Merge "Search: Validate pagination query params for SimpleItemSearch"

Author: jenkins-bot

repo/domains/search/specs/global/responses.json

@@ -17,8 +17,8 @@
 					"invalid-query-parameter": {
 						"value": {
 							"code": "invalid-query-parameter",
-							"message": "Invalid query parameter: 'language'",
-							"context": { "parameter": "language" }
+							"message": "Invalid query parameter: '{query_parameter}'",
+							"context": { "parameter": "{query_parameter}" }
 						}
 					}
 				}

repo/domains/search/src/Application/UseCases/SimpleItemSearch/SimpleItemSearchValidator.php

@@ -12,6 +12,10 @@
 class SimpleItemSearchValidator {
 
 	public const LANGUAGE_QUERY_PARAM = 'language';
+	public const LIMIT_QUERY_PARAM = 'limit';
+	public const OFFSET_QUERY_PARAM = 'offset';
+
+	private const MAX_LIMIT = 500;
 
 	private SearchLanguageValidator $languageValidator;
 
@@ -30,14 +34,25 @@ public function validate( SimpleItemSearchRequest $request ): void {
 		if ( $validationError ) {
 			switch ( $validationError->getCode() ) {
 				case SearchLanguageValidator::CODE_INVALID_LANGUAGE_CODE:
-					throw new UseCaseError(
-						UseCaseError::INVALID_QUERY_PARAMETER,
-						"Invalid query parameter: '" . self::LANGUAGE_QUERY_PARAM . "'",
-						[ UseCaseError::CONTEXT_PARAMETER => self::LANGUAGE_QUERY_PARAM ]
-					);
+					throw UseCaseError::invalidQueryParameter( self::LANGUAGE_QUERY_PARAM );
 				default:
 					throw new LogicException( 'unknown validation error code ' . $validationError->getCode() );
 			}
 		}
+
+		$this->validateLimitAndOffset( $request );
+	}
+
+	private function validateLimitAndOffset( SimpleItemSearchRequest $request ): void {
+		$limit = $request->getLimit();
+		$offset = $request->getOffset();
+
+		if ( $limit < 0 || $limit > self::MAX_LIMIT ) {
+			throw UseCaseError::invalidQueryParameter( self::LIMIT_QUERY_PARAM );
+		}
+
+		if ( $offset < 0 ) {
+			throw UseCaseError::invalidQueryParameter( self::OFFSET_QUERY_PARAM );
+		}
 	}
 }

repo/domains/search/src/Application/UseCases/UseCaseError.php

@@ -46,6 +46,14 @@ public function __construct( string $code, string $message, array $context = []
 		}
 	}
 
+	public static function invalidQueryParameter( string $parameter ): self {
+		return new self(
+			self::INVALID_QUERY_PARAMETER,
+			"Invalid query parameter: '$parameter'",
+			[ self::CONTEXT_PARAMETER => $parameter ]
+		);
+	}
+
 	public function getErrorCode(): string {
 		return $this->errorCode;
 	}

repo/domains/search/tests/mocha/api-testing/SimpleItemSearchTest.js

@@ -18,6 +18,13 @@ function newSearchRequest( language, searchTerm ) {
 		.withQueryParam( 'q', searchTerm );
 }
 
+function assertValidError( response, statusCode, responseBodyErrorCode, context ) {
+	expect( response ).to.have.status( statusCode );
+	assert.header( response, 'Content-Language', 'en' );
+	assert.strictEqual( response.body.code, responseBodyErrorCode );
+	assert.deepStrictEqual( response.body.context, context );
+}
+
 describe( 'Simple item search', () => {
 	let item1;
 	let itemWithoutDescription;
@@ -193,11 +200,7 @@ describe( 'Simple item search', () => {
 				.assertInvalidRequest()
 				.makeRequest();
 
-			expect( response ).to.have.status( 400 );
-
-			assert.header( response, 'Content-Language', 'en' );
-			assert.strictEqual( response.body.code, 'invalid-query-parameter' );
-			assert.deepStrictEqual( response.body.context, { parameter: 'language' } );
+			assertValidError( response, 400, 'invalid-query-parameter', { parameter: 'language' } );
 		} );
 
 		it( 'User-Agent empty', async () => {
@@ -208,6 +211,29 @@ describe( 'Simple item search', () => {
 			expect( response ).to.have.status( 400 );
 			assert.strictEqual( response.body.code, 'missing-user-agent' );
 		} );
-	} );
 
+		Object.entries( {
+			'invalid limit parameter - exceeds max limit 500': {
+				parameter: 'limit',
+				value: 501
+			},
+			'invalid limit parameter - negative limit': {
+				parameter: 'limit',
+				value: -1
+			},
+			'invalid offset parameter - negative offset': {
+				parameter: 'offset',
+				value: -2
+			}
+		} ).forEach( ( [ title, { parameter, value } ] ) => {
+			it( title, async () => {
+
+				const response = await newSearchRequest( 'en', 'search term' )
+					.withQueryParam( parameter, value )
+					.makeRequest();
+
+				assertValidError( response, 400, 'invalid-query-parameter', { parameter } );
+			} );
+		} );
+	} );
 } );

repo/domains/search/tests/phpunit/Application/UseCases/SimpleItemSearch/SimpleItemSearchValidatorTest.php

@@ -2,6 +2,7 @@
 
 namespace Wikibase\Repo\Tests\Domains\Search\Application\UseCases\SimpleItemSearch;
 
+use Generator;
 use MediaWiki\MediaWikiServices;
 use PHPUnit\Framework\TestCase;
 use Wikibase\Repo\Domains\Search\Application\UseCases\SimpleItemSearch\SimpleItemSearchRequest;
@@ -24,18 +25,29 @@
  */
 class SimpleItemSearchValidatorTest extends TestCase {
 
+	private const DEFAULT_LIMIT = 10;
+	private const DEFAULT_OFFSET = 0;
+
 	/**
 	 * @doesNotPerformAssertions
 	 */
 	public function testValidate_passes(): void {
 		$this->newUseCaseValidator()
-			->validate( new SimpleItemSearchRequest( 'search term', 'en', 10, 0 ) );
+			->validate( new SimpleItemSearchRequest( 'search term', 'en', self::DEFAULT_LIMIT, self::DEFAULT_OFFSET ) );
+	}
+
+	/**
+	 * @doesNotPerformAssertions
+	 */
+	public function testValidateWithoutLimitAndOffsetParams_passe(): void {
+		$this->newUseCaseValidator()
+			->validate( new SimpleItemSearchRequest( 'search term', 'en', null, null ) );
 	}
 
 	public function testGivenInvalidLanguageCode_throws(): void {
 		try {
 			$this->newUseCaseValidator()
-				->validate( new SimpleItemSearchRequest( 'search term', 'xyz', 10, 0 ) );
+				->validate( new SimpleItemSearchRequest( 'search term', 'xyz', self::DEFAULT_LIMIT, self::DEFAULT_OFFSET ) );
 
 			$this->fail( 'Expected exception was not thrown' );
 		} catch ( UseCaseError $e ) {
@@ -48,6 +60,43 @@ public function testGivenInvalidLanguageCode_throws(): void {
 		}
 	}
 
+	/**
+	 * @dataProvider provideInvalidLimitAndOffset
+	 */
+	public function testGivenInvalidLimitAndOffset_throws(
+		UseCaseError $expectedError,
+		int $limit,
+		int $offset
+	): void {
+		try {
+			$this->newUseCaseValidator()
+				->validate( new SimpleItemSearchRequest( 'search term', 'en', $limit, $offset ) );
+			$this->fail( 'Expected exception was not thrown' );
+		} catch ( UseCaseError $e ) {
+			$this->assertEquals( $expectedError, $e );
+		}
+	}
+
+	public static function provideInvalidLimitAndOffset(): Generator {
+		yield 'invalid limit - negative limit' => [
+			UseCaseError::invalidQueryParameter( 'limit' ),
+			-1,
+			self::DEFAULT_OFFSET,
+		];
+
+		yield 'invalid limit - limit exceeds max (500)' => [
+			UseCaseError::invalidQueryParameter( 'limit' ),
+			501,
+			self::DEFAULT_OFFSET,
+		];
+
+		yield 'invalid offset - negative offset' => [
+			UseCaseError::invalidQueryParameter( 'offset' ),
+			self::DEFAULT_LIMIT,
+			-2,
+		];
+	}
+
 	private function newUseCaseValidator(): SimpleItemSearchValidator {
 		return new SimpleItemSearchValidator( $this->newSearchLanguageValidator() );
 	}

repo/rest-api/src/openapi.json

@@ -33800,9 +33800,9 @@
                   "invalid-query-parameter": {
                     "value": {
                       "code": "invalid-query-parameter",
-                      "message": "Invalid query parameter: 'language'",
+                      "message": "Invalid query parameter: '{query_parameter}'",
                       "context": {
-                        "parameter": "language"
+                        "parameter": "{query_parameter}"
                       }
                     }
                   }
@@ -34034,9 +34034,9 @@
                   "invalid-query-parameter": {
                     "value": {
                       "code": "invalid-query-parameter",
-                      "message": "Invalid query parameter: 'language'",
+                      "message": "Invalid query parameter: '{query_parameter}'",
                       "context": {
-                        "parameter": "language"
+                        "parameter": "{query_parameter}"
                       }
                     }
                   }
@@ -43247,9 +43247,9 @@
               "invalid-query-parameter": {
                 "value": {
                   "code": "invalid-query-parameter",
-                  "message": "Invalid query parameter: 'language'",
+                  "message": "Invalid query parameter: '{query_parameter}'",
                   "context": {
-                    "parameter": "language"
+                    "parameter": "{query_parameter}"
                   }
                 }
               }