erp5_json_rpc_api: check body content

master/bt5/erp5_json_rpc_api/DocumentTemplateItem/portal_components/document.erp5.JsonRpcAPIService.py

@@ -274,7 +274,14 @@ class JsonRpcAPIService(OpenAPIService):
       raise NotFound()
     method = getattr(self, operation)#self.getMethodForOperation(operation)
     # parameters = self.extractParametersFromRequest(operation, request)
-    result = method(json_data=byteify(json.loads(request.get('BODY'))))#**parameters)
+    try:
+      json_data = byteify(json.loads(request.get('BODY')))
+    except BaseException as e:
+      raise BadRequest(str(e))
+    if not isinstance(json_data, dict):
+      raise BadRequest("Did not received a JSON Object")
+
+    result = method(json_data=json_data)#**parameters)
     response = request.RESPONSE
     if response.getHeader('Content-Type'):
       return result

master/bt5/erp5_json_rpc_api/TestTemplateItem/portal_components/test.erp5.testJsonRpcAPIService.py

@@ -34,6 +34,24 @@ class JsonRpcAPITestCase(ERP5TypeTestCase):
   _type_id = 'JSON RPC API Test Service'
   _action_list_text = ''
 
+  def addJSONForm(self, script_id, body):
+    self.portal.portal_callables.newContent(
+      portal_type='JSON Form',
+      id=script_id,
+      text_content=body
+    )
+    """
+    skin_folder = self.portal.portal_skins['custom']
+    skin_folder.manage_addProduct['ERP5'].addPythonScriptThroughZMI(
+      id=script_id)
+
+    self.script = skin_folder.get(script_id)
+    self.script.setParameterSignature(params)
+    self.script.setBody(body)
+"""
+    self.tic()
+    self._python_script_id_to_cleanup.append(script_id)
+
   def afterSetUp(self):
     self.portal.portal_types.newContent(
       portal_type='JSON RPC API Type',
@@ -52,6 +70,7 @@ class JsonRpcAPITestCase(ERP5TypeTestCase):
       text_content = self._action_list_text
     )
     self.tic()
+    self._python_script_id_to_cleanup = []
 
   def beforeTearDown(self):
     self.abort()
@@ -71,6 +90,9 @@ class JsonRpcAPITestCase(ERP5TypeTestCase):
           - set([self._type_id])))
 
     self.tic()
+    if self._python_script_id_to_cleanup:
+      self.portal.portal_callables.manage_delObjects(self._python_script_id_to_cleanup)
+    self.tic()
 
     """
     self.abort()
@@ -167,7 +189,8 @@ class TestJsonRpcAPIConnectorView(JsonRpcAPITestCase):
 
 
 class TestJsonRpcAPIErrorHandling(JsonRpcAPITestCase):
-  _action_list_text = 'error.handling.missing.callable | JsonRpcService_doesNotExist'
+  _action_list_text = '''error.handling.missing.callable | JsonRpcService_doesNotExist
+error.handling.callable | JsonRpcService_testExample'''
 
   def test_errorHandling_wrongContentType(self):
     response = self.publish(
@@ -232,6 +255,46 @@ class TestJsonRpcAPIErrorHandling(JsonRpcAPITestCase):
         "title": "AttributeError: 'RequestContainer' object has no attribute 'JsonRpcService_doesNotExist'"
       })
 
+  def test_errorHandling_notJsonBody(self):
+    self.addJSONForm(
+      'JsonRpcService_testExample',
+      '{}',
+    )
+    response = self.publish(
+      self.connector.getPath() + '/error.handling.callable',
+      user='ERP5TypeTestCase',
+      request_method='POST',
+      stdin=io.BytesIO(
+        '1+2:"'.encode()),
+      env={'CONTENT_TYPE': 'application/json'})
+    self.assertEqual(response.getStatus(), 400)
+    self.assertEqual(response.getHeader('content-type'), 'application/json')
+    self.assertEqual(
+      json.loads(response.getBody()), {
+        "type": "unknown-error",
+        "title": "BadRequest: Extra data: line 1 column 2 - line 1 column 6 (char 1 - 5)"
+      })
+
+  def test_errorHandling_notJsonDict(self):
+    self.addJSONForm(
+      'JsonRpcService_testExample',
+      '{}',
+    )
+    response = self.publish(
+      self.connector.getPath() + '/error.handling.callable',
+      user='ERP5TypeTestCase',
+      request_method='POST',
+      stdin=io.BytesIO(
+        '[]'.encode()),
+      env={'CONTENT_TYPE': 'application/json'})
+    self.assertEqual(response.getStatus(), 400)
+    self.assertEqual(response.getHeader('content-type'), 'application/json')
+    self.assertEqual(
+      json.loads(response.getBody()), {
+        "type": "unknown-error",
+        "title": "BadRequest: Did not received a JSON Object"
+      })
+
 
 class TestJsonRpcAPIDemoDemoDemoXXXTOMoveTODO(JsonRpcAPITestCase):
   _action_list_text = '''WIP.create.installation | jIOWebSection_createSoftwareInstallationFromJSON