relaxed validation

cryptomator · Jan 26, 2024 · 58ff0d6 · 58ff0d6
1 parent c7a2d70
commit 58ff0d6
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java b/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java
@@ -6,6 +6,7 @@
 import jakarta.transaction.Transactional;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.POST;
@@ -74,7 +75,7 @@ public Response putMe(@Nullable @Valid UserDto dto) {
 	@Consumes(MediaType.APPLICATION_JSON)
 	@Operation(summary = "adds/updates user-specific vault keys", description = "Stores one or more vaultid-vaultkey-tuples for the currently logged-in user, as defined in the request body ({vault1: token1, vault2: token2, ...}).")
 	@APIResponse(responseCode = "200", description = "all keys stored")
-	public Response updateMyAccessTokens(@NotEmpty Map<UUID, String> tokens) {
+	public Response updateMyAccessTokens(@NotNull Map<UUID, String> tokens) {
 		var user = User.<User>findById(jwt.getSubject());
 		for (var entry : tokens.entrySet()) {
 			var vault = Vault.<Vault>findById(entry.getKey());

diff --git a/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java b/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java
@@ -71,7 +71,7 @@ public void testGetAll() {
 
 		@Test
 		@DisplayName("POST /users/me/access-tokens returns 200")
-		public void testPostAccessTokens() {
+		public void testPostAccessTokens1() {
 			var body = """
 					{
 						"7E57C0DE-0000-4000-8000-000100001111": "jwe.jwe.jwe.vault1.user1",
@@ -83,6 +83,22 @@ public void testPostAccessTokens() {
 					.then().statusCode(200);
 		}
 
+		@Test
+		@DisplayName("POST /users/me/access-tokens returns 200 for empty list")
+		public void testPostAccessTokens2() {
+			given().contentType(ContentType.JSON).body("{}")
+					.when().post("/users/me/access-tokens")
+					.then().statusCode(200);
+		}
+
+		@Test
+		@DisplayName("POST /users/me/access-tokens returns 400 for malformed body")
+		public void testPostAccessTokens3() {
+			given().contentType(ContentType.JSON).body("")
+					.when().post("/users/me/access-tokens")
+					.then().statusCode(400);
+		}
+
 	}
 
 	@Nested