Tighten location request validation

2026-04-19 23:18:20 +02:00
parent 1a2f9c75d9
commit d0dc8e893a
5 changed files with 132 additions and 15 deletions
@@ -88,17 +88,115 @@ def test_location_record_endpoint_rejects_unknown_fields(location_client) -> Non
    )

    assert response.status_code == 400
+    assert response.text == "bad request"
+    assert "extra" not in response.text
+    assert "ValidationError" not in response.text


-def test_location_record_endpoint_keeps_legacy_lenient_number_parsing(location_client) -> None:
-    client, engine = location_client
+def test_location_record_endpoint_rejects_missing_latitude(location_client) -> None:
+    client, _ = location_client
+
+    response = client.post(
+        "/location/record",
+        json={
+            "person": "tianyu",
+            "longitude": "4.56",
+        },
+    )
+
+    assert response.status_code == 400
+    assert response.text == "bad request"
+    assert "latitude" not in response.text
+
+
+def test_location_record_endpoint_rejects_missing_longitude(location_client) -> None:
+    client, _ = location_client
+
+    response = client.post(
+        "/location/record",
+        json={
+            "person": "tianyu",
+            "latitude": "1.23",
+        },
+    )
+
+    assert response.status_code == 400
+    assert response.text == "bad request"
+    assert "longitude" not in response.text
+
+
+def test_location_record_endpoint_rejects_invalid_latitude(location_client) -> None:
+    client, _ = location_client

    response = client.post(
        "/location/record",
        json={
            "person": "tianyu",
            "latitude": "bad-lat",
+            "longitude": "4.56",
+        },
+    )
+
+    assert response.status_code == 400
+    assert response.text == "bad request"
+    assert "bad-lat" not in response.text
+    assert "latitude" not in response.text
+
+
+def test_location_record_endpoint_rejects_invalid_longitude(location_client) -> None:
+    client, _ = location_client
+
+    response = client.post(
+        "/location/record",
+        json={
+            "person": "tianyu",
+            "latitude": "1.23",
            "longitude": "bad-long",
+        },
+    )
+
+    assert response.status_code == 400
+    assert response.text == "bad request"
+    assert "bad-long" not in response.text
+    assert "longitude" not in response.text
+
+
+def test_location_record_endpoint_defaults_missing_altitude_to_zero(location_client) -> None:
+    client, engine = location_client
+
+    response = client.post(
+        "/location/record",
+        json={
+            "person": "tianyu",
+            "latitude": "1.23",
+            "longitude": "4.56",
+        },
+    )
+
+    assert response.status_code == 200
+
+    with engine.connect() as conn:
+        row = conn.execute(
+            text(
+                "SELECT latitude, longitude, altitude "
+                "FROM location ORDER BY datetime DESC LIMIT 1"
+            )
+        ).one()
+
+    assert row.latitude == pytest.approx(1.23)
+    assert row.longitude == pytest.approx(4.56)
+    assert row.altitude == pytest.approx(0.0)
+
+
+def test_location_record_endpoint_defaults_invalid_altitude_to_zero(location_client) -> None:
+    client, engine = location_client
+
+    response = client.post(
+        "/location/record",
+        json={
+            "person": "tianyu",
+            "latitude": "1.23",
+            "longitude": "4.56",
            "altitude": "bad-alt",
        },
    )
@@ -113,8 +211,8 @@ def test_location_record_endpoint_keeps_legacy_lenient_number_parsing(location_c
            )
        ).one()

-    assert row.latitude == pytest.approx(0.0)
-    assert row.longitude == pytest.approx(0.0)
+    assert row.latitude == pytest.approx(1.23)
+    assert row.longitude == pytest.approx(4.56)
    assert row.altitude == pytest.approx(0.0)