search

dazzling-sky / COMP4111-project

COMP4111 project - RESTful Web Service for Library Book Management
https://course.cse.ust.hk/comp4111/project.html
0 stars 0 forks source link

[PUT /transaction] Putting a transaction with an invalid book is successful #18

Open Derppening opened 4 years ago

Derppening commented 4 years ago

Issue description

Submitting a PUT /transaction with an invalid book is successful.

Steps to reproduce this issue

Assuming the database is setup according to the README and web server is running:

  1. Login to the system with valid credentials
  2. Request a transaction ID with the token from above
  3. Submit a PUT /transaction request to the server with any book ID

What's the expected result?

What's the actual result?

curl -v -X PUT --data "{\"Transaction\": 2058, \"Book\": 1, \"Action\": \"return\"}" http://localhost:8081/BookManagementService/transaction\?token\=ccu6764
*   Trying ::1:8081...
* Connected to localhost (::1) port 8081 (#0)
> PUT /BookManagementService/transaction?token=ccu6764 HTTP/1.1
> Host: localhost:8081
> User-Agent: curl/7.70.0
> Accept: */*
> Content-Length: 52
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 52 out of 52 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 31 May 2020 14:25:14 GMT
< Server: Apache-HttpCore-NIO/1.1
< Content-Length: 0
< 
* Connection #0 to host localhost left intact
comp4111ta commented 4 years ago

the push operation does not check the validity of books, and in fact, the transaction never guarantees its successful execution. If the operation is valid itself, it is correct to respond 200.