toulouse-maelis: do not accept additional properties on endpoints (#70181)

2022-10-12 12:31:23 +02:00 · 2022-10-12 12:31:23 +02:00 · 11d26fac71
parent a35d821ede
commit 11d26fac71
2 changed files with 25 additions and 0 deletions
--- a/passerelle/contrib/toulouse_maelis/schemas.py
+++ b/passerelle/contrib/toulouse_maelis/schemas.py
@ -52,6 +52,7 @@ LINK_SCHEMA = {
            'type': 'string',
        },
    },
+    'additionalProperties': False,
 }
 LINK_SCHEMA['properties'].update(ID_PROPERTIES)

@ -62,6 +63,7 @@ ISEXISTS_SCHEMA = {
    'type': 'object',
    'required': ['firstname', 'lastname', 'dateBirth'],
    'properties': ID_PROPERTIES,
+    'additionalProperties': False,
 }

 ADDRESS_SCHEMA = {
@ -239,6 +241,7 @@ RLINFO_SCHEMA = {
        'profession': PROFESSION_SCHEMA,
        'CAFInfo': CAFINFO_SCHEMA,
    },
+    'additionalProperties': False,
 }
 RLINFO_SCHEMA['properties'].update(ID_PROPERTIES)

@ -358,6 +361,7 @@ FSL_SCHEMA = {
                    'oneOf': [{'type': 'null'}, {'type': 'string'}],
                },
            },
+            'additionalProperties': False,
        },
    ],
 }
@ -443,6 +447,7 @@ MEDICALRECORD_SCHEMA = {
                    ],
                },
            },
+            'additionalProperties': False,
        },
    ],
    'unflatten': True,
@ -477,6 +482,7 @@ PAIINFO_SCHEMA = {
                    'oneOf': [{'type': 'null'}, {'type': 'string'}],
                },
            },
+            'additionalProperties': False,
        },
    ],
 }
@ -513,6 +519,7 @@ CHILD_SCHEMA = {
        'medicalRecord': MEDICALRECORD_SCHEMA,
        'paiInfoBean': PAIINFO_SCHEMA,
    },
+    'additionalProperties': False,
 }
 CHILD_SCHEMA['properties'].update(ID_PROPERTIES)

@ -564,6 +571,7 @@ FAMILYPERSON_SCHEMA = {
        'contact': CONTACTLIGHT_SCHEMA,
    },
    'unflatten': True,
+    'additionalProperties': False,
 }
 FAMILYPERSON_SCHEMA['properties'].update(ID_PROPERTIES)

@ -647,6 +655,7 @@ UPDATE_FAMILY_SCHEMA = {
        },
    },
    'unflatten': True,
+    'additionalProperties': False,
 }

 CREATE_FAMILY_SCHEMA = copy.deepcopy(UPDATE_FAMILY_SCHEMA)
@ -703,6 +712,7 @@ UPDATE_COORDINATE_SCHEMA = {
        'CAFInfo': CAFINFO_SCHEMA,
    },
    'unflatten': True,
+    'additionalProperties': False,
 }

 CHILDPERSON_SCHEMA = copy.deepcopy(FAMILYPERSON_SCHEMA)
--- a/tests/test_toulouse_maelis.py
+++ b/tests/test_toulouse_maelis.py
@ -228,6 +228,21 @@ def test_link(mocked_post, mocked_get, con, app):
    assert resp.json['err_desc'] == "RL1 does not match '1312' family"


+def test_link_additional_properties_error(con, app):
+    url = get_endpoint('link')
+
+    params = {
+        'family_id': '1312',
+        'firstname': 'Jhon',
+        'lastname': 'Doe',
+        'dateBirth': '1938-07-26',
+        'plop': 42,
+    }
+    resp = app.post_json(url + '?NameID=local', params=params, status=400)
+    assert resp.json['err'] == 1
+    assert resp.json['err_desc'] == "Additional properties are not allowed ('plop' was unexpected)"
+
+
 def test_unlink(con, app):
    url = get_endpoint('unlink')
    Link.objects.create(resource=con, family_id='1312', name_id='local')