New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prevents POST requests when the JSON body couldn't be correctly formed #415

Merged

aboedo merged 8 commits into develop from fix/posts_with_empty_body

Dec 17, 2020

Member

aboedo commented Dec 4, 2020

We're consistently getting a few POST requests on the backend which have empty body.

Thing is, we never create requests with nil bodies intentionally, so after looking at the code it seems like this might happen if the body dictionary couldn't be parsed into JSON.
It doesn't make sense to still hit the backend if the body of the request couldn't be correctly formed, so this does an early exit before that happens.
Also, when you hit the backend unnecessarily, a panda dies. Don't kill pandas.

aboedo self-assigned this

aboedo commented

View reviewed changes

Purchases/Networking/RCHTTPClient.m

                   NSParameterAssert(([HTTPMethod isEqualToString:@"GET"] || [HTTPMethod isEqualToString:@"POST"]));
+                  NSParameterAssert(!([HTTPMethod isEqualToString:@"GET"] && requestBody));
+                  NSParameterAssert(!([HTTPMethod isEqualToString:@"POST"] && !requestBody));

Member Author

aboedo Dec 4, 2020

this is a new check, but it looks like we don't have any places where we make POST requests without a body, and I can't think of a reason why you might want to.

Purchases/Networking/RCHTTPClient.m Outdated

Comment on lines 182 to 189

		RCLog(@"Error creating request JSON: %@", requestBody);
		RCErrorLog(@"Error creating request JSON: %@", requestBody);

Member Author

aboedo Dec 4, 2020

This seems like a clear case for an error log to me

Purchases/Networking/RCHTTPClient.m

                       NSError *JSONParseError;
                       NSData *body = [NSJSONSerialization dataWithJSONObject:requestBody options:0 error:&JSONParseError];
                       if (JSONParseError) {
-                          RCLog(@"Error creating request JSON: %@", requestBody);
+                          RCErrorLog(@"Error creating request JSON: %@", requestBody);
+                          return nil;

Member Author

aboedo Dec 4, 2020 •

edited

new behavior: if we can't create a JSON request, don't create the request at all, just call completion with an error

Purchases/Networking/RCHTTPClient.m Outdated

Comment on lines 92 to 97

+                  if (!urlRequest) {
+                      RCErrorLog(@"Could not create request to %@ with body %@", path, requestBody);
+                      completionHandler(-1,
+                                        nil,
+                                        [RCPurchasesErrorUtils networkErrorWithUnderlyingError:RCPurchasesErrorUtils.unknownError]);
+                  }

Member Author

aboedo Dec 4, 2020

there might be a nicer-looking way of doing this. But this is the essence of the PR

aboedo marked this pull request as ready for review

December 7, 2020 17:04

aboedo commented

View reviewed changes

Purchases/Networking/RCHTTPClient.m

Comment on lines -82 to -90

-                  [self assertIsValidRequestWithMethod:httpMethod body:requestBody];
-                  NSMutableDictionary *defaultHeaders = self.defaultHeaders.mutableCopy;
-                  [defaultHeaders addEntriesFromDictionary:headers];
-                  NSMutableURLRequest *urlRequest = [self createRequestWithMethod:httpMethod
-                                                                             path:path
-                                                                      requestBody:requestBody
-                                                                          headers:defaultHeaders];

Member Author

aboedo Dec 7, 2020

moved some of these checks to happen earlier in the flow, since if they fail then the method doesn't actually do anything

aboedo requested a review from vegaro

December 7, 2020 17:04

aboedo added this to the 3.9.2 milestone

vegaro approved these changes

View reviewed changes

Contributor

vegaro left a comment

No more killed pandas

aboedo added 6 commits

December 17, 2020 10:57


          prevents POST requests when the JSON body couldn't be correctly formed

6dfc811


          ensured that the next request happens even if the current one had a p…

47d0c1b

…arsing error


          fixed syntax error, moved early exit to first thing in the method

a5c11a7


          cleanup, added more tests

97cc29a


          reverted unneeded method extract in RCHTTPClient

09456a2


          added test to ensure that the http call is never made if the body can…

e658c27

…'t be parsed into JSON

aboedo force-pushed the fix/posts_with_empty_body branch from 3f55c9d to e658c27 Compare

December 17, 2020 13:57

aboedo added 2 commits

December 17, 2020 10:58


          fixed indentation, added nullability specifier

5bd7cd7


          more indentation fixes

c118a45

aboedo merged commit a3c4d6d into develop

aboedo deleted the fix/posts_with_empty_body branch

December 17, 2020 14:07

aboedo mentioned this pull request

version 3.9.2 #423

Merged

aboedo mentioned this pull request

Release: 3.12.0 #648

Merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment