diff --git a/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java b/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java index cf83511b..1707d773 100644 --- a/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java +++ b/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java @@ -6,6 +6,7 @@ import jakarta.transaction.Transactional; import jakarta.validation.Valid; import jakarta.validation.constraints.NotEmpty; +import jakarta.validation.constraints.NotNull; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.GET; import jakarta.ws.rs.POST; @@ -74,7 +75,7 @@ public Response putMe(@Nullable @Valid UserDto dto) { @Consumes(MediaType.APPLICATION_JSON) @Operation(summary = "adds/updates user-specific vault keys", description = "Stores one or more vaultid-vaultkey-tuples for the currently logged-in user, as defined in the request body ({vault1: token1, vault2: token2, ...}).") @APIResponse(responseCode = "200", description = "all keys stored") - public Response updateMyAccessTokens(@NotEmpty Map tokens) { + public Response updateMyAccessTokens(@NotNull Map tokens) { var user = User.findById(jwt.getSubject()); for (var entry : tokens.entrySet()) { var vault = Vault.findById(entry.getKey()); diff --git a/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java b/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java index f92af177..7ddc7573 100644 --- a/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java +++ b/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java @@ -71,7 +71,7 @@ public void testGetAll() { @Test @DisplayName("POST /users/me/access-tokens returns 200") - public void testPostAccessTokens() { + public void testPostAccessTokens1() { var body = """ { "7E57C0DE-0000-4000-8000-000100001111": "jwe.jwe.jwe.vault1.user1", @@ -83,6 +83,22 @@ public void testPostAccessTokens() { .then().statusCode(200); } + @Test + @DisplayName("POST /users/me/access-tokens returns 200 for empty list") + public void testPostAccessTokens2() { + given().contentType(ContentType.JSON).body("{}") + .when().post("/users/me/access-tokens") + .then().statusCode(200); + } + + @Test + @DisplayName("POST /users/me/access-tokens returns 400 for malformed body") + public void testPostAccessTokens3() { + given().contentType(ContentType.JSON).body("") + .when().post("/users/me/access-tokens") + .then().statusCode(400); + } + } @Nested