diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d7b9978d..4b5a58d52 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +- 'Authorization' header should not be added to BatchRequest Json body. [#1483](https://github.com/microsoftgraph/msgraph-sdk-java-core/issues/1483) + ## [3.1.1] - 2024-02-09 ### Changed diff --git a/src/main/java/com/microsoft/graph/core/content/BatchRequestContent.java b/src/main/java/com/microsoft/graph/core/content/BatchRequestContent.java index c382e3581..2a0f511f2 100644 --- a/src/main/java/com/microsoft/graph/core/content/BatchRequestContent.java +++ b/src/main/java/com/microsoft/graph/core/content/BatchRequestContent.java @@ -178,6 +178,7 @@ public InputStream getBatchRequestContent() throws IOException { return in; } } + private static final String AUTHORIZATION_HEADER_KEY = "authorization"; private void writeBatchRequestStep(BatchRequestStep requestStep, JsonWriter writer) throws IOException { Request request = requestStep.getRequest(); writer.beginObject(); @@ -208,10 +209,13 @@ private void writeBatchRequestStep(BatchRequestStep requestStep, JsonWriter writ writer.value(rawBodyContent); } } + //Remove the header if it is some version of 'authorization' + //RemoveAll utilizes ignoreCase natively + headers = headers.newBuilder().removeAll(AUTHORIZATION_HEADER_KEY).build(); if(headers.size() != 0 || requestBody != null) { writer.name(CoreConstants.BatchRequest.HEADERS); writer.beginObject(); - for(int i = 0; i < headers.size(); i++) { + for (int i = 0; i < headers.size(); i++) { writer.name(headers.name(i)).value(headers.value(i)); } writer.endObject(); diff --git a/src/test/java/com/microsoft/graph/core/content/BatchRequestContentTest.java b/src/test/java/com/microsoft/graph/core/content/BatchRequestContentTest.java index 563eb6e45..b944a189d 100644 --- a/src/test/java/com/microsoft/graph/core/content/BatchRequestContentTest.java +++ b/src/test/java/com/microsoft/graph/core/content/BatchRequestContentTest.java @@ -9,6 +9,8 @@ import com.microsoft.kiota.RequestInformation; import com.microsoft.kiota.authentication.AnonymousAuthenticationProvider; +import com.microsoft.kiota.authentication.AuthenticationProvider; +import com.microsoft.kiota.http.OkHttpRequestAdapter; import com.microsoft.kiota.http.middleware.UrlReplaceHandler; import okhttp3.*; import org.junit.jupiter.api.Assertions; @@ -25,6 +27,7 @@ import static com.microsoft.graph.core.CoreConstants.ReplacementConstants.USERS_ENDPOINT_WITH_REPLACE_TOKEN; import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.Mockito.mock; class BatchRequestContentTest { static final String requestUrl = "https://graph.microsoft.com/v1.0"+USERS_ENDPOINT_WITH_REPLACE_TOKEN; @@ -234,6 +237,61 @@ void BatchRequestContent_GetBatchRequestContentFromStepDoesNotModifyDateTimes() assertEquals(expectedJson, requestContentString); } @Test + void BatchRequestContent_DoNotAddAuthorizationHeader() throws Exception { + OkHttpRequestAdapter adapter = new OkHttpRequestAdapter(mock(AuthenticationProvider.class)); + + String expectedJson = "{\n" + + " \"requests\": [\n" + + " {\n" + + " \"id\": \"1\",\n" + + " \"url\": \"/me\",\n" + + " \"method\": \"GET\",\n" + + " \"headers\": {\n" + + " \"accept\": \"application/json\"\n" + + " }\n" + + " },\n" + + " {\n" + + " \"id\": \"2\",\n" + + " \"url\": \"/me\",\n" + + " \"method\": \"GET\"\n" + + " }\n" + + " ]\n" + + "}"; + //The following string is the same size as a token + String longBearerString = "bbcbbbcbccbbabbacbccccbccabbcacacaaabccbccbbbbaabbabcccccbcbcacbbccbcbcaaacaacccacccbabacccabbccbccacccabcbbbbbacaacccabaaacaabcbacbaabcacabcbaaaccaccbbaaaabbbabbcaabbacccccaabbcabbbbbbbaaababaaabbbbcbbbcacbaaccaccabbcbabbabacbcccacbaccacaacaaacbacbaaaacbcbbacbcaaaaabcababbbcaabaaaabaaccbaccaababcbccbbacbaaabcbcbcbaaabcccabcacbbcbbabcccaccbacaaccaaaabcaacaccababbcbcabbccbaaaaaacccbcbccbaaccabbacbaaaacaccabcbbbcaabccccbbabbccaaaccbbbabbabcbcabcbccabbaabaacaaabbacaaccbcabaaaabcaabbabccabbcabcabbbaaaacccbcbcbbaacbbbbbcbbabcbabcbbcbbbaacccaababaccbaabcccccabbcabcababacbcaacbbaabaaacaabbacabcbcabcaabcccccacbaaacccbcabacbcbbbcccaaabacccaabcbcaababaabbacacabcbccacbbcacbbcaaccbbbcccbaaaacbcacabbcaaaacbcaacaccccbbaaabcccaacbabbbcbbccbacabccabaabacbbbbbcbaaaaaccabcbccabcccbcccabababbbbcbbcbbcbcabaabaabccbabcbbbabaaacaaaabcbcabaccaaaaacbaaabcbaccbaccbabacbcabbcbcbbaabbbbccaacccaabacacbabbcacabcbaccbcacbccaabcbbacbacbacbbaaccaaaaccacbcababccccccbbcbacacaaabaaaccbaabaacccbaaabcbcaabaaaaabcabacbabcbbccccbacbaabccaaabcccbbacbbacacaccabbcaacbbbbcbcbbcaabaacbbbcbbcbaaacccbacbaabacacbbabcaaaacaabacbaacaaaabbcacbacbcccacbcabcccacacaaccbbbcaacabcccaaacbabaaccbcbaacacbacaababcabcbccabcabcccaacabacabccaacbbcabbcaacbccaababacccaccabacbbbaabaccbcabcaabbcccacccbcbcabbccabbabaaaccacccbcbacabcaabcaccbbcbaaacbaabbbbcbccbbcccaababababaabacccbbbcabbaaacbcaaabccbbbccabbbcccbcacacaaabbabcacbacaacbbbcbbbbbccabbbabcabbcbacccaaabaaacbaabbacabbabcbcbcacbbaabbabcbcaacbabbcccbabaaccabbacbcaaacabbbbcaacbccbbbbacbcabbbaabcacaaabaabbaaccabbcabcabbacaaaacacabbabccacbbabbbbcabbaaccabcccaabbaaaacaabcbacabbaacaccbbbbaaaaacbcbacbbaaaabbabcaacaaacbbaabcccbbcbaacabbbbcaccaaaabcacbcbaaabbbcabcabcbbbbacbaccaacbccaacbbcaccaaaaacbabbbcbcbacbacbaccaacbcbcbbcaaaabaaabaabccaaaabbcabaaabcbcccbbcbaacacbbacacbabbcbaccabacbabcbcaabbbaabccccccaaccbcbccccbbbbcabaaacbbbaacbbaccaabcbcaacaacaacacaababcccbacbbccccbcacbcbcaacaaaacccccccaccaababaacbaabbcbbbccaacbabbcbcaaabbccacbbaabbbbcbbccbcccbbcacabaaacbacacbcaaabcbccacacccbbaacbacbbcbabbcbbbbcaccbaaccbcbcaabcababcbbbcccbcbaababcacbacbbbacacacabbccabbbaaaaacaccbbccbccbabaababcbbccabcaaacaccacabbaabacacabaccabacbacabbccbabaccbabcccbbcbbbaaabbccabbcbbbacacbbbabbcbbacbcabacaccabbbcbabbcbcacbcbbabbbbcabcbbabbbcaaccbaaaaccbababbbaabcbbbaacabbbbcabcabbcabbacabbccccaabaaaaabbcbabacbacbabcabcccabbbccbbcccaacacaabbcbabcbabaaaababbbacabaacbabbabcbbbcbccbacbcbccbbbccccbacaccbaccaaabbaacbbaaabbbcaccbabbcccbbbbccacbbaaacabbbbaabbabcccabcbcbbccccbacccabbbaaabcacccaabbabaccccbbbcccccaacbbbccbcabbbcccababbbcacccccccabccbbcaabccbbbaaccabbcaabcacabbcbbabcccaccccaaacbbbccaaabcbacabbbacbaccaabcbabababbcbcacaabcaabcbcbbcaaacaacabaaababbbacaccababaccbacacacacacbcccbabcbabcabccbaabcccababcbacbccccccacacbbacccccbaccbacaacbacacbcccccaaaacbaaaaccbacbbcacccbbbaabaaaccaccbcabcccccacaaaabcbabbacbbbcaaababcbacccbabcbaaabbcbaaacaabbcaaccaaccbacbaaaaaaabbaacaaabacbbcaacaacabbcabaccaaacbaccccbcccbcbcaaacbacaacccaccaacabacaaaabbbbbbbcacacbabccacacabbbababbbbcbabaaacaaacbacbcabbccacaacccbbbcbbacaccbbbaaabababbcbaacbcabcabaaccbcaaacbbbaacacccbbcaabcbacabbccbcbbbabbbaabacacaccaabbcbbaccbaaabcabbababaccca"; + RequestInformation requestInfo = new RequestInformation(); + requestInfo.urlTemplate = "{+baseurl}/users/{user%2Did}{?%24expand,%24select}"; + HashMap pathParameters = new HashMap<>(); + pathParameters.put("baseurl", "https://graph.microsoft.com/v1.0"); + pathParameters.put("user%2Did", "TokenToReplace"); + requestInfo.pathParameters = pathParameters; + requestInfo.httpMethod = HttpMethod.GET; + // Only one header should be present in the headers object of the Json Body + requestInfo.headers.add("accept", "application/json"); + requestInfo.headers.add("authorization", longBearerString); + RequestInformation requestInfo2 = new RequestInformation(); + requestInfo2.urlTemplate = "{+baseurl}/users/{user%2Did}{?%24expand,%24select}"; + HashMap pathParameters2 = new HashMap<>(); + pathParameters2.put("baseurl", "https://graph.microsoft.com/v1.0"); + pathParameters2.put("user%2Did", "TokenToReplace"); + requestInfo2.pathParameters = pathParameters2; + requestInfo2.httpMethod = HttpMethod.GET; + // No headers object should be present in the Json body + requestInfo2.headers.add("AuthoriZation", longBearerString); // Test with strange casing + + BatchRequestContent batchRequestContent = new BatchRequestContent(client); + batchRequestContent.addBatchRequestStep(new BatchRequestStep("1",adapter.convertToNativeRequest(requestInfo))); + batchRequestContent.addBatchRequestStep(new BatchRequestStep("2",adapter.convertToNativeRequest(requestInfo2))); + + InputStream stream = batchRequestContent.getBatchRequestContent(); + String requestContentString = readInputStream(stream); + requestContentString = requestContentString.replace("\n", "").replaceAll("\\s", ""); + expectedJson = expectedJson.replace("\n", "").replaceAll("\\s", ""); + + assertNotNull(requestContentString); + assertEquals(expectedJson, requestContentString); + } + @Test void BatchRequestContent_AddBatchRequestStepWithHttpRequestMessage() { BatchRequestContent batchRequestContent = new BatchRequestContent(client); assertTrue(batchRequestContent.getBatchRequestSteps().isEmpty()); @@ -248,6 +306,7 @@ void BatchRequestContent_AddBatchRequestStepWithHttpRequestMessage() { Assertions.assertEquals(batchRequestContent.getBatchRequestSteps().get(requestId).getRequest().url().uri().toString(), request.url().uri().toString()); Assertions.assertEquals(batchRequestContent.getBatchRequestSteps().get(requestId).getRequest().method(), request.method()); } + @Test void BatchRequestContent_AddBatchRequestStepWithHttpRequestMessageToBatchRequestContentWithMaxSteps() { BatchRequestContent batchRequestContent = new BatchRequestContent(client);