diff --git a/db/migrations/002-remove-trailing-spaces-in-values.sql b/db/migrations/002-remove-trailing-spaces-in-values.sql new file mode 100644 index 0000000..2884522 --- /dev/null +++ b/db/migrations/002-remove-trailing-spaces-in-values.sql @@ -0,0 +1,4 @@ +-- Remove trailing spaces in values +-- depends: 000-init-db + +UPDATE folksonomy SET v = TRIM(v), version=version+1 WHERE v LIKE '% ' OR v LIKE ' %'; diff --git a/folksonomy/api.py b/folksonomy/api.py index ccf7405..3400136 100644 --- a/folksonomy/api.py +++ b/folksonomy/api.py @@ -98,6 +98,7 @@ async def get_current_user(token: str = Depends(oauth2_scheme)): def sanitize_data(k, v): """Some sanitization of data""" k = k.strip() + v = v.strip() if v else v return k, v diff --git a/folksonomy/models.py b/folksonomy/models.py index a7fdf40..5603b7b 100644 --- a/folksonomy/models.py +++ b/folksonomy/models.py @@ -45,6 +45,8 @@ def key_check(cls, v): def value_check(cls, v): if not v: raise ValueError('v cannot be empty') + # strip values + v = v.strip() return v @field_validator('version') diff --git a/tests/test_main.py b/tests/test_main.py index 0e21b76..40d178c 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -514,6 +514,17 @@ async def test_product_key_stripped_on_post(auth_tokens): assert response.status_code == 200, f'getting stripped key should return 200, got {response.status_code} {response.text}' +@pytest.mark.asyncio +async def test_product_value_stripped_on_post(auth_tokens): + with TestClient(app) as client: + headers = {"Authorization": "Bearer foo__Utest-token"} + response = client.post("/product", headers=headers, json= + {"product": BARCODE_1, "version": 1, "k": "test_new", "v": " a test "}) + assert response.status_code == 200, f'valid new entry should return 200, got {response.status_code} {response.text}' + # check created stripped + await check_tag(BARCODE_1, "test_new", v="a test", version=1) + + def test_put_invalid(with_sample): with TestClient(app) as client: headers = {"Authorization": "Bearer foo__Utest-token"}