Island: Add a check for unimplemented credential collections

2022-07-12 13:33:37 +03:00 · 2022-07-12 13:33:37 +03:00 · bcd94773a0
parent a9e2dd2d3d
commit bcd94773a0
2 changed files with 28 additions and 3 deletions
--- a/monkey/monkey_island/cc/resources/propagation_credentials.py
+++ b/monkey/monkey_island/cc/resources/propagation_credentials.py
@ -21,8 +21,10 @@ class PropagationCredentials(AbstractResource):
            propagation_credentials = self._credentials_repository.get_configured_credentials()
        elif collection == _stolen_collection:
            propagation_credentials = self._credentials_repository.get_stolen_credentials()
-        else:
+        elif collection is None:
            propagation_credentials = self._credentials_repository.get_all_credentials()
+        else:
+            return {}, HTTPStatus.NOT_FOUND

        return make_response(Credentials.to_json_array(propagation_credentials), HTTPStatus.OK)

@ -33,8 +35,10 @@ class PropagationCredentials(AbstractResource):
            self._credentials_repository.save_configured_credentials(credentials)
        elif collection == _stolen_collection:
            self._credentials_repository.save_stolen_credentials(credentials)
-        else:
+        elif collection is None:
            return {}, HTTPStatus.METHOD_NOT_ALLOWED
+        else:
+            return {}, HTTPStatus.NOT_FOUND

        return {}, HTTPStatus.NO_CONTENT

@ -43,7 +47,9 @@ class PropagationCredentials(AbstractResource):
            self._credentials_repository.remove_configured_credentials()
        elif collection == _stolen_collection:
            self._credentials_repository.remove_stolen_credentials()
-        else:
+        elif collection is None:
            self._credentials_repository.remove_all_credentials()
+        else:
+            return {}, HTTPStatus.NOT_FOUND

        return {}, HTTPStatus.NO_CONTENT
--- a/monkey/tests/unit_tests/monkey_island/cc/resources/test_propagation_credentials.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/resources/test_propagation_credentials.py
@ -122,3 +122,22 @@ def test_stolen_propagation_credentials_endpoint_delete(flask_client, credential
 def test_propagation_credentials_endpoint__propagation_credentials_post_not_allowed(flask_client):
    resp = flask_client.post(ALL_CREDENTIALS_URL, json=[])
    assert resp.status_code == HTTPStatus.METHOD_NOT_ALLOWED
+
+
+def test_propagation_credentials_endpoint__not_found(flask_client):
+    non_existent_collection_url = urljoin(ALL_CREDENTIALS_URL, "bogus-credentials")
+
+    resp = flask_client.get(non_existent_collection_url)
+    assert resp.status_code == HTTPStatus.NOT_FOUND
+
+    resp = flask_client.post(
+        non_existent_collection_url,
+        json=[
+            Credentials.to_json(PROPAGATION_CREDENTIALS_2),
+            Credentials.to_json(PROPAGATION_CREDENTIALS_3),
+        ],
+    )
+    assert resp.status_code == HTTPStatus.NOT_FOUND
+
+    resp = flask_client.delete(non_existent_collection_url)
+    assert resp.status_code == HTTPStatus.NOT_FOUND