Querying to filter the shows by a non-existing id leaks information

Using the feature/api-docs branch for !21 (merged) after applying the migration and creating a show using the REST API.

Querying for shows and filtering using a the id of a non-existent object, returns a 400 status and leaks information, that this is not a valid id:

http -p=hb ":8000/api/v1/shows/?type=99"
HTTP/1.1 400 Bad Request
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 118
Content-Type: application/json
Date: Fri, 25 Mar 2022 22:35:47 GMT
Server: WSGIServer/0.2 CPython/3.9.12
Vary: Accept, Origin

{
    "type": [
        {
            "code": "invalid_choice",
            "message": "Bitte eine gültige Auswahl treffen. Dies ist keine gültige Auswahl."
        }
    ]
}

This applies for ?category, ?host, ?language, ?musicfocus, ?owner, ?topic and ?type.

I would expect to get a 200 status and an empty list.

A query with ?language, and a non-existent id return a 200 status and an empty list.

changed milestone to %1.0-alpha2 — Precise Pheasant

assigned to @kmohrf

I reasoned that since all of the collections for which filters are available are public anyway it might be a good idea to ensure that the values used in filters do actually exist.

But I guess an argument can be made either way. I’ll gladly change it tomorrow.

mentioned in commit a5239bfb

closed

Tomorrow being the next workday

mentioned in commit 6a9e9690