Handle invalid POST to action resources. (#54)

Author: mrstegeman

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+## [0.12.2] - 2020-05-04
+### Changed
+- Invalid POST requests to action resources now generate an error status.
+
 ## [0.12.1] - 2020-03-27
 ### Added
 - Support OPTIONS requests to allow for CORS.
@@ -24,7 +28,8 @@
 ### Changed
 - Property, Action, and Event description now use `links` rather than `href`. - [Spec PR](https://github.com/mozilla-iot/wot/pull/119)
 
-[Unreleased]: https://github.com/mozilla-iot/webthing-java/compare/v0.12.1...HEAD
+[Unreleased]: https://github.com/mozilla-iot/webthing-java/compare/v0.12.2...HEAD
+[0.12.2]: https://github.com/mozilla-iot/webthing-java/compare/v0.12.1...v0.12.2
 [0.12.1]: https://github.com/mozilla-iot/webthing-java/compare/v0.12.0...v0.12.1
 [0.12.0]: https://github.com/mozilla-iot/webthing-java/compare/v0.11.0...v0.12.0
 [0.11.0]: https://github.com/mozilla-iot/webthing-java/compare/v0.10.0...v0.11.0

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>org.mozilla.iot</groupId>
     <artifactId>webthing</artifactId>
-    <version>0.12.1</version>
+    <version>0.12.2</version>
 
     <name>WebThing</name>
     <description>Implementation of an HTTP Web Thing.</description>

src/main/java/org/mozilla/iot/webthing/Thing.java

@@ -756,6 +756,10 @@ public boolean validateActionInput(JSONObject actionInput) {
                 return true;
             }
 
+            if (actionInput == null) {
+                actionInput = new JSONObject();
+            }
+
             try {
                 this.schema.validate(actionInput);
             } catch (ValidationException e) {

src/main/java/org/mozilla/iot/webthing/WebThingServer.java

@@ -1224,35 +1224,40 @@ public Response post(UriResource uriResource,
             }
 
             try {
-                JSONObject response = new JSONObject();
                 JSONArray actionNames = json.names();
-                if (actionNames == null) {
+                if (actionNames == null || actionNames.length() != 1) {
                     return corsResponse(NanoHTTPD.newFixedLengthResponse(
                             Response.Status.BAD_REQUEST,
                             null,
                             null));
                 }
 
-                for (int i = 0; i < actionNames.length(); ++i) {
-                    String actionName = actionNames.getString(i);
-                    JSONObject params = json.getJSONObject(actionName);
-                    JSONObject input = null;
-                    if (params.has("input")) {
-                        input = params.getJSONObject("input");
-                    }
-
-                    Action action = thing.performAction(actionName, input);
-                    if (action != null) {
-                        response.put(actionName,
-                                     action.asActionDescription()
-                                           .getJSONObject(actionName));
-
-                        (new ActionRunner(action)).start();
-                    }
+                String actionName = actionNames.getString(0);
+                JSONObject params = json.getJSONObject(actionName);
+                JSONObject input = null;
+                if (params.has("input")) {
+                    input = params.getJSONObject("input");
+                }
+
+                Action action = thing.performAction(actionName, input);
+                if (action != null) {
+                    JSONObject response = new JSONObject();
+                    response.put(actionName,
+                                 action.asActionDescription()
+                                       .getJSONObject(actionName));
+
+                    (new ActionRunner(action)).start();
+
+                    return corsResponse(NanoHTTPD.newFixedLengthResponse(
+                            Response.Status.CREATED,
+                            "application/json",
+                            response.toString()));
+                } else {
+                    return corsResponse(NanoHTTPD.newFixedLengthResponse(
+                            Response.Status.BAD_REQUEST,
+                            null,
+                            null));
                 }
-                return corsResponse(NanoHTTPD.newFixedLengthResponse(Response.Status.CREATED,
-                                                                     "application/json",
-                                                                     response.toString()));
             } catch (JSONException e) {
                 return corsResponse(NanoHTTPD.newFixedLengthResponse(Response.Status.INTERNAL_ERROR,
                                                                      null,
@@ -1352,39 +1357,47 @@ public Response post(UriResource uriResource,
             String actionName = this.getActionName(uriResource, session);
 
             try {
-                JSONObject response = new JSONObject();
                 JSONArray actionNames = json.names();
-                if (actionNames == null) {
+                if (actionNames == null || actionNames.length() != 1) {
+                    return corsResponse(NanoHTTPD.newFixedLengthResponse(
+                            Response.Status.BAD_REQUEST,
+                            null,
+                            null));
+                }
+
+                String name = actionNames.getString(0);
+                if (!name.equals(actionName)) {
                     return corsResponse(NanoHTTPD.newFixedLengthResponse(
                             Response.Status.BAD_REQUEST,
                             null,
                             null));
                 }
 
-                for (int i = 0; i < actionNames.length(); ++i) {
-                    String name = actionNames.getString(i);
-                    if (!name.equals(actionName)) {
-                        continue;
-                    }
-
-                    JSONObject params = json.getJSONObject(name);
-                    JSONObject input = null;
-                    if (params.has("input")) {
-                        input = params.getJSONObject("input");
-                    }
-
-                    Action action = thing.performAction(name, input);
-                    if (action != null) {
-                        response.put(name,
-                                     action.asActionDescription()
-                                           .getJSONObject(name));
-
-                        (new ActionRunner(action)).start();
-                    }
+                JSONObject params = json.getJSONObject(name);
+                JSONObject input = null;
+                if (params.has("input")) {
+                    input = params.getJSONObject("input");
+                }
+
+                Action action = thing.performAction(name, input);
+                if (action != null) {
+                    JSONObject response = new JSONObject();
+                    response.put(name,
+                                 action.asActionDescription()
+                                       .getJSONObject(name));
+
+                    (new ActionRunner(action)).start();
+
+                    return corsResponse(NanoHTTPD.newFixedLengthResponse(
+                            Response.Status.CREATED,
+                            "application/json",
+                            response.toString()));
+                } else {
+                    return corsResponse(NanoHTTPD.newFixedLengthResponse(
+                            Response.Status.BAD_REQUEST,
+                            null,
+                            null));
                 }
-                return corsResponse(NanoHTTPD.newFixedLengthResponse(Response.Status.CREATED,
-                                                                     "application/json",
-                                                                     response.toString()));
             } catch (JSONException e) {
                 return corsResponse(NanoHTTPD.newFixedLengthResponse(Response.Status.INTERNAL_ERROR,
                                                                      null,