I'm starting to develop against the REST API and found what might be a bug in the validation process.
Sending a POST request with an "empty" payload returns 201 (created):
http://localhost:8001/3.1/domains
Since "mail_host" should be required at minimum to create a domain, this seems like there may be a bug with the REST API. The workaround for the moment is to add validation at the application layer, but the API should really be returning a 4xx code and error respectively.
On 2/14/25 11:10, Peter Knowles via Mailman-users wrote:
I'm starting to develop against the REST API and found what might be a bug in the validation process.
Sending a POST request with an "empty" payload returns 201 (created):
What Mailman version is this?
With the current head of the GitLab branch, I get
$ curl -urestadmin:restpass \
--request POST
http://localhost:8001/3.1/domains {"title": "400 Bad Request", "description": "Missing Parameter: mail_host"}
This may have been fixed for Mailman 3.3.10 by https://gitlab.com/mailman/mailman/-/merge_requests/1186 although it isn't clear to me why that would change this behavior. The only other recent change is https://gitlab.com/mailman/mailman/-/merge_requests/1320 and I can't see that changing this behavior.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark,
Sorry, I should have provided more details about my environment.
Distro: Debian 12 Mailman Core: 3.3.10 Python: 3.11.2
Using your CURL example on my install, I too get the same error response. Perhaps there's some logic error within my PHP code. Guess there might be some additional debugging required on my end.
Mark,
I can reproduce the bug via CURL:
curl -u restadmin:restpass
http://localhost:8001/3.1/domains
--request POST
-d mail_host=
Basically providing the "mail_host" param, but leaving it empty causes the command to return successful, therefore creating an "empty" domain entry.
Ideally the REST API should check to see if the param is empty, or for that matter "valid" before accepting it.
Another test just run with "-d mail_host=test@test.com" also returned successful, therefore allowing an "invalid" domain.
On 2/14/25 23:30, Peter Knowles via Mailman-users wrote:
Basically providing the "mail_host" param, but leaving it empty causes the command to return successful, therefore creating an "empty" domain entry.
Ideally the REST API should check to see if the param is empty, or for that matter "valid" before accepting it.
Another test just run with "-d mail_host=test@test.com" also returned successful, therefore allowing an "invalid" domain.
Thanks for reporting. I have filed https://gitlab.com/mailman/mailman/-/issues/1202 for this.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Mark Sapiro -
Peter Knowles