fix and unit test

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

Author: shwstppr

server/src/main/java/com/cloud/api/ApiServlet.java

@@ -482,7 +482,7 @@ private boolean checkIfAuthenticatorIsOf2FA(String command) {
         return verify2FA;
     }
 
-    private boolean isStateChangingCommandNotUsingPOST(String command, String method, Map<String, Object[]> params) {
+    protected boolean isStateChangingCommandNotUsingPOST(String command, String method, Map<String, Object[]> params) {
         if (BaseCmd.HTTPMethod.POST.toString().equalsIgnoreCase(method)) {
             return false;
         }
@@ -503,8 +503,9 @@ private boolean isStateChangingCommandNotUsingPOST(String command, String method
                 GET_REQUEST_COMMANDS.matcher(command.toLowerCase()).matches()) {
             return false;
         }
-        return !params.containsKey("name")
-                || !ApiServer.EnforcePostRequestsAndTimestamps.key().equalsIgnoreCase(params.get("name")[0].toString());
+        return !command.equalsIgnoreCase("updateConfiguration") ||
+                !params.containsKey("name") ||
+                !ApiServer.EnforcePostRequestsAndTimestamps.key().equalsIgnoreCase(params.get("name")[0].toString());
     }
 
     protected boolean skip2FAcheckForAPIs(String command) {

server/src/test/java/com/cloud/api/ApiServletTest.java

@@ -16,22 +16,30 @@
 // under the License.
 package com.cloud.api;
 
-import com.cloud.api.auth.ListUserTwoFactorAuthenticatorProvidersCmd;
-import com.cloud.api.auth.SetupUserTwoFactorAuthenticationCmd;
-import com.cloud.api.auth.ValidateUserTwoFactorAuthenticationCodeCmd;
-import com.cloud.server.ManagementServer;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManagerImpl;
-import com.cloud.user.AccountService;
-import com.cloud.user.User;
-import com.cloud.user.UserAccount;
-import com.cloud.utils.HttpUtils;
-import com.cloud.vm.UserVmManager;
+import static org.mockito.ArgumentMatchers.nullable;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.net.InetAddress;
+import java.net.URLEncoder;
+import java.net.UnknownHostException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.auth.APIAuthenticationManager;
 import org.apache.cloudstack.api.auth.APIAuthenticationType;
 import org.apache.cloudstack.api.auth.APIAuthenticator;
 import org.apache.cloudstack.api.command.admin.config.ListCfgsByCmd;
+import org.apache.cloudstack.api.command.admin.offering.IsAccountAllowedToCreateOfferingsWithTagsCmd;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.junit.After;
 import org.junit.Assert;
@@ -42,21 +50,17 @@
 import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnitRunner;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.Field;
-import java.net.InetAddress;
-import java.net.URLEncoder;
-import java.net.UnknownHostException;
-import java.util.HashMap;
-import java.util.Map;
-
-import static org.mockito.ArgumentMatchers.nullable;
+import com.cloud.api.auth.ListUserTwoFactorAuthenticatorProvidersCmd;
+import com.cloud.api.auth.SetupUserTwoFactorAuthenticationCmd;
+import com.cloud.api.auth.ValidateUserTwoFactorAuthenticationCodeCmd;
+import com.cloud.server.ManagementServer;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManagerImpl;
+import com.cloud.user.AccountService;
+import com.cloud.user.User;
+import com.cloud.user.UserAccount;
+import com.cloud.utils.HttpUtils;
+import com.cloud.vm.UserVmManager;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ApiServletTest {
@@ -432,4 +436,88 @@ public void testVerify2FAWhenExpectedCommandIsNotCalled() throws UnknownHostExce
 
         Assert.assertEquals(false, result);
     }
+
+    @Test
+    public void isStateChangingCommandNotUsingPOSTReturnsFalseForPostMethod() {
+        String command = "updateConfiguration";
+        String method = "POST";
+        Map<String, Object[]> params = new HashMap<>();
+
+        boolean result = servlet.isStateChangingCommandNotUsingPOST(command, method, params);
+
+        Assert.assertFalse(result);
+    }
+
+    @Test
+    public void isStateChangingCommandNotUsingPOSTReturnsTrueForNullCommandAndMethod() {
+        String command = null;
+        String method = null;
+        Map<String, Object[]> params = new HashMap<>();
+
+        boolean result = servlet.isStateChangingCommandNotUsingPOST(command, method, params);
+
+        Assert.assertTrue(result);
+    }
+
+    @Test
+    public void isStateChangingCommandNotUsingPOSTReturnsFalseForGetHttpMethodAnnotation() {
+        String command = "isAccountAllowedToCreateOfferingsWithTags";
+        String method = "GET";
+        Map<String, Object[]> params = new HashMap<>();
+        Class<?> cmdClass = IsAccountAllowedToCreateOfferingsWithTagsCmd.class;
+        APICommand apiCommand = cmdClass.getAnnotation(APICommand.class);
+        Mockito.doReturn(cmdClass).when(apiServer).getCmdClass(command);
+        Assert.assertNotNull(apiCommand);
+        Assert.assertEquals("GET", apiCommand.httpMethod());
+        boolean result = servlet.isStateChangingCommandNotUsingPOST(command, method, params);
+        Assert.assertFalse(result);
+    }
+
+    @Test
+    public void isStateChangingCommandNotUsingPOSTReturnsFalseForMatchingGetRequestPattern() {
+        String command = "listZones";
+        String method = "GET";
+        Map<String, Object[]> params = new HashMap<>();
+        boolean result = servlet.isStateChangingCommandNotUsingPOST(command, method, params);
+        Assert.assertFalse(result);
+    }
+
+    @Test
+    public void isStateChangingCommandNotUsingPOSTReturnsTrueForMissingNameParameter() {
+        String command = "updateConfiguration";
+        String method = "GET";
+        Map<String, Object[]> params = new HashMap<>();
+        boolean result = servlet.isStateChangingCommandNotUsingPOST(command, method, params);
+        Assert.assertTrue(result);
+    }
+
+    @Test
+    public void isStateChangingCommandNotUsingPOSTReturnsFalseForUpdateConfigurationEnforcePostRequestsKey() {
+        String command = "updateConfiguration";
+        String method = "GET";
+        Map<String, Object[]> params = new HashMap<>();
+        params.put("name", new String[] { ApiServer.EnforcePostRequestsAndTimestamps.key() });
+        boolean result = servlet.isStateChangingCommandNotUsingPOST(command, method, params);
+        Assert.assertFalse(result);
+    }
+
+    @Test
+    public void isStateChangingCommandNotUsingPOSTReturnsFalseForWrongApiEnforcePostRequestsKey() {
+        String command = "updateSomeApi";
+        String method = "GET";
+        Map<String, Object[]> params = new HashMap<>();
+        params.put("name", new String[] { ApiServer.EnforcePostRequestsAndTimestamps.key() });
+        boolean result = servlet.isStateChangingCommandNotUsingPOST(command, method, params);
+        Assert.assertTrue(result);
+    }
+
+    @Test
+    public void isStateChangingCommandNotUsingPOSTReturnsFalseForUpdateConfigurationNonEnforcePostRequestsKey() {
+        String command = "updateConfiguration";
+        String method = "GET";
+        Map<String, Object[]> params = new HashMap<>();
+        params.put("name", new String[] { "key" });
+        boolean result = servlet.isStateChangingCommandNotUsingPOST(command, method, params);
+        Assert.assertTrue(result);
+    }
 }