stack/rest/src/test/java/org/apache/usergrid/rest/applications/ApplicationDeleteIT.java +++ b/stack/rest/src/test/java/org/apache/usergrid/rest/applications/ApplicationDeleteIT.java @@ -40,6 +40,9 @@ import java.util.UUID; import static org.junit.Assert.fail; +import static org.apache.usergrid.rest.management.organizations.applications + .ApplicationResource.CONFIRM_APPLICATION_IDENTIFIER; + public class ApplicationDeleteIT extends AbstractRestIT { @@ -71,7 +74,7 @@ public class ApplicationDeleteIT extends AbstractRestIT { UUID appToDeleteId = createAppWithCollection(orgName, appToDeleteName, orgAdminToken, entities); - // delete the app + // delete the app without specifying confirm_application_identifier final Response response = clientSetup.getRestClient().management().orgs() .org( orgName ).apps().app( appToDeleteId.toString() ).getTarget() @@ -84,7 +87,7 @@ public class ApplicationDeleteIT extends AbstractRestIT { clientSetup.getRestClient().management().orgs() .org(orgName).apps().app(appToDeleteId.toString() ).getTarget() .queryParam("access_token", orgAdminToken.getAccessToken() ) - .queryParam("application_identifier", appToDeleteId) + .queryParam(CONFIRM_APPLICATION_IDENTIFIER, appToDeleteId) .request() .delete(); @@ -175,7 +178,7 @@ public class ApplicationDeleteIT extends AbstractRestIT { final Response response1 = clientSetup.getRestClient().management() .orgs().org( orgName ).apps().app( appToDeleteId.toString() ) .getTarget().queryParam( "access_token", orgAdminToken.getAccessToken() ) - .queryParam( "application_identifier", appToDeleteId ) + .queryParam( CONFIRM_APPLICATION_IDENTIFIER, appToDeleteId ) .request() .delete(); Assert.assertEquals( "Error must be 404", 404, response1.getStatus() ); @@ -223,7 +226,7 @@ public class ApplicationDeleteIT extends AbstractRestIT { clientSetup.getRestClient().management().orgs() .org( orgName ).apps().app( appToDeleteName ).getTarget() .queryParam( "access_token", orgAdminToken.getAccessToken() ) - .queryParam("application_identifier", appToDeleteName) + .queryParam(CONFIRM_APPLICATION_IDENTIFIER, appToDeleteName) .request() .delete(); @@ -303,7 +306,7 @@ public class ApplicationDeleteIT extends AbstractRestIT { clientSetup.getRestClient().management().orgs() .org( orgName ).apps().app( appToDeleteId.toString() ).getTarget() .queryParam( "access_token", orgAdminToken.getAccessToken() ) - .queryParam("application_identifier", appToDeleteId) + .queryParam(CONFIRM_APPLICATION_IDENTIFIER, appToDeleteId) .request() .delete(); @@ -345,7 +348,7 @@ public class ApplicationDeleteIT extends AbstractRestIT { clientSetup.getRestClient().management() .orgs().org( orgName ).apps().app( appToDeleteId.toString() ).getTarget() .queryParam( "access_token", orgAdminToken.getAccessToken() ) - .queryParam( "application_identifier", appToDeleteId ) + .queryParam( CONFIRM_APPLICATION_IDENTIFIER, appToDeleteId ) .request() .delete(); @@ -358,7 +361,7 @@ public class ApplicationDeleteIT extends AbstractRestIT { final Response response = clientSetup.getRestClient().management() .orgs().org( orgName ).apps().app( newAppId.toString() ).getTarget() .queryParam( "access_token", orgAdminToken.getAccessToken() ) - .queryParam( "application_identifier", newAppId ) + .queryParam( CONFIRM_APPLICATION_IDENTIFIER, newAppId ) .request() .delete();
