Phillip Davis created
When jparams['to'] is an empty array, return 400 instead of
falling through to message construction.sgx-bwmsgsv2.rb | 1 +
test/test_webhook_handler.rb | 23 +++++++++++++++++++++++
2 files changed, 24 insertions(+)
@@ -1011,6 +1011,7 @@ class WebhookHandler < Goliath::API
return [400, {}, "Missing params\n"] unless users_num && others_num
return [400, {}, "Missing params\n"] unless jparams['to'].is_a?(Array)
+ return [400, {}, "Missing params\n"] if jparams['to'].empty?
puts "BODY - messageId: #{jparams['id']}" \
", eventType: #{type}" \
@@ -272,4 +272,27 @@ class WebhookHandlerTest < Minitest::Test
)
end
em :test_message_received_single_recipient_text_stanza
+
+ def test_message_received_zero_recipients_writes_no_stanza
+ payload = {
+ "type" => "message-received",
+ "to" => "+15550000000",
+ "message" => {
+ "id" => "bw-in-zero-001",
+ "direction" => "in",
+ "owner" => "+15550000000",
+ "from" => "+15551234567",
+ "to" => [],
+ "time" => "2025-01-13T10:00:00Z",
+ "text" => "Hello with empty to"
+ }
+ }
+
+ result = invoke_webhook(payload)
+ assert_equal [400, {}, "Missing params\n"], result
+ assert_empty written
+ entries = REDIS.stream_entries("messages").sync
+ assert_equal 0, entries.length
+ end
+ em :test_message_received_zero_recipients_writes_no_stanza
end