From 5a978f07a51735e9f2a73c47378bc21812121455 Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Tue, 10 May 2022 22:05:08 +1000 Subject: [PATCH 1/6] Fix error response in barcode API --- InvenTree/barcodes/plugins/inventree_barcode.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/InvenTree/barcodes/plugins/inventree_barcode.py b/InvenTree/barcodes/plugins/inventree_barcode.py index 5df71cb776..122de51260 100644 --- a/InvenTree/barcodes/plugins/inventree_barcode.py +++ b/InvenTree/barcodes/plugins/inventree_barcode.py @@ -83,7 +83,7 @@ class InvenTreeBarcodePlugin(BarcodePlugin): item = StockItem.objects.get(pk=pk) return item except (ValueError, StockItem.DoesNotExist): # pragma: no cover - raise ValidationError({k, "Stock item does not exist"}) + raise ValidationError({k: "Stock item does not exist"}) return None From 6766343f8fa412d7f75a26bd803323fe8b664265 Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Tue, 10 May 2022 22:05:59 +1000 Subject: [PATCH 2/6] Update API version --- InvenTree/InvenTree/api_version.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/InvenTree/InvenTree/api_version.py b/InvenTree/InvenTree/api_version.py index 86f41816b2..674cf7d78b 100644 --- a/InvenTree/InvenTree/api_version.py +++ b/InvenTree/InvenTree/api_version.py @@ -4,11 +4,14 @@ InvenTree API version information # InvenTree API version -INVENTREE_API_VERSION = 46 +INVENTREE_API_VERSION = 47 """ Increment this API version number whenever there is a significant change to the API that any clients need to know about +v47 -> 2022-05-10 : https://github.com/inventree/InvenTree/pull/2964 + - Fixes barcode API error response when scanning a StockItem which does not exist + v46 -> 2022-05-09 - Fixes read permissions on settings API - Allows non-staff users to read global settings via the API From 235954af187d774f26d33797c1e05254bc7f2abd Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Tue, 10 May 2022 22:08:23 +1000 Subject: [PATCH 3/6] Add unit test for invalid item --- InvenTree/barcodes/tests.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/InvenTree/barcodes/tests.py b/InvenTree/barcodes/tests.py index 18d4e77d20..73bf066fb0 100644 --- a/InvenTree/barcodes/tests.py +++ b/InvenTree/barcodes/tests.py @@ -106,6 +106,23 @@ class BarcodeAPITest(APITestCase): self.assertIn('barcode_data', response.data) self.assertEqual(response.data['stockitem']['pk'], 1) + def test_invalid_item(self): + """Test response for invalid stock item""" + + response = self.client.post( + self.scan_url, + { + 'barcode': { + 'stockitem': 999999999, + } + }, + format='json' + ) + + self.assertEqual(response.status_code, 400) + + self.assertEqual(response.data['stockitem'], 'Stock item does not exist') + def test_find_location(self): """ Test that we can lookup a stock location based on ID From a6703df3c7e74960249764dd3ce7525a346fef8e Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Tue, 10 May 2022 22:10:56 +1000 Subject: [PATCH 4/6] More fixes and unit tests --- InvenTree/InvenTree/api_version.py | 1 + .../barcodes/plugins/inventree_barcode.py | 6 ++-- InvenTree/barcodes/tests.py | 34 +++++++++++++++++++ 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/InvenTree/InvenTree/api_version.py b/InvenTree/InvenTree/api_version.py index 674cf7d78b..e391a00bd1 100644 --- a/InvenTree/InvenTree/api_version.py +++ b/InvenTree/InvenTree/api_version.py @@ -11,6 +11,7 @@ Increment this API version number whenever there is a significant change to the v47 -> 2022-05-10 : https://github.com/inventree/InvenTree/pull/2964 - Fixes barcode API error response when scanning a StockItem which does not exist + - Fixes barcode API error response when scanning a StockLocation which does not exist v46 -> 2022-05-09 - Fixes read permissions on settings API diff --git a/InvenTree/barcodes/plugins/inventree_barcode.py b/InvenTree/barcodes/plugins/inventree_barcode.py index 122de51260..604936c216 100644 --- a/InvenTree/barcodes/plugins/inventree_barcode.py +++ b/InvenTree/barcodes/plugins/inventree_barcode.py @@ -111,7 +111,7 @@ class InvenTreeBarcodePlugin(BarcodePlugin): loc = StockLocation.objects.get(pk=pk) return loc except (ValueError, StockLocation.DoesNotExist): # pragma: no cover - raise ValidationError({k, "Stock location does not exist"}) + raise ValidationError({k: "Stock location does not exist"}) return None @@ -132,12 +132,12 @@ class InvenTreeBarcodePlugin(BarcodePlugin): try: pk = self.data[k]['id'] except (AttributeError, KeyError): - raise ValidationError({k, 'id parameter not supplied'}) + raise ValidationError({k: 'id parameter not supplied'}) try: part = Part.objects.get(pk=pk) return part except (ValueError, Part.DoesNotExist): # pragma: no cover - raise ValidationError({k, 'Part does not exist'}) + raise ValidationError({k: 'Part does not exist'}) return None diff --git a/InvenTree/barcodes/tests.py b/InvenTree/barcodes/tests.py index 73bf066fb0..2834559fc8 100644 --- a/InvenTree/barcodes/tests.py +++ b/InvenTree/barcodes/tests.py @@ -86,6 +86,23 @@ class BarcodeAPITest(APITestCase): self.assertIn('barcode_data', response.data) self.assertEqual(response.data['part']['pk'], 1) + def test_invalid_part(self): + """Test response for invalid part""" + response = self.client.post( + self.scan_url, + { + 'barcode': { + 'part': 999999999, + } + }, + format='json' + ) + + self.assertEqual(response.status_code, 400) + + self.assertEqual(response.data['part'], 'Part does not exist') + + def test_find_stock_item(self): """ Test that we can lookup a stock item based on ID @@ -143,6 +160,23 @@ class BarcodeAPITest(APITestCase): self.assertIn('barcode_data', response.data) self.assertEqual(response.data['stocklocation']['pk'], 1) + def test_invalid_location(self): + """Test response for an invalid location""" + + response = self.client.post( + self.scan_url, + { + 'barcode': { + 'stocklocation': 999999999, + } + }, + format='json' + ) + + self.assertEqual(response.status_code, 400) + + self.assertEqual(response.data['stocklocation'], 'Stock location does not exist') + def test_integer_barcode(self): response = self.postBarcode(self.scan_url, '123456789') From 9658f47e939324f5726cf4eae14fb593b79ded89 Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Tue, 10 May 2022 22:32:44 +1000 Subject: [PATCH 5/6] PEP fix --- InvenTree/barcodes/tests.py | 1 - 1 file changed, 1 deletion(-) diff --git a/InvenTree/barcodes/tests.py b/InvenTree/barcodes/tests.py index 2834559fc8..b092e7eb32 100644 --- a/InvenTree/barcodes/tests.py +++ b/InvenTree/barcodes/tests.py @@ -102,7 +102,6 @@ class BarcodeAPITest(APITestCase): self.assertEqual(response.data['part'], 'Part does not exist') - def test_find_stock_item(self): """ Test that we can lookup a stock item based on ID From bb5d6815df69147b3d3ffd4f8ef06fd857dd4469 Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Tue, 10 May 2022 23:24:32 +1000 Subject: [PATCH 6/6] Mark inventree home directory as safe for git. Ref: https://github.blog/2022-04-12-git-security-vulnerability-announced/ --- docker/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 63535bd83d..cefd2c2b61 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -95,6 +95,9 @@ RUN echo "Downloading InvenTree from ${INVENTREE_GIT_REPO}" RUN git clone --branch ${INVENTREE_GIT_BRANCH} --depth 1 ${INVENTREE_GIT_REPO} ${INVENTREE_HOME} +# Ref: https://github.blog/2022-04-12-git-security-vulnerability-announced/ +RUN git config --global --add safe.directory ${INVENTREE_HOME} + # Checkout against a particular git tag RUN if [ -n "${INVENTREE_GIT_TAG}" ] ; then cd ${INVENTREE_HOME} && git fetch --all --tags && git checkout tags/${INVENTREE_GIT_TAG} -b v${INVENTREE_GIT_TAG}-branch ; fi