From 21902fa1c50bf1db87e2b090d9ac37739eb5d8ec Mon Sep 17 00:00:00 2001 From: Sravanthi Konduru Date: Wed, 12 Jan 2022 12:53:57 +0530 Subject: [PATCH 1/5] Deserialize bytes payload to str when content type is www-form-urlencoded --- CHANGELOG.rst | 4 ++++ st2api/tests/unit/controllers/v1/test_webhooks.py | 10 +++------- st2auth/tests/unit/controllers/v1/test_sso.py | 11 +++++++++++ st2common/st2common/router.py | 2 +- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8f73f5aae9..6182a20e95 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -7,6 +7,10 @@ in development Fixed ~~~~~ +* Fix deserialization bug for url encoded payloads. #5513 + + Contributed by @sravs-dev + * Fix Type error for ``time_diff`` critera comparison. convert the timediff value as float to match ``timedelta.total_seconds()`` return. #5462 diff --git a/st2api/tests/unit/controllers/v1/test_webhooks.py b/st2api/tests/unit/controllers/v1/test_webhooks.py index 2742b2d09e..c0a15c9295 100644 --- a/st2api/tests/unit/controllers/v1/test_webhooks.py +++ b/st2api/tests/unit/controllers/v1/test_webhooks.py @@ -262,11 +262,6 @@ def test_json_request_body(self, dispatch_mock): ) @mock.patch("st2common.transport.reactor.TriggerDispatcher.dispatch") def test_form_encoded_request_body(self, dispatch_mock): - return - # TODO: Fix on deserialization on API side, body dict values being decoded as bytes - # instead of unicode which breakgs things. Likely issue / bug with form urlencoding - # parsing or perhaps in the test client when sending data - # Send request body as form urlencoded data data = {"form": ["test"]} headers = { @@ -274,10 +269,11 @@ def test_form_encoded_request_body(self, dispatch_mock): "St2-Trace-Tag": "tag1", } - self.app.post("/v1/webhooks/git", data, headers=headers) + post_resp = self.app.post("/v1/webhooks/git", data, headers=headers) + self.assertEqual(post_resp.status_int, http_client.ACCEPTED) self.assertEqual( dispatch_mock.call_args[1]["payload"]["headers"]["Content-Type"], - "application/x-www-form-urlencoded", + "application/x-www-form-urlencoded; charset=UTF-8", ) self.assertEqual(dispatch_mock.call_args[1]["payload"]["body"], data) self.assertEqual(dispatch_mock.call_args[1]["trace_context"].trace_tag, "tag1") diff --git a/st2auth/tests/unit/controllers/v1/test_sso.py b/st2auth/tests/unit/controllers/v1/test_sso.py index 2b6edb1f83..5596b0fb01 100644 --- a/st2auth/tests/unit/controllers/v1/test_sso.py +++ b/st2auth/tests/unit/controllers/v1/test_sso.py @@ -137,6 +137,17 @@ def test_idp_callback(self): self.assertIn("token", st2_auth_token) self.assertEqual(st2_auth_token["user"], MOCK_USER) + @mock.patch.object( + sso_api_controller.SSO_BACKEND, + "verify_response", + mock.MagicMock(return_value={"referer": MOCK_REFERER, "username": MOCK_USER}), + ) + def test_callback_url_encoded_payload(self): + data = {"foo": ["bar"]} + headers = {"Content-Type": "application/x-www-form-urlencoded"} + response = self.app.post(SSO_CALLBACK_V1_PATH, data, headers=headers) + self.assertTrue(response.status_code, http_client.OK) + @mock.patch.object( sso_api_controller.SSO_BACKEND, "verify_response", diff --git a/st2common/st2common/router.py b/st2common/st2common/router.py index 36a9476ed6..acbb6cc5f0 100644 --- a/st2common/st2common/router.py +++ b/st2common/st2common/router.py @@ -494,7 +494,7 @@ def __call__(self, req): "application/x-www-form-urlencoded", "multipart/form-data", ]: - data = urlparse.parse_qs(req.body) + data = urlparse.parse_qs(six.ensure_str(req.body)) else: raise ValueError( 'Unsupported Content-Type: "%s"' % (content_type) From 6c7590ed98014357f276877de14eff8b1a43033a Mon Sep 17 00:00:00 2001 From: sravs-dev <96410422+sravs-dev@users.noreply.github.com> Date: Wed, 12 Jan 2022 13:21:36 +0530 Subject: [PATCH 2/5] Update CHANGELOG.rst --- CHANGELOG.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6182a20e95..9344ae0138 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -7,7 +7,7 @@ in development Fixed ~~~~~ -* Fix deserialization bug for url encoded payloads. #5513 +* Fix deserialization bug for url encoded payloads. #5536 Contributed by @sravs-dev From d6d841b06754b4a431756ec011be938226f15389 Mon Sep 17 00:00:00 2001 From: Eugen Cusmaunsa Date: Wed, 12 Jan 2022 13:45:16 +0000 Subject: [PATCH 3/5] Update CHANGELOG.rst --- CHANGELOG.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9344ae0138..3b147819f6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -7,7 +7,7 @@ in development Fixed ~~~~~ -* Fix deserialization bug for url encoded payloads. #5536 +* Fix deserialization bug in st2 API for url encoded payloads. #5536 Contributed by @sravs-dev From 964564e975484e1b008c225a1ccf9887ebeb1288 Mon Sep 17 00:00:00 2001 From: Sravanthi Konduru Date: Fri, 18 Feb 2022 15:27:33 +0530 Subject: [PATCH 4/5] add test case with invalid content for form-urlcencoded media type --- .../tests/unit/controllers/v1/test_webhooks.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/st2api/tests/unit/controllers/v1/test_webhooks.py b/st2api/tests/unit/controllers/v1/test_webhooks.py index c0a15c9295..b6605f4fb8 100644 --- a/st2api/tests/unit/controllers/v1/test_webhooks.py +++ b/st2api/tests/unit/controllers/v1/test_webhooks.py @@ -278,6 +278,22 @@ def test_form_encoded_request_body(self, dispatch_mock): self.assertEqual(dispatch_mock.call_args[1]["payload"]["body"], data) self.assertEqual(dispatch_mock.call_args[1]["trace_context"].trace_tag, "tag1") + @mock.patch("st2common.transport.reactor.TriggerDispatcher.dispatch") + def test_form_encoded_invalid_body(self, dispatch_mock): + data = {"form"} + + headers = { + "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", + "St2-Trace-Tag": "tag1", + } + + post_resp = self.app.post("/v1/webhooks/git", data, headers=headers) + self.assertEqual( + dispatch_mock.call_args[1]["payload"]["headers"]["Content-Type"], + "application/x-www-form-urlencoded; charset=UTF-8", + ) + self.assertEqual(post_resp.status_int, http_client.BAD_REQUEST) + def test_unsupported_content_type(self): # Invalid / unsupported content type - should throw data = WEBHOOK_1 From 4984fa81a1c9837d817a1779067968f35b52f85b Mon Sep 17 00:00:00 2001 From: Sravanthi Konduru Date: Wed, 2 Mar 2022 23:49:46 +0530 Subject: [PATCH 5/5] revert test case for invalid payload --- .../tests/unit/controllers/v1/test_webhooks.py | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/st2api/tests/unit/controllers/v1/test_webhooks.py b/st2api/tests/unit/controllers/v1/test_webhooks.py index b6605f4fb8..c0a15c9295 100644 --- a/st2api/tests/unit/controllers/v1/test_webhooks.py +++ b/st2api/tests/unit/controllers/v1/test_webhooks.py @@ -278,22 +278,6 @@ def test_form_encoded_request_body(self, dispatch_mock): self.assertEqual(dispatch_mock.call_args[1]["payload"]["body"], data) self.assertEqual(dispatch_mock.call_args[1]["trace_context"].trace_tag, "tag1") - @mock.patch("st2common.transport.reactor.TriggerDispatcher.dispatch") - def test_form_encoded_invalid_body(self, dispatch_mock): - data = {"form"} - - headers = { - "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", - "St2-Trace-Tag": "tag1", - } - - post_resp = self.app.post("/v1/webhooks/git", data, headers=headers) - self.assertEqual( - dispatch_mock.call_args[1]["payload"]["headers"]["Content-Type"], - "application/x-www-form-urlencoded; charset=UTF-8", - ) - self.assertEqual(post_resp.status_int, http_client.BAD_REQUEST) - def test_unsupported_content_type(self): # Invalid / unsupported content type - should throw data = WEBHOOK_1