From edd6cd7a10a828c74565ba75559cc3967d7b1d40 Mon Sep 17 00:00:00 2001
From: Benoit Orihuela <benoit.orihuela@egm.io>
Date: Thu, 7 Dec 2023 13:42:28 +0100
Subject: [PATCH] fix: remove edge cases on some incorrect URLs and return a
 standard 405 error

---
 .../kotlin/com/egm/stellio/search/web/EntityHandler.kt   | 6 +-----
 .../com/egm/stellio/search/web/TemporalEntityHandler.kt  | 9 +--------
 .../com/egm/stellio/shared/web/ExceptionHandler.kt       | 3 +++
 .../egm/stellio/subscription/web/SubscriptionHandler.kt  | 8 --------
 4 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/search-service/src/main/kotlin/com/egm/stellio/search/web/EntityHandler.kt b/search-service/src/main/kotlin/com/egm/stellio/search/web/EntityHandler.kt
index d51a080b31..5a3d8fe0e1 100644
--- a/search-service/src/main/kotlin/com/egm/stellio/search/web/EntityHandler.kt
+++ b/search-service/src/main/kotlin/com/egm/stellio/search/web/EntityHandler.kt
@@ -287,10 +287,6 @@ class EntityHandler(
         { it }
     )
 
-    @DeleteMapping("/", "")
-    fun handleMissingEntityIdOnDelete(): ResponseEntity<*> =
-        missingPathErrorResponse("Missing entity id when trying to delete an entity")
-
     /**
      * Implements 6.6.3.1 - Append Entity Attributes
      *
@@ -488,7 +484,7 @@ class EntityHandler(
         { it }
     )
 
-    @DeleteMapping("/attrs/{attrId}", "/{entityId}/attrs")
+    @DeleteMapping("/attrs/{attrId}")
     fun handleMissingEntityIdOrAttributeOnDeleteAttribute(): ResponseEntity<*> =
         missingPathErrorResponse("Missing entity id or attribute id when trying to delete an attribute")
 
diff --git a/search-service/src/main/kotlin/com/egm/stellio/search/web/TemporalEntityHandler.kt b/search-service/src/main/kotlin/com/egm/stellio/search/web/TemporalEntityHandler.kt
index d56a883fc8..c8b6365498 100644
--- a/search-service/src/main/kotlin/com/egm/stellio/search/web/TemporalEntityHandler.kt
+++ b/search-service/src/main/kotlin/com/egm/stellio/search/web/TemporalEntityHandler.kt
@@ -247,14 +247,11 @@ class TemporalEntityHandler(
 
     @PatchMapping(
         "/attrs/{attrId}/{instanceId}",
-        "/{entityId}/attrs/{instanceId}",
         "/attrs/{instanceId}",
-        "/{entityId}/attrs",
-        "/attrs"
     )
     fun handleMissingParametersOnModifyInstanceTemporal(): ResponseEntity<*> =
         missingPathErrorResponse(
-            "Missing some parameter(entity id, attribute id, instance id) when trying to modify temporal entity"
+            "Missing some parameter (entity id, attribute id, instance id) when trying to modify temporal entity"
         )
 
     /**
@@ -277,10 +274,6 @@ class TemporalEntityHandler(
         { it }
     )
 
-    @DeleteMapping("/", "")
-    fun handleMissingEntityIdOnDeleteTemporalEntity(): ResponseEntity<*> =
-        missingPathErrorResponse("Missing entity id when trying to delete temporal entity")
-
     /**
      * Implements 6.21.3.1 - Delete Attribute from Temporal Representation of an Entity
      */
diff --git a/shared/src/main/kotlin/com/egm/stellio/shared/web/ExceptionHandler.kt b/shared/src/main/kotlin/com/egm/stellio/shared/web/ExceptionHandler.kt
index 77a0ff227a..412d791bf6 100644
--- a/shared/src/main/kotlin/com/egm/stellio/shared/web/ExceptionHandler.kt
+++ b/shared/src/main/kotlin/com/egm/stellio/shared/web/ExceptionHandler.kt
@@ -10,6 +10,7 @@ import org.springframework.http.ProblemDetail
 import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.ExceptionHandler
 import org.springframework.web.bind.annotation.RestControllerAdvice
+import org.springframework.web.server.MethodNotAllowedException
 import org.springframework.web.server.NotAcceptableStatusException
 import org.springframework.web.server.UnsupportedMediaTypeStatusException
 
@@ -65,6 +66,8 @@ class ExceptionHandler {
                 HttpStatus.NOT_ACCEPTABLE,
                 NotAcceptableResponse(cause.message)
             )
+            is MethodNotAllowedException ->
+                ResponseEntity.status(HttpStatus.METHOD_NOT_ALLOWED).body(cause.body)
             is NonexistentTenantException -> generateErrorResponse(
                 HttpStatus.NOT_FOUND,
                 NonexistentTenantResponse(cause.message)
diff --git a/subscription-service/src/main/kotlin/com/egm/stellio/subscription/web/SubscriptionHandler.kt b/subscription-service/src/main/kotlin/com/egm/stellio/subscription/web/SubscriptionHandler.kt
index b095949d91..c5f09d59d6 100644
--- a/subscription-service/src/main/kotlin/com/egm/stellio/subscription/web/SubscriptionHandler.kt
+++ b/subscription-service/src/main/kotlin/com/egm/stellio/subscription/web/SubscriptionHandler.kt
@@ -164,10 +164,6 @@ class SubscriptionHandler(
         { it }
     )
 
-    @PatchMapping("/", "")
-    fun handleMissingIdOnUpdate(): ResponseEntity<*> =
-        missingPathErrorResponse("Missing id when trying to update a subscription")
-
     /**
      * Implements 6.11.3.3 - Delete Subscription
      */
@@ -185,10 +181,6 @@ class SubscriptionHandler(
         { it }
     )
 
-    @DeleteMapping("/", "")
-    fun handleMissingIdOnDelete(): ResponseEntity<*> =
-        missingPathErrorResponse("Missing id when trying to delete a subscription")
-
     private suspend fun checkSubscriptionExists(subscriptionId: URI): Either<APIException, Unit> =
         subscriptionService.exists(subscriptionId)
             .flatMap {