Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#5397 closed defect (fixed)

API client registration fails if Content-Type has options

Reported by: Ben Sturmfels Owned by:
Priority: minor Milestone: 0.9.0
Component: programming Keywords:
Cc: Parent Tickets:

Description

I was just playing with the client registration API and noticed that the following valid request fails. The client I'm using is from the httpie package.

http --form --verbose POST http://127.0.0.1:6543/api/client/register type=client_associate application_type=native
POST /api/client/register HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, compress
Content-Length: 45
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: 127.0.0.1:6543
User-Agent: HTTPie/0.8.0

type=client_associate&application_type=native

HTTP/1.0 400 BAD REQUEST
Access-Control-Allow-Headers: Content-Type, X-Requested-With
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Content-Length: 33
Content-Type: application/json
Date: Tue, 19 Jan 2016 12:31:30 GMT
Server: PasteWSGIServer/0.5 Python/2.7.6
Set-Cookie: mediagoblin_csrftoken=12864927827420732302; HttpOnly; Path=
Vary: Cookie

{
    "error": "Unknown Content-Type"
}

It should succeed like this:

HTTP/1.0 200 OK
Access-Control-Allow-Headers: Content-Type, X-Requested-With
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Content-Length: 120
Content-Type: application/json
Date: Tue, 19 Jan 2016 12:32:00 GMT
Server: PasteWSGIServer/0.5 Python/2.7.6
Set-Cookie: mediagoblin_csrftoken=726380659778734454; HttpOnly; Path=
Vary: Cookie

{
    "client_id": "F5lY7pUrmL9ytOjF3RW1md", 
    "client_secret": "yAce42AR3a8SGUSiJDp4GbEaYB8xBQoktNU5ZjlpmWO", 
    "expires_at": 0
}

This looks to be caused by the content-type parsing function not being aware of extra options like Content-Type: application/x-www-form-urlencoded; charset=utf-8, since the simpler case works Content-Type: application/x-www-form-urlencoded.

Attaching a patch including tests for the current code paths plus one with header options.

Attachments (1)

issue_5397.patch (4.3 KB ) - added by Ben Sturmfels 10 years ago.

Download all attachments as: .zip

Change History (5)

by Ben Sturmfels, 10 years ago

Attachment: issue_5397.patch added

comment:1 by ShawnRisk, 10 years ago

Owner: Ben Sturmfels removed
Status: newreview

comment:2 by ayleph, 10 years ago

Hi Sturm,

It appears that you're running MediaGoblin using the builtin "lazyserver" in this case. Is that correct? If so, does the same problem still occur when running via a "real" web server?

comment:3 by Christopher Allan Webber, 10 years ago

Milestone: 0.8.2
Resolution: fixed
Status: reviewclosed

This makes sense, and that werkzeug utility looks useful. I've applied the patch and pushed it. Thank you!

comment:4 by Christopher Allan Webber, 10 years ago

Milestone: 0.8.20.9.0

All 0.8.2 tickets are being rolled over to 0.9.0

Note: See TracTickets for help on using tickets.