diff options
| author | Jay Doane <jaydoane@apache.org> | 2022-09-01 13:38:44 -0700 |
|---|---|---|
| committer | Jay Doane <jaydoane@apache.org> | 2022-09-01 13:56:22 -0700 |
| commit | d9afd1da4f7373bb000ec81dfd3dd00c0fd7a6a4 (patch) | |
| tree | 9ab045cf46a0c1e3b7ff47dfd4b8159116e35d16 | |
| parent | 08e62bb59131d86e3ee28e5a7692bf819596cb21 (diff) | |
| download | couchdb-session-require-content-type.tar.gz | |
Maybe return bad_content_type on _session POSTsession-require-content-type
Currently, when POSTing to `/_session` with a Content-Type header
other than either `application/x-www-form-urlencoded` or
`application/json`, the error response can be surprising.
This changes the response to 415 `bad_content_type` when it's not one
of the above.
| -rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 8 | ||||
| -rw-r--r-- | src/couch/test/eunit/couchdb_auth_tests.erl | 15 |
2 files changed, 22 insertions, 1 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index cc02a1e9d..c30854986 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -459,7 +459,13 @@ handle_session_req(#httpd{method = 'POST', mochi_req = MochiReq} = Req, AuthModu Pairs ); _ -> - [] + throw( + {bad_ctype, << + "Content-Type must be " + "'application/x-www-form-urlencoded' or " + "'application/json'" + >>} + ) end, UserName = ?l2b(extract_username(Form)), Password = ?l2b(couch_util:get_value("password", Form, "")), diff --git a/src/couch/test/eunit/couchdb_auth_tests.erl b/src/couch/test/eunit/couchdb_auth_tests.erl index dfb22dc25..bc5caabe5 100644 --- a/src/couch/test/eunit/couchdb_auth_tests.erl +++ b/src/couch/test/eunit/couchdb_auth_tests.erl @@ -34,6 +34,7 @@ auth_test_() -> Tests = [ fun should_return_username_on_post_to_session/2, fun should_not_return_authenticated_field/2, + fun should_return_bad_content_type_appropriately/2, fun should_return_list_of_handlers/2 ], RequireValidUserTests = [ @@ -85,6 +86,20 @@ should_return_username_on_post_to_session(_PortType, Url) -> end ). +should_return_bad_content_type_appropriately(_PortType, Url) -> + ?_assertEqual( + <<"bad_content_type">>, + begin + {ok, 415, _, Body} = test_request:post( + Url, + [{"Content-Type", ""}], + [] + ), + #{<<"error">> := Error} = jiffy:decode(Body, [return_maps]), + Error + end + ). + should_not_return_authenticated_field(_PortType, Url) -> ?_assertThrow( {not_found, _}, |