Merge pull request #31 from AryanK1511/issue-13

Pradyuman7 · web-flow · commit 18b6f898c908 · 2025-05-23T14:27:16.000+01:00
Add input validation for resume API endpoints
diff --git a/app.py b/app.py
@@ -3,6 +3,7 @@
 '''
 from flask import Flask, jsonify, request
 from models import Experience, Education, Skill
+from utils import validate_data
 
 app = Flask(__name__)
 
@@ -63,22 +64,24 @@ def experience():
         return jsonify(data['experience']), 200
 
     if request.method == 'POST':
-        experience_data = request.get_json()
-        # Validate the json data
-        if not all(key in experience_data for key in ['title', 'company', 'start_date',
-                                                      'end_date', 'description', 'logo']):
-            return jsonify({"error": "Missing required fields"}), 400
-
-        new_experience = Experience(
-            experience_data['title'],
-            experience_data['company'],
-            experience_data['start_date'],
-            experience_data['end_date'],
-            experience_data['description'],
-            experience_data['logo']
-        )
-        data['experience'].append(new_experience)
-        return jsonify({"id": len(data['experience']) - 1}), 201
+        try:
+            experience_data = request.get_json()
+            is_valid, error_message = validate_data('experience', experience_data)
+            if not is_valid:
+                return jsonify({"error": error_message}), 400
+
+            new_experience = Experience(
+                experience_data['title'],
+                experience_data['company'],
+                experience_data['start_date'],
+                experience_data['end_date'],
+                experience_data['description'],
+                experience_data['logo']
+            )
+            data['experience'].append(new_experience)
+            return jsonify({"id": len(data['experience']) - 1}), 201
+        except (TypeError, ValueError, KeyError):
+            return jsonify({"error": "Invalid data format"}), 400
 
     return jsonify({"error": "Method not allowed"}), 405
 
@@ -114,7 +117,18 @@ def education():
         return jsonify(data['education']), 200
 
     if request.method == 'POST':
-        return jsonify({}), 201
+        try:
+            education_data = request.get_json()
+            is_valid, error_message = validate_data('education', education_data)
+            if not is_valid:
+                return jsonify({"error": error_message}), 400
+            # pylint: disable=fixme
+            # TODO: Create new Education object with education_data
+            # TODO: Append new education to data['education']
+            # TODO: Return jsonify({"id": len(data['education']) - 1}), 201
+            return jsonify({}), 201
+        except (TypeError, ValueError, KeyError):
+            return jsonify({"error": "Invalid data format"}), 400
 
     return jsonify({})
 
@@ -155,9 +169,20 @@ def skill():
         Returns 405 if method is not allowed.
     """
     if request.method == 'GET':
-        return jsonify({})
+        return jsonify(data['skill']), 200
 
     if request.method == 'POST':
-        return jsonify({})
+        try:
+            skill_data = request.get_json()
+            is_valid, error_message = validate_data('skill', skill_data)
+            if not is_valid:
+                return jsonify({"error": error_message}), 400
+            # pylint: disable=fixme
+            # TODO: Create new Skill object with skill_data
+            # TODO: Append new skill to data['skill']
+            # TODO: Return jsonify({"id": len(data['skill']) - 1}), 201
+            return jsonify({}), 201
+        except (TypeError, ValueError, KeyError):
+            return jsonify({"error": "Invalid data format"}), 400
 
     return jsonify({})
diff --git a/test_pytest.py b/test_pytest.py
@@ -224,3 +224,52 @@ def test_skill():
 
     response = app.test_client().get('/resume/skill')
     assert response.json[item_id] == example_skill
+
+
+def test_invalid_input_validation():
+    '''
+    Test that the API properly validates input data for POST requests
+    '''
+    client = app.test_client()
+    # Test invalid experience
+    invalid_experience = {
+        "title": "Software Developer",
+        # Missing required fields
+    }
+    response = client.post('/resume/experience', json=invalid_experience)
+    assert response.status_code == 400
+    assert "error" in response.json
+    assert "Missing required fields" in response.json["error"]
+    assert "company" in response.json["error"]
+    assert "start_date" in response.json["error"]
+    assert "end_date" in response.json["error"]
+    assert "description" in response.json["error"]
+    assert "logo" in response.json["error"]
+    # Test invalid education
+    invalid_education = {
+        "course": "Computer Science",
+        # Missing required fields
+    }
+    response = client.post('/resume/education', json=invalid_education)
+    assert response.status_code == 400
+    assert "error" in response.json
+    assert "Missing required fields" in response.json["error"]
+    assert "school" in response.json["error"]
+    assert "start_date" in response.json["error"]
+    assert "end_date" in response.json["error"]
+    assert "grade" in response.json["error"]
+    assert "logo" in response.json["error"]
+    # Test invalid skill
+    invalid_skill = {
+        "name": "Python",
+        # Missing required fields
+    }
+    response = client.post('/resume/skill', json=invalid_skill)
+    assert response.status_code == 400
+    assert "error" in response.json
+    assert "Missing required fields" in response.json["error"]
+    assert "proficiency" in response.json["error"]
+    assert "logo" in response.json["error"]
+    # Test invalid data format
+    response = client.post('/resume/experience', data="not json")
+    assert response.status_code == 415
diff --git a/utils.py b/utils.py
@@ -0,0 +1,35 @@
+'''
+Utility functions
+'''
+
+# Define required fields for each type
+REQUIRED_FIELDS = {
+    'experience': ['title', 'company', 'start_date', 'end_date', 'description', 'logo'],
+    'education': ['course', 'school', 'start_date', 'end_date', 'grade', 'logo'],
+    'skill': ['name', 'proficiency', 'logo']
+}
+
+def validate_data(data_type, data):
+    '''
+    Validates that all required fields are present in the data
+    
+    Parameters
+    ----------
+    data_type : str
+        The type of data being validated ('experience', 'education', or 'skill')
+    data : dict
+        The data to validate
+        
+    Returns
+    -------
+    tuple
+        (bool, str) - (is_valid, error_message)
+    '''
+    if data is None:
+        return False, "Invalid data format"
+    if not isinstance(data, dict):
+        return False, "Invalid data format"
+    missing_fields = [field for field in REQUIRED_FIELDS[data_type] if field not in data]
+    if missing_fields:
+        return False, f"Missing required fields: {', '.join(missing_fields)}"
+    return True, None
