Support requests with non-'utf-8' charsets

[theopak]

Not ready to merge. EDIT: Ready, pending approval. UPDATE: Ready.

TODO

• "fix the silent failures in the Travis-CI build"
  • EDIT: thanks Ryan Fix Java test by forcing all formencoded content-types to have no charset theopak/oauth_reverse_proxy#4
• skip body_parser middleware in case of empty body
• add pre-mutator to stash original content type
• add pre-mutator to convert content to UTF-8 so that body_parser.urlencoded() parses it
  • wontfix
• add post-mutator to restore original content type
• verify that non-utf-8 charsets are no longer silently failed
• verify that, if removed, non-utf-8 charsets are always restored after body_parser.urlencoded() does its thing.
• verify that requests with utf-8 query strings (e.g., emoji) are proxied correctly
  • unit tests exist and pass

[theopak]

@ryanbreen What job_server endpoint would be appropriate to test against in this case?

[ryanbreen]

I think POST /job would be good. You want to make sure that a url-encoded post gets processed correctly.

[theopak]

It took me waaaay too long to figure this out, but request.js (since v2.64.1) automatically overrides form requests to have Content-Type: "application/x-www-form-urlencoded" when they are sent to the server.

request.js will not send the kind of requests that this PR is looking to test. Therefore I'll have to take a different approach in forming the test.

[theopak]

@ryanbreen Could you take a look at the test case and make sure that it adequately captures the exact issue you told me about? My progress is stalled on this PR because I'm having trouble replicating the exact issue that you described to me in the chat last Wednesday.

[theopak]

Removed because these are repeated in lines 8 and 9 (of the new file).

[theopak]

Inspecting req.argument_pairs during the unit tests, I notice that all the Java client's nonces are integers, and some of those are negative integers. This seems unusual to me. Two example values from failed requests:

[2015-10-01T20:09:48.988Z] TRACE: oauth_reverse_proxy/54621 on lexmac1909.vistaprint.net: (service_name=jobsservice, module=lib/proxy/validators/oauth_signature_validator.js)
    req.argument_pairs:
    [ [ 'oauth_consumer_key', 'java-test-key' ],
      [ 'oauth_nonce', '1244941739633823073' ],
      [ 'oauth_signature_method', 'HMAC-SHA1' ],
      [ 'oauth_timestamp', '1443730188' ],
      [ 'oauth_version', '1.0' ],
      [ 'this', 'is' ],
      [ 'fun', 'right' ] ]
[2015-10-01T20:12:37.531Z] TRACE: oauth_reverse_proxy/54666 on lexmac1909.vistaprint.net: (service_name=jobsservice, module=lib/proxy/validators/oauth_signature_validator.js)
    req.argument_pairs:
    [ [ 'oauth_consumer_key', 'java-test-key' ],
      [ 'oauth_nonce', '-4825279163585566192' ],
      [ 'oauth_signature_method', 'HMAC-SHA1' ],
      [ 'oauth_timestamp', '1443730357' ],
      [ 'oauth_version', '1.0' ],
      [ 'this', 'is' ],
      [ 'fun', 'right' ] ]

"A nonce is a random string," according to http://oauth.net/core/1.0a/#nonce, which means that the other clients are following spec when they generate alphanumeric nonces as base64 encoded UTF-8 data.

@rb Do you think this indicate a problem with the way that the client's requests are received?

[ryanbreen]

I wouldn't think that would cause an issue. An integer is still a random string.

[theopak]

@ryanbreen The client library tests pass, with your changes, as of 7675b31

However, your changes have a typo: theopak#4 (comment)

The tests fail if I fix the typo

[theopak]

The latter 4 test templates are the ones that still fail in the build, even though they pass on master.

$ set OAUTH_REVERSE_PROXY_LOG_LEVEL="trace"; mocha --reporter spec -t 10000 ./test/oauth_proxy_outbound_test.js | bunyan

  64 passing (494ms)
  8 failing

@ryanbreen any idea why? I've tried rolling back my changes one by one locally, and looking through the diff in this PR, but I can't pinpoint the line(s) that cause these tests to fail.

[ryanbreen]

All the failures are here:

8) should accept a properly signed DELETE over IPv6 with query via https
Error: Protocol "https:" not supported. Expected "http:".
    at new ClientRequest (_http_client.js:53:11)
    at Object.exports.request (http.js:31:10)
    at Object.exports.request (https.js:163:15)
    at Array.stream (/Users/wrb/tmp/oauth_reverse_proxy/node_modules/http-proxy/lib/http-proxy/passes/web-incoming.js:108:74)
    at ProxyServer.<anonymous> (/Users/wrb/tmp/oauth_reverse_proxy/node_modules/http-proxy/lib/http-proxy/index.js:80:21)

I'm not sure what might have changed between this version and master. Looks like an https request is being sent with http.js. Not sure why that would happen.

[ryanbreen]

Looks like it might be a node > 0.11.0 discrepancy: SamDecrock/node-http-ntlm#21

You might need to check the node-http-proxy version and see if there's an upgrade to address this, assuming the issue is from that package.

[theopak]

Builds now thanks to your fix. Evidently the failures weren't directly related to using node > 0.11.0, but actually a change that happened when I upgraded dependencies and combined query_parser.js and url_parser.js without noticing all of the resulting differences.

[ryanbreen]

LGTM!