[
https://issues.apache.org/jira/browse/FINERACT-2673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abhishek Chaudhary closed FINERACT-2673.
----------------------------------------
Resolution: Fixed
> GET /audits/{auditId} returns HTTP 500 instead of 404 when the audit entry
> does not exist
> -----------------------------------------------------------------------------------------
>
> Key: FINERACT-2673
> URL: https://issues.apache.org/jira/browse/FINERACT-2673
> Project: Apache Fineract
> Issue Type: Bug
> Components: System
> Affects Versions: 1.14.0
> Reporter: Abhishek Chaudhary
> Priority: Blocker
>
> *Observed behavior*
> {noformat}
> GET /fineract-provider/api/v1/audits/{auditId}
> {noformat}
> with a nonexistent {{auditId}} returns HTTP 500 with an unhandled
> {{EmptyResultDataAccessException}}. The same happens for an audit entry that
> exists but is outside the caller's office hierarchy, because the lookup SQL
> is hierarchy-scoped.
> *Root cause*
> {{AuditReadPlatformServiceImpl.retrieveAuditEntry()}} executes
> {{jdbcTemplate.queryForObject("... where aud.id = ?")}} with no empty-result
> handling.
> {{JdbcTemplate.queryForObject()}} throws {{EmptyResultDataAccessException}}
> when no rows match. Since there is no exception mapper for it, the exception
> falls through {{DefaultExceptionMapper}} and is returned as HTTP 500. This is
> the same defect class as FINERACT-2671.
> *Expected behavior*
> HTTP 404 with the standard platform error payload by catching
> {{EmptyResultDataAccessException}} and throwing a domain-specific not-found
> exception extending {{AbstractPlatformResourceNotFoundException}}.
> The hierarchy-scoped case should also return HTTP 404 (rather than HTTP 403)
> so the API does not disclose whether an audit ID exists outside the caller's
> office hierarchy.
> *Steps to reproduce*
> # Call:
> {noformat}
> GET /fineract-provider/api/v1/audits/999999
> {noformat}
> Current: HTTP 500
> Expected: HTTP 404
> *Proposed fix*
> * Introduce {{AuditEntryNotFoundException}} extending
> {{AbstractPlatformResourceNotFoundException}}.
> * Catch {{EmptyResultDataAccessException}} in
> {{AuditReadPlatformServiceImpl.retrieveAuditEntry()}} and rethrow
> {{AuditEntryNotFoundException}}.
> * Add integration tests covering:
> ** Non-existent audit ID → HTTP 404.
> ** Audit entry outside the caller's office hierarchy → HTTP 404.
> I found this while reviewing read-platform services for the FINERACT-2671
> defect class and would like to work on it. Please assign it to me.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)