Commit 0c66b6f8 authored by Abhishek Pandey's avatar Abhishek Pandey Committed by Nathan Heldt-Sheller

[Easy Setup] Reject UPDATE on not allowed property

Easy Setup Resource does not reject an UPDATE request to add a new Link

Currently only criteria to reject POST on EasySetup Resource
(/EasySetupResURI) is to check if properties are read-only. However,
the POST request may contain additional properties "href", "rep"
representing a link to be added in collection or any other unsupported
properties. Even though these properties are not updated, success
response is sent to client which is not appropriate and is flagged as
CTT failure.

This patch changes the validation logic on /EasySetupResURI for POST
on baseline interface to allow the POST only if payload contains
the writable property "cn". Update to any other property is rejected.

Change-Id: I33f6e7eda33481fa2137341f93b607a837ff5a87
Signed-off-by: default avatarAbhishek Pandey <>
parent 666d1d5c
......@@ -508,16 +508,19 @@ OCEntityHandlerResult updateEasySetupResource(OCEntityHandlerRequest* ehRequest,
else if (!strcmp(iface_name, OC_RSRVD_INTERFACE_DEFAULT))
OIC_LOG(DEBUG, ES_RH_TAG, "Handling POST request on default interface");
// If payload has read-only properties, then the request is considered as a bad request.
if (!OCRepPayloadIsNull(input, OC_RSRVD_ES_PROVSTATUS) ||
if (!OCRepPayloadIsNull(input, OC_RSRVD_ES_CONNECT))
OIC_LOG(ERROR, ES_RH_TAG, "Read-only property cannot be updated.");
ehResult = OC_EH_BAD_REQ;
// Payload contains "cn" property, so update it.
// Return error response for any property excluding writable
// property. e.g. readonly properties like "ps", "lec" or any
// links are not allowed in POST Request.
OIC_LOG(ERROR, ES_RH_TAG, "UPDATE for property not allowed!");
ehResult = OC_EH_BAD_REQ;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment