bravado-core icon indicating copy to clipboard operation
bravado-core copied to clipboard

Published 20 hours ago verified publisher icon Yelp

Content-Type mismatch crashes bravado-core's unmarshal method

Open striglia opened this issue 9 years ago • 4 comments
trafficstars

reporting for @nattofriends

Creating a request like:

curl -X POST localhost:8080/my_json_endpoint -H "Content-Type:application/json" -d 'definitely not json'

and calling unmarshal_request throws this error:

pyramid_swagger/tween.py:526: in swaggerize_request
    request_data = unmarshal_request(request, op)
.tox/py27/lib/python2.7/site-packages/bravado_core/request.py:64: in unmarshal_request
    param_value = unmarshal_param(param, request)
.tox/py27/lib/python2.7/site-packages/bravado_core/param.py:171: in unmarshal_param
    raw_value = request.json()
pyramid_swagger/tween.py:249: in json
    return getattr(self.request, 'json_body', {})
.tox/py27/lib/python2.7/site-packages/pyramid/request.py:235: in json_body
    return json.loads(text_(self.body, self.charset))
/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/__init__.py:338: in loads
    return _default_decoder.decode(s)
/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py:366: in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())

Not a huge deal since it requires a malformed request, but also seems like a cheap place to be slightly more intentional about behavior when unmarshalling fails. Perhaps a specific exception type gets raised for the calling code to catch and react accordingly?

striglia avatar Feb 25 '16 19:02 striglia

This is preventing some Yelp internal services from using Swagger, can we prioritize this issue?

@tomelm has more context.

wting avatar Jul 07 '16 22:07 wting

We're trying to use this for OAuth 2.0. As part of that spec, the requests coming in need to use an application/x-www-form-urlencoded content-type. Right now, bravado-core assumes that every request coming in is JSON, regardless of type: https://github.com/Yelp/bravado-core/blob/master/bravado_core/param.py#L178

This causes parsing errors and then it allll breaks.

tomelm avatar Jul 08 '16 16:07 tomelm

@tomelm: could you give a more specific example? I don't see how you would send anything else than JSON. To send application/x-www-form-urlencoded data you would define every field you send and set the type to formData. See http://swagger.io/specification/#parameterObject , it mentions specifically how to describe x-www-form-urlencoded data.

sjaensch avatar Jul 27 '16 15:07 sjaensch

@sjaensch I'm not entirely what sort of example you're asking for. The OAuth 2.0 spec says that content needs to be sent as x-www-form-urlencoded (https://tools.ietf.org/html/rfc6749#section-2.3.1) and when we tried to do that we would error due to bravaro expecting JSON to parse.

The code in bravado-core specifically only parses JSON and raises an exception otherwise.

tomelm avatar Oct 04 '16 22:10 tomelm