check content type in JSONRequestDeserializer

Fixed Bug #1187882

Change-Id: I67dc20bddff570e7b9cf43093e06509a20aa9b60

diff --git a/heat/common/wsgi.py b/heat/common/wsgi.py
index 2f0ecbcbe39e46bdf7add03c5addcbda188765af..cc5b624d1e8a6145088876ea03554aa3d7f53cfc 100644 (file)
--- a/heat/common/wsgi.py
+++ b/heat/common/wsgi.py
@@ -427,6 +427,14 @@ class Request(webob.Request):
             return content_type
 
 
+def is_json_content_type(request):
+    content_type = request.params.get("ContentType") or request.content_type
+    if content_type in ('JSON', 'application/json')\
+            and request.body.startswith('{'):
+        return True
+    return False
+
+
 class JSONRequestDeserializer(object):
     def has_body(self, request):
         """
@@ -434,9 +442,7 @@ class JSONRequestDeserializer(object):
 
         :param request:  Webob.Request object
         """
-        if 'transfer-encoding' in request.headers:
-            return True
-        elif request.content_length > 0:
+        if request.content_length > 0 and is_json_content_type(request):
             return True
 
         return False

diff --git a/heat/tests/test_wsgi.py b/heat/tests/test_wsgi.py
index e2640c61b49f5f2d06cb4a03aebc33947b0a9358..9cfe4b15dff1099aeb77845fe2b755262e858199 100644 (file)
--- a/heat/tests/test_wsgi.py
+++ b/heat/tests/test_wsgi.py
@@ -209,11 +209,50 @@ class JSONRequestDeserializerTest(HeatTestCase):
         request.headers['Content-Length'] = 0
         self.assertFalse(wsgi.JSONRequestDeserializer().has_body(request))
 
-    def test_has_body_has_content_length(self):
+    def test_has_body_has_content_length_no_content_type(self):
         request = wsgi.Request.blank('/')
         request.method = 'POST'
         request.body = 'asdf'
         self.assertTrue('Content-Length' in request.headers)
+        self.assertFalse(wsgi.JSONRequestDeserializer().has_body(request))
+
+    def test_has_body_has_content_type_malformed(self):
+        request = wsgi.Request.blank('/')
+        request.method = 'POST'
+        request.body = 'asdf'
+        self.assertTrue('Content-Length' in request.headers)
+        request.headers['Content-Type'] = 'application/json'
+        self.assertFalse(wsgi.JSONRequestDeserializer().has_body(request))
+
+    def test_has_body_has_content_type(self):
+        request = wsgi.Request.blank('/')
+        request.method = 'POST'
+        request.body = '{"key": "value"}'
+        self.assertTrue('Content-Length' in request.headers)
+        request.headers['Content-Type'] = 'application/json'
+        self.assertTrue(wsgi.JSONRequestDeserializer().has_body(request))
+
+    def test_has_body_has_wrong_content_type(self):
+        request = wsgi.Request.blank('/')
+        request.method = 'POST'
+        request.body = '{"key": "value"}'
+        self.assertTrue('Content-Length' in request.headers)
+        request.headers['Content-Type'] = 'application/xml'
+        self.assertFalse(wsgi.JSONRequestDeserializer().has_body(request))
+
+    def test_has_body_has_aws_content_type_only(self):
+        request = wsgi.Request.blank('/?ContentType=JSON')
+        request.method = 'GET'
+        request.body = '{"key": "value"}'
+        self.assertTrue('Content-Length' in request.headers)
+        self.assertTrue(wsgi.JSONRequestDeserializer().has_body(request))
+
+    def test_has_body_respect_aws_content_type(self):
+        request = wsgi.Request.blank('/?ContentType=JSON')
+        request.method = 'GET'
+        request.body = '{"key": "value"}'
+        self.assertTrue('Content-Length' in request.headers)
+        request.headers['Content-Type'] = 'application/xml'
         self.assertTrue(wsgi.JSONRequestDeserializer().has_body(request))
 
     def test_no_body_no_content_length(self):
@@ -241,14 +280,7 @@ class JSONRequestDeserializerTest(HeatTestCase):
         request = wsgi.Request.blank('/')
         request.method = 'POST'
         request.body = '{"key": "value"}'
+        request.headers['Content-Type'] = 'application/json'
         actual = wsgi.JSONRequestDeserializer().default(request)
         expected = {"body": {"key": "value"}}
         self.assertEqual(actual, expected)
-
-    def test_has_body_has_transfer_encoding(self):
-        request = wsgi.Request.blank('/')
-        request.method = 'POST'
-        request.body = 'fake_body'
-        request.headers['transfer-encoding'] = 0
-        self.assertTrue('transfer-encoding' in request.headers)
-        self.assertTrue(wsgi.JSONRequestDeserializer().has_body(request))