Bug 17445: Add 'malformed query' error response

This patch adds to the x-mojo-around action code to give a meaningful
error given a bad query parameter in the query string for a request.

Test Plan
1) Submit an api request to an existing restful endpoint with no query
parameters
2) Confirm the correct response is being given
3) Submit an api request to an existing restful endpoint with an allowed
query parameter
4) Confimr the correct response is being given
5) Submit an api request to an existing restful endpoint with a
malformed query paramter
6) Note the 400 response code and helpful json api body

https://bugs.koha-community.org/show_bug.cgi?id=17445

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

diff --git a/Koha/REST/V1.pm b/Koha/REST/V1.pm
index d62ee23..35d2bfb 100644 (file)
--- a/Koha/REST/V1.pm
+++ b/Koha/REST/V1.pm
@@ -91,6 +91,15 @@ sub authenticate_api_request {
         ) if $cookie and $action_spec->{'x-koha-authorization'};
     }
 
+    # Check for malformed query parameters
+    my @errors;
+    my %valid_parameters = map { $_->{name} => 1 if $_->{in} eq 'query' } @{$action_spec->{parameters}};
+    my $existing_params = $c->req->query_params->to_hash;
+    for my $param ( keys %{$existing_params} ) {
+      push @errors, { path => "/query/".$param, message => 'Malformed query string' } unless exists $valid_parameters{$param};
+    }
+    return $c->render_swagger({},\@errors,400) if @errors;
+
     return $next->($c) unless $action_spec->{'x-koha-authorization'};
     unless ($user) {
         return $c->render_swagger({ error => "Authentication required." },{},401);