fix(portal): GRO-2203 validate petId as UUID before PATCH lookup (500→404) (#177)
CI / Lint & Typecheck (push) Successful in 29s
CI / Test (push) Successful in 29s
CI / Lint & Typecheck (pull_request) Failing after 2s
CI / Test (pull_request) Successful in 25s
CI / Build & Push Docker Images (pull_request) Has been skipped
CI / Build & Push Docker Images (push) Successful in 47s
CI / Lint & Typecheck (push) Successful in 29s
CI / Test (push) Successful in 29s
CI / Lint & Typecheck (pull_request) Failing after 2s
CI / Test (pull_request) Successful in 25s
CI / Build & Push Docker Images (pull_request) Has been skipped
CI / Build & Push Docker Images (push) Successful in 47s
This commit was merged in pull request #177.
This commit is contained in:
@@ -280,6 +280,23 @@ describe("PATCH /portal/pets/:petId", () => {
|
||||
expect(res.status).toBe(404);
|
||||
});
|
||||
|
||||
it("returns 404 for a malformed (non-UUID) petId without hitting the db (GRO-2203)", async () => {
|
||||
selectSessionRow = ACTIVE_SESSION;
|
||||
// A non-UUID petId previously reached `where(eq(pets.id, ...))` and made
|
||||
// Postgres throw "invalid input syntax for type uuid" → unhandled 500.
|
||||
// It must now short-circuit to 404 before any select/update.
|
||||
selectPetRow = PET;
|
||||
|
||||
const res = await jsonPatch(
|
||||
`/portal/pets/not-a-uuid`,
|
||||
{ coatType: "short" },
|
||||
{ "X-Impersonation-Session-Id": SESSION_ID }
|
||||
);
|
||||
|
||||
expect(res.status).toBe(404);
|
||||
expect(updatedValues).toHaveLength(0);
|
||||
});
|
||||
|
||||
it("returns 422 for an invalid coatType", async () => {
|
||||
selectSessionRow = ACTIVE_SESSION;
|
||||
selectPetRow = PET;
|
||||
|
||||
Reference in New Issue
Block a user