From 467dd6af09759cc44ddd00f1a07cc34c67822ed4 Mon Sep 17 00:00:00 2001 From: joel Date: Wed, 8 May 2024 14:36:42 +0800 Subject: [PATCH 1/4] fix: add additional information around missing content type headers --- internal/api/hooks.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/api/hooks.go b/internal/api/hooks.go index 4efc33512..226cb0c5d 100644 --- a/internal/api/hooks.go +++ b/internal/api/hooks.go @@ -140,9 +140,12 @@ func (a *API) runHTTPHook(r *http.Request, hookConfig conf.ExtensibilityPointCon defer rsp.Body.Close() // Header.Get is case insensitive contentType := rsp.Header.Get("Content-Type") + if contentType == "" { + return nil, internalServerError("Invalid Content-Type: Missing Content-Type header") + } mediaType, _, err := mime.ParseMediaType(contentType) if err != nil { - return nil, internalServerError("Invalid Content-Type header") + return nil, internalServerError(fmt.Sprintf("Invalid Content-Type header: %s", err.Error())) } if mediaType != "application/json" { return nil, internalServerError("Invalid JSON response. Received content-type: " + contentType) From e6603c79d0eb878001ba11d07057469539daf034 Mon Sep 17 00:00:00 2001 From: joel Date: Wed, 8 May 2024 14:52:18 +0800 Subject: [PATCH 2/4] fix: perform header check only when there's a 200 --- internal/api/hooks.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/internal/api/hooks.go b/internal/api/hooks.go index 226cb0c5d..89d2d2fe3 100644 --- a/internal/api/hooks.go +++ b/internal/api/hooks.go @@ -138,21 +138,21 @@ func (a *API) runHTTPHook(r *http.Request, hookConfig conf.ExtensibilityPointCon } defer rsp.Body.Close() - // Header.Get is case insensitive - contentType := rsp.Header.Get("Content-Type") - if contentType == "" { - return nil, internalServerError("Invalid Content-Type: Missing Content-Type header") - } - mediaType, _, err := mime.ParseMediaType(contentType) - if err != nil { - return nil, internalServerError(fmt.Sprintf("Invalid Content-Type header: %s", err.Error())) - } - if mediaType != "application/json" { - return nil, internalServerError("Invalid JSON response. Received content-type: " + contentType) - } switch rsp.StatusCode { case http.StatusOK, http.StatusNoContent, http.StatusAccepted: + // Header.Get is case insensitive + contentType := rsp.Header.Get("Content-Type") + if contentType == "" { + return nil, internalServerError("Invalid Content-Type: Missing Content-Type header") + } + mediaType, _, err := mime.ParseMediaType(contentType) + if err != nil { + return nil, internalServerError(fmt.Sprintf("Invalid Content-Type header: %s", err.Error())) + } + if mediaType != "application/json" { + return nil, internalServerError("Invalid JSON response. Received content-type: " + contentType) + } if rsp.Body == nil { return nil, nil } From a904099b1fd0577f830e556ad9134ba01f363414 Mon Sep 17 00:00:00 2001 From: joel Date: Wed, 18 Sep 2024 22:55:05 +0200 Subject: [PATCH 3/4] fix: update error response status code --- internal/api/errorcodes.go | 1 + internal/api/hooks.go | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/internal/api/errorcodes.go b/internal/api/errorcodes.go index 036d747a5..ab25a3408 100644 --- a/internal/api/errorcodes.go +++ b/internal/api/errorcodes.go @@ -76,6 +76,7 @@ const ( ErrorCodeHookTimeout ErrorCode = "hook_timeout" ErrorCodeHookTimeoutAfterRetry ErrorCode = "hook_timeout_after_retry" ErrorCodeHookPayloadOverSizeLimit ErrorCode = "hook_payload_over_size_limit" + ErrorCodeHookPayloadInvalidContentType ErrorCode = "hook_payload_invalid_content_type" ErrorCodeHookPayloadUnknownSize ErrorCode = "hook_payload_unknown_size" ErrorCodeRequestTimeout ErrorCode = "request_timeout" ) diff --git a/internal/api/hooks.go b/internal/api/hooks.go index 89d2d2fe3..9ac408566 100644 --- a/internal/api/hooks.go +++ b/internal/api/hooks.go @@ -144,14 +144,14 @@ func (a *API) runHTTPHook(r *http.Request, hookConfig conf.ExtensibilityPointCon // Header.Get is case insensitive contentType := rsp.Header.Get("Content-Type") if contentType == "" { - return nil, internalServerError("Invalid Content-Type: Missing Content-Type header") + return nil, badRequestError(ErrorCodeHookPayloadInvalidContentType, "Invalid Content-Type: Missing Content-Type header") } mediaType, _, err := mime.ParseMediaType(contentType) if err != nil { - return nil, internalServerError(fmt.Sprintf("Invalid Content-Type header: %s", err.Error())) + return nil, badRequestError(ErrorCodeHookPayloadInvalidContentType, fmt.Sprintf("Invalid Content-Type header: %s", err.Error())) } if mediaType != "application/json" { - return nil, internalServerError("Invalid JSON response. Received content-type: " + contentType) + return nil, badRequestError(ErrorCodeHookPayloadInvalidContentType, "Invalid JSON response. Received content-type: "+contentType) } if rsp.Body == nil { return nil, nil From 6a9b82ba6ef9f17dc222b4360253ef6488eb1cc3 Mon Sep 17 00:00:00 2001 From: Joel Lee Date: Wed, 18 Sep 2024 22:57:10 +0200 Subject: [PATCH 4/4] fix: remove outdated error code --- internal/api/errorcodes.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/api/errorcodes.go b/internal/api/errorcodes.go index ffbf5bbc3..d9a982224 100644 --- a/internal/api/errorcodes.go +++ b/internal/api/errorcodes.go @@ -77,7 +77,6 @@ const ( ErrorCodeHookTimeoutAfterRetry ErrorCode = "hook_timeout_after_retry" ErrorCodeHookPayloadOverSizeLimit ErrorCode = "hook_payload_over_size_limit" ErrorCodeHookPayloadInvalidContentType ErrorCode = "hook_payload_invalid_content_type" - ErrorCodeHookPayloadUnknownSize ErrorCode = "hook_payload_unknown_size" ErrorCodeRequestTimeout ErrorCode = "request_timeout" ErrorCodeMFAPhoneEnrollDisabled ErrorCode = "mfa_phone_enroll_not_enabled" ErrorCodeMFAPhoneVerifyDisabled ErrorCode = "mfa_phone_verify_not_enabled"