chore: Remove unexpected fields in action update payload#33731
Merged
chore: Remove unexpected fields in action update payload#33731
Conversation
github-actions
bot
added
the
skip-changelog
Contributor
WalkthroughWalkthroughThe recent updates to Changes
Sequence Diagram(s) (Beta)sequenceDiagram
participant Client
participant ActionAPI
Client->>ActionAPI: Update Action Request
ActionAPI-->>Client: Action Update Response
Recent Review DetailsConfiguration used: CodeRabbit UI Files selected for processing (1)
Files skipped from review as they are similar to previous changes (1)
Warning Review ran into problemsProblems (1)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
Outside diff range and nitpick comments (3)
app/client/src/api/ActionAPI.tsx (3)
Line range hint
178-178: Use template literals for string concatenation.Using template literals can improve readability and maintainability of the code. Replace string concatenation with template literals.
- return API.put(ActionAPI.url + "/refactor", updateActionNameRequest); + return API.put(`${ActionAPI.url}/refactor`, updateActionNameRequest); - return API.post(ActionAPI.url + "/execute", executeAction, undefined, { + return API.post(`${ActionAPI.url}/execute`, executeAction, undefined, { - return API.delete(`${ActionAPI.url}/${id}`); + return API.delete(`${ActionAPI.url}/${id}`); - return API.put(ActionAPI.url + "/move", moveRequest, undefined, { + return API.put(`${ActionAPI.url}/move`, moveRequest, undefined, {Also applies to: 188-188, 214-214, 223-223
Line range hint
206-209: Clarify usage ofthisin static context.Using
thisin static methods can be confusing as it does not refer to an instance of the class but to the class itself. Consider using the class nameActionAPIinstead ofthisfor clarity.- return this.executeApiCall(executeAction, timeout); + return ActionAPI.executeApiCall(executeAction, timeout);
Line range hint
125-227: Consider refactoring the class to avoid only static members.Classes that contain only static members can sometimes be better represented as a module with exported functions, especially in JavaScript/TypeScript. This can improve modularity and testability of the code.
riodeuno
approved these changes
May 27, 2024
sharat87
added a commit
that referenced
this pull request
Jun 27, 2024
Currently, if the incoming request body contains fields that aren't recognized by the backend, we just ignore them, and deserialize what we _can_. This has lead to subtle bugs and wasted a lot of developer time in the past, and added little value in return. Most recently, with application creation, now fixed in #33722. Another one, for action creation, client sends this in `eventData` field of the request body:  But the class defined for `eventData` is this:  Clearly isn't working. This PR enabled the `FAIL_ON_UNKNOWN_PROPERTIES` setting only for the deserialization of HTTP request payloads. It shouldn't have impact on other deserializations like those for Git, and those that load resource files. Primarily to limit the scope. This should also bring in some much-needed type strictness to the client as well. So far, server has been lax in accepting just any fields in the incoming request body, so client was able to afford being lax about the object that was sent up. We're enabling this restriction only for CE currently. Will be opening a similar PR on EE and once all tests pass there, we enable for EE as well. Depends on #33728 #33730 #33731 #34366 #34405 #34446 #34473 #34506 Run No. 1 > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/9685619413> > Commit: 04e225f > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9685619413&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `` **/test all** <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/9690185000> > Commit: 29da8b4 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9690185000&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `` <!-- end of auto-generated comment: Cypress test results --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added `certificateType` property to datasources for enhanced SSL configuration options. - **Enhancements** - Improved JSON deserialization behavior for better data handling and flexibility. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Shivam-z
pushed a commit
to Shivam-z/appsmith
that referenced
this pull request
Jul 10, 2024
Currently, if the incoming request body contains fields that aren't recognized by the backend, we just ignore them, and deserialize what we _can_. This has lead to subtle bugs and wasted a lot of developer time in the past, and added little value in return. Most recently, with application creation, now fixed in appsmithorg#33722. Another one, for action creation, client sends this in `eventData` field of the request body:  But the class defined for `eventData` is this:  Clearly isn't working. This PR enabled the `FAIL_ON_UNKNOWN_PROPERTIES` setting only for the deserialization of HTTP request payloads. It shouldn't have impact on other deserializations like those for Git, and those that load resource files. Primarily to limit the scope. This should also bring in some much-needed type strictness to the client as well. So far, server has been lax in accepting just any fields in the incoming request body, so client was able to afford being lax about the object that was sent up. We're enabling this restriction only for CE currently. Will be opening a similar PR on EE and once all tests pass there, we enable for EE as well. Depends on appsmithorg#33728 appsmithorg#33730 appsmithorg#33731 appsmithorg#34366 appsmithorg#34405 appsmithorg#34446 appsmithorg#34473 appsmithorg#34506 Run No. 1 > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/9685619413> > Commit: 04e225f > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9685619413&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `` **/test all** <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/9690185000> > Commit: 29da8b4 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9690185000&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `` <!-- end of auto-generated comment: Cypress test results --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added `certificateType` property to datasources for enhanced SSL configuration options. - **Enhancements** - Improved JSON deserialization behavior for better data handling and flexibility. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For action update API, client is sending in some fields that the server isn't expecting. As part of tightening what the server accepts in APIs for better security testing, this PR removes these unexpected fields, and sends only what the server knows about, and expects.
/test sanity datasource
Tip
🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
Workflow run: https://github.com/appsmithorg/appsmith/actions/runs/9250048039
Commit: f0f1925
Cypress dashboard url: Click here!