From 58ff0d684ba1eda836320430e58b44b48029baff Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@skymatic.de>
Date: Fri, 26 Jan 2024 12:30:34 +0100
Subject: [PATCH] relaxed validation

---
 .../org/cryptomator/hub/api/UsersResource.java |  3 ++-
 .../cryptomator/hub/api/UsersResourceTest.java | 18 +++++++++++++++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java b/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java
index cf83511b..1707d773 100644
--- a/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java
+++ b/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java
@@ -6,6 +6,7 @@
 import jakarta.transaction.Transactional;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.POST;
@@ -74,7 +75,7 @@ public Response putMe(@Nullable @Valid UserDto dto) {
 	@Consumes(MediaType.APPLICATION_JSON)
 	@Operation(summary = "adds/updates user-specific vault keys", description = "Stores one or more vaultid-vaultkey-tuples for the currently logged-in user, as defined in the request body ({vault1: token1, vault2: token2, ...}).")
 	@APIResponse(responseCode = "200", description = "all keys stored")
-	public Response updateMyAccessTokens(@NotEmpty Map<UUID, String> tokens) {
+	public Response updateMyAccessTokens(@NotNull Map<UUID, String> tokens) {
 		var user = User.<User>findById(jwt.getSubject());
 		for (var entry : tokens.entrySet()) {
 			var vault = Vault.<Vault>findById(entry.getKey());
diff --git a/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java b/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java
index f92af177..7ddc7573 100644
--- a/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java
+++ b/backend/src/test/java/org/cryptomator/hub/api/UsersResourceTest.java
@@ -71,7 +71,7 @@ public void testGetAll() {
 
 		@Test
 		@DisplayName("POST /users/me/access-tokens returns 200")
-		public void testPostAccessTokens() {
+		public void testPostAccessTokens1() {
 			var body = """
 					{
 						"7E57C0DE-0000-4000-8000-000100001111": "jwe.jwe.jwe.vault1.user1",
@@ -83,6 +83,22 @@ public void testPostAccessTokens() {
 					.then().statusCode(200);
 		}
 
+		@Test
+		@DisplayName("POST /users/me/access-tokens returns 200 for empty list")
+		public void testPostAccessTokens2() {
+			given().contentType(ContentType.JSON).body("{}")
+					.when().post("/users/me/access-tokens")
+					.then().statusCode(200);
+		}
+
+		@Test
+		@DisplayName("POST /users/me/access-tokens returns 400 for malformed body")
+		public void testPostAccessTokens3() {
+			given().contentType(ContentType.JSON).body("")
+					.when().post("/users/me/access-tokens")
+					.then().statusCode(400);
+		}
+
 	}
 
 	@Nested