Merge branch 'issue-227174' into 'master'

FIX: handle argument error in the api layer Closes #227174 See merge request gitlab-org/gitlab!41167

Merge branch 'issue-227174' into 'master'
FIX: handle argument error in the api layer Closes #227174 See merge request gitlab-org/gitlab!41167
93a9fce9 · Heinrich Lee Yu · 57c427fc · 26b68d8d · 93a9fce9 · 93a9fce9
Commit 93a9fce9 authored Sep 08, 2020 by Heinrich Lee Yu
4 changed files
--- a/changelogs/unreleased/issue-227174.yml
+++ b/changelogs/unreleased/issue-227174.yml
+---
+title: Handle todos api argument error
+merge_request: 41167
+author: gaga5lala
+type: fixed
--- a/doc/api/todos.md
+++ b/doc/api/todos.md
@@ -21,12 +21,12 @@ Parameters:

 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `action` | string | no | The action to be filtered. Can be `assigned`, `mentioned`, `build_failed`, `marked`, `approval_required`, `unmergeable` or `directly_addressed`. |
+| `action` | string | no | The action to be filtered. Can be `assigned`, `mentioned`, `build_failed`, `marked`, `approval_required`, `unmergeable`, `directly_addressed` or `merge_train_removed`. |
 | `author_id` | integer | no | The ID of an author |
 | `project_id` | integer | no | The ID of a project |
 | `group_id` | integer | no | The ID of a group |
 | `state` | string | no | The state of the todo. Can be either `pending` or `done` |
-| `type` | string | no | The type of a todo. Can be either `Issue` or `MergeRequest` |
+| `type` | string | no | The type of a todo. Can be either `Issue`, `MergeRequest`, `DesignManagement::Design` or `AlertManagement::Alert` |

 ```shell
 curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/todos"

--- a/lib/api/todos.rb
+++ b/lib/api/todos.rb
@@ -39,8 +39,17 @@ module API

    resource :todos do
      helpers do
+        params :todo_filters do
+          optional :action, String, values: Todo::ACTION_NAMES.values.map(&:to_s)
+          optional :author_id, Integer
+          optional :state, String, values: Todo.state_machine.states.map(&:name).map(&:to_s)
+          optional :type, String, values: TodosFinder.todo_types
+          optional :project_id, Integer
+          optional :group_id, Integer
+        end
+
        def find_todos
-          TodosFinder.new(current_user, params).execute
+          TodosFinder.new(current_user, declared_params(include_missing: false)).execute
        end

        def issuable_and_awardable?(type)
@@ -72,7 +81,7 @@ module API
        success Entities::Todo
      end
      params do
-        use :pagination
+        use :pagination, :todo_filters
      end
      get do
        todos = paginate(find_todos.with_entity_associations)

--- a/spec/requests/api/todos_spec.rb
+++ b/spec/requests/api/todos_spec.rb
@@ -34,6 +34,29 @@ RSpec.describe API::Todos do
    end

    context 'when authenticated' do
+      context 'when invalid params' do
+        context "invalid action" do
+          it 'returns 400' do
+            get api('/todos', john_doe), params: { action: 'InvalidAction' }
+            expect(response).to have_gitlab_http_status(:bad_request)
+          end
+        end
+
+        context "invalid state" do
+          it 'returns 400' do
+            get api('/todos', john_doe), params: { state: 'InvalidState' }
+            expect(response).to have_gitlab_http_status(:bad_request)
+          end
+        end
+
+        context "invalid type" do
+          it 'returns 400' do
+            get api('/todos', john_doe), params: { type: 'InvalidType' }
+            expect(response).to have_gitlab_http_status(:bad_request)
+          end
+        end
+      end
+
      it 'returns an array of pending todos for current user' do
        get api('/todos', john_doe)