API: Catch empty code content for project snippets

2018-08-21 11:29:51 +02:00 · 2018-08-21 11:29:51 +02:00 · 72b5c9af62
commit 72b5c9af62
parent cc9764acd0
3 changed files with 23 additions and 2 deletions
--- a/changelogs/unreleased/api-empty-project-snippets.yml
+++ b/changelogs/unreleased/api-empty-project-snippets.yml
@ -0,0 +1,5 @@
+---
+title: 'API: Catch empty code content for project snippets'
+merge_request: 21325
+author: Robert Schilling
+type: fixed
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@ -49,7 +49,7 @@ module API
      params do
        requires :title, type: String, desc: 'The title of the snippet'
        requires :file_name, type: String, desc: 'The file name of the snippet'
-        requires :code, type: String, desc: 'The content of the snippet'
+        requires :code, type: String, allow_blank: false, desc: 'The content of the snippet'
        optional :description, type: String, desc: 'The description of a snippet'
        requires :visibility, type: String,
                              values: Gitlab::VisibilityLevel.string_values,
@ -78,7 +78,7 @@ module API
        requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
        optional :title, type: String, desc: 'The title of the snippet'
        optional :file_name, type: String, desc: 'The file name of the snippet'
-        optional :code, type: String, desc: 'The content of the snippet'
+        optional :code, type: String, allow_blank: false, desc: 'The content of the snippet'
        optional :description, type: String, desc: 'The description of a snippet'
        optional :visibility, type: String,
                              values: Gitlab::VisibilityLevel.string_values,
--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
@ -116,6 +116,14 @@ describe API::ProjectSnippets do
      expect(response).to have_gitlab_http_status(400)
    end

+    it 'returns 400 for empty code field' do
+      params[:code] = ''
+
+      post api("/projects/#{project.id}/snippets/", admin), params
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+
    context 'when the snippet is spam' do
      def create_snippet(project, snippet_params = {})
        project.add_developer(user)
@ -180,6 +188,14 @@ describe API::ProjectSnippets do
      expect(response).to have_gitlab_http_status(400)
    end

+    it 'returns 400 for empty code field' do
+      new_content = ''
+
+      put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+
    context 'when the snippet is spam' do
      def update_snippet(snippet_params = {})
        put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), snippet_params