From 65a8d76612fe2852f7f65916fbca16cd073cb9d6 Mon Sep 17 00:00:00 2001 From: Madhu Kanoor Date: Wed, 13 Nov 2019 11:17:09 -0500 Subject: [PATCH 1/3] Allow for other content types other than application/json Rails can handle multiple content types like application/json, multipart/form-data. It parses them and builds the ActionController:: Parameters with the params that includes the path_parameters and query_parameters. During a post call where we try to get just the body parameters by reparsing the body, if we just exclude the path parameters from the params we wont have to reparse the request.body. Also the correct content-type needs to be sent to the openapi-parser. --- .../request_body_validation.rb | 11 +++++------ spec/dummy/config/initializers/wrap_parameters.rb | 14 -------------- spec/requests/request_body_validation_spec.rb | 10 ---------- 3 files changed, 5 insertions(+), 30 deletions(-) delete mode 100644 spec/dummy/config/initializers/wrap_parameters.rb diff --git a/lib/insights/api/common/application_controller_mixins/request_body_validation.rb b/lib/insights/api/common/application_controller_mixins/request_body_validation.rb index 670ac152..3ee1a6f2 100644 --- a/lib/insights/api/common/application_controller_mixins/request_body_validation.rb +++ b/lib/insights/api/common/application_controller_mixins/request_body_validation.rb @@ -18,11 +18,9 @@ def self.included(other) def body_params @body_params ||= begin - raw_body = request.body.read - parsed_body = raw_body.blank? ? {} : JSON.parse(raw_body) - ActionController::Parameters.new(parsed_body).permit! - rescue JSON::ParserError - raise Insights::API::Common::ApplicationControllerMixins::RequestBodyValidation::BodyParseError, "Failed to parse request body, expected JSON" + hash = params.permit!.to_h + request.path_parameters.keys.each { |key| hash.delete(key) } + ActionController::Parameters.new(hash).permit! end end @@ -38,7 +36,8 @@ def validate_request request.method, request.path, api_version, - body_params.as_json + body_params.to_h, + request.content_type ) end end diff --git a/spec/dummy/config/initializers/wrap_parameters.rb b/spec/dummy/config/initializers/wrap_parameters.rb deleted file mode 100644 index bbfc3961..00000000 --- a/spec/dummy/config/initializers/wrap_parameters.rb +++ /dev/null @@ -1,14 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# This file contains settings for ActionController::ParamsWrapper which -# is enabled by default. - -# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. -ActiveSupport.on_load(:action_controller) do - wrap_parameters format: [:json] -end - -# To enable root element in JSON for ActiveRecord objects. -# ActiveSupport.on_load(:active_record) do -# self.include_root_in_json = true -# end diff --git a/spec/requests/request_body_validation_spec.rb b/spec/requests/request_body_validation_spec.rb index 2e370a9c..bfe8b8c6 100644 --- a/spec/requests/request_body_validation_spec.rb +++ b/spec/requests/request_body_validation_spec.rb @@ -4,16 +4,6 @@ before { stub_const("ENV", "BYPASS_TENANCY" => true) } let(:default_params) { { "authtype" => "openshift" } } - context "when there is an invalid body" do - let(:default_as) { :text } - - it "returns a 400" do - post("/api/v1.0/authentications", :headers => {"CONTENT_TYPE" => "application/text"}, :params => "{") - - expect(response.status).to eq(400) - end - end - it "unpermitted key" do post("/api/v1.0/authentications", :headers => headers, :params => default_params.merge("garbage" => "abc")) From 76441b97b0a066b8c0584030743d0af8bb2a1dd3 Mon Sep 17 00:00:00 2001 From: Madhu Kanoor Date: Wed, 13 Nov 2019 12:04:30 -0500 Subject: [PATCH 2/3] Fixed rubocop errors --- .../request_body_validation.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/insights/api/common/application_controller_mixins/request_body_validation.rb b/lib/insights/api/common/application_controller_mixins/request_body_validation.rb index 3ee1a6f2..2a95e6f7 100644 --- a/lib/insights/api/common/application_controller_mixins/request_body_validation.rb +++ b/lib/insights/api/common/application_controller_mixins/request_body_validation.rb @@ -18,9 +18,9 @@ def self.included(other) def body_params @body_params ||= begin - hash = params.permit!.to_h - request.path_parameters.keys.each { |key| hash.delete(key) } - ActionController::Parameters.new(hash).permit! + hash = params.permit!.to_h + request.path_parameters.keys.each { |key| hash.delete(key) } + ActionController::Parameters.new(hash).permit! end end From 1cf5a0d5948fc7e580f987b7a140c552a7d8df38 Mon Sep 17 00:00:00 2001 From: Madhu Kanoor Date: Wed, 13 Nov 2019 16:14:27 -0500 Subject: [PATCH 3/3] Applied PR feedback --- .../request_body_validation.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/insights/api/common/application_controller_mixins/request_body_validation.rb b/lib/insights/api/common/application_controller_mixins/request_body_validation.rb index 2a95e6f7..a35cb414 100644 --- a/lib/insights/api/common/application_controller_mixins/request_body_validation.rb +++ b/lib/insights/api/common/application_controller_mixins/request_body_validation.rb @@ -18,9 +18,9 @@ def self.included(other) def body_params @body_params ||= begin - hash = params.permit!.to_h - request.path_parameters.keys.each { |key| hash.delete(key) } - ActionController::Parameters.new(hash).permit! + ActionController::Parameters.new( + params.permit!.to_h.except(*request.path_parameters.keys) + ).permit! end end