frontend: validate JSON in migration request

Motivation:
if user provides bad JSON we should respond with BAD_REQUEST.

Modification:
Try to parse provided json and throw BadRequestException if invalid.

Result:
BAD_REQUEST instead of failure.`

Fixes: #7983
Acked-by: Paul Millar
Target: master
Require-book: no
Require-notes: yes

Author: kofemann

.ci/migrationEndpoint.http

@@ -272,6 +272,23 @@ Authorization: Basic {{username}} {{password}}
     });
 %}
 
+### copy endpoint - bad request on invalid json format
+POST {{frontend-door}}{{endpoint}}{{migrations}}/copy
+Content-Type: application/json
+Authorization: Basic {{username}} {{password}}
+
+{
+  "sourcePool": ,
+  "targetPools": ["]
+}
+
+> {%
+    client.test("Response is Bad request", function() {
+        client.assert(response.status === 400, "Expected 400, got " + response.status);
+    });
+%}
+
+
 ### copy endpoint - bad request when cocurrency is provided
 //FYI concurrency should be a whole number -- may need to modify this test in the future!
 POST {{frontend-door}}{{endpoint}}{{migrations}}/copy

modules/dcache-frontend/src/main/java/org/dcache/restful/resources/migration/MigrationResources.java

@@ -35,6 +35,7 @@
 import org.dcache.restful.providers.migrations.MigrationInfo;
 import org.dcache.restful.util.RequestUser;
 import org.json.JSONArray;
+import org.json.JSONException;
 import org.json.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -120,7 +121,13 @@ public Response submitMigrationCopy(@ApiParam(
         }
 
         // First convert to JSON.
-        JSONObject jsonPayload = new JSONObject(requestPayload);
+        JSONObject jsonPayload;
+        try {
+            jsonPayload = new JSONObject(requestPayload);
+        } catch (JSONException e) {
+            throw new BadRequestException("The request payload is not valid JSON.", e);
+        }
+
         LOGGER.info("JSON Request: {}", jsonPayload);
 
         if (!jsonPayload.has("sourcePool")) {