Merge pull request #1783 from OpenConext/feature/add-arp-numeric-key-…

…exception Add ARP numeric key exception
OpenConext · Jan 27, 2025 · c72e17a · c72e17a
2 parents 8bdd4ff + b7b3ba0
commit c72e17a
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 1 deletion.
diff --git a/src/OpenConext/EngineBlock/Metadata/AttributeReleasePolicy.php b/src/OpenConext/EngineBlock/Metadata/AttributeReleasePolicy.php
@@ -84,6 +84,16 @@ private function validateRule($key, $rule)
                 );
             }
 
+            if (isset($rule['release_as']) && is_numeric($rule['release_as'])) {
+                throw new InvalidArgumentException(
+                    sprintf(
+                        'Invalid release as for attribute "%s", attribute cannot be numeric, got: "%s"',
+                        $key,
+                        (string)$rule['release_as']
+                    )
+                );
+            }
+
             $value = $rule['value'];
         } else {
             $value = $rule;

diff --git a/src/OpenConext/EngineBlockBundle/Controller/Api/ConnectionsController.php b/src/OpenConext/EngineBlockBundle/Controller/Api/ConnectionsController.php
@@ -36,6 +36,8 @@
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects) Static calls, factories, and having to check HTTP methods which is
  *                                                 usually done by Symfony
+ * @SuppressWarnings(PHPMD.CyclomaticComplexity) Extensive role validation
+ * @SuppressWarnings(PHPMD.NPathComplexity) Extensive role validation
  */
 class ConnectionsController
 {
@@ -111,7 +113,11 @@ public function pushConnectionsAction(Request $request)
             throw new BadApiRequestHttpException('Unrecognized structure for JSON');
         }
 
-        $roles     = $this->pushMetadataAssembler->assemble($body->connections);
+        try {
+            $roles = $this->pushMetadataAssembler->assemble($body->connections);
+        } catch (Exception $exception) {
+            throw new BadApiRequestHttpException(sprintf('Unable to assemble the pushed metadata: %s', $exception->getMessage()), $exception);
+        }
 
         unset($body);
 

diff --git a/tests/library/EngineBlock/Test/Arp/AttributeReleasePolicyTest.php b/tests/library/EngineBlock/Test/Arp/AttributeReleasePolicyTest.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Copyright 2024 SURFnet B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+use OpenConext\EngineBlock\Metadata\AttributeReleasePolicy;
+use PHPUnit\Framework\TestCase;
+
+class EngineBlock_Test_Arp_AttributeReleasePolicyTest extends TestCase
+{
+    public function testEnforceNumericArpKeyException()
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectExceptionMessage('Invalid release as for attribute "urn:mace:dir:attribute-def:cn", attribute cannot be numeric, got: "9999"');
+
+        $arp = array(
+            'urn:mace:dir:attribute-def:cn' => array(
+                array(
+                    "value" => "*",
+                    "release_as" => "9999",
+                ),
+            ),
+        );
+
+        $policy = new AttributeReleasePolicy($arp);
+    }
+}