Potential problem with ownMaterialNumbers in request params of endpoints

[eschrewe]

Description

The ownMaterialNumber attribute of the Material entity is a string, which may contain many kinds of characters. And not all of these characters are suitable for URL-encoding.

Current behaviour

Several endpoints in the PURIS backend (for example the triggerXXXUpdateForMaterialNumber methods, the trigger endpoint of the ErpAdapterController and possibly several others...) are expecting an ownMaterialNumber as a plain String.
There is a risk that the parameter data arrives in malformed on the backend-side, or that the sending of the request on the frontend-side may fail.

After skimming through the swagger UI, I think the following endpoints are affected (as of today: Jul 12 2024):

• /erp-adapter/trigger
• /stockView/update-reported-product-stocks
• /stockView/update-reported-material-stocks
• /stockView/supplier
• /stockView/reported-product-stocks
• /stockView/reported-material-stocks
• /stockView/materialnumbers-mapping
• /stockView/customer
• /production
• /production/reported
• /production/reported/refresh
• /materials (GET)
• /materialpartnerrelations (PUT and POST)
• /demand /GET)
• /demand/reported
• /demand/reported/refresh
• /delivery
• /delivery/reported/refresh

Expected behavior

Use Base64.
I.e. insert a Base64 decoder on the backend side in the respective endpoint.
And respectively on the frontendside use a Base64 encoder, in all places, where one of the affected backend endpoint is called.