Skip to content

Fix response content type header check when content type header contains charset substring #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jan 17, 2019
Merged

Fix response content type header check when content type header contains charset substring #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f0e3a62
Merge pull request #3 from hyperwallet/master
akreisman-epam Jan 8, 2019
3cefaae
Fix response content type header check when content type header conta…
aseveryn-hw Jan 8, 2019
cd5980a
Update version to 1.0.2 in changelog
aseveryn-hw Jan 16, 2019
9875dad
Update version to 1.1.0 in changelog
aseveryn-hw Jan 17, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
Changelog
=========
1.0.1 (current)
1.1.0 (current)
-------------------

1.0.1 (2019-01-17)
-------------------
- FIX: Resolved issue with restricted "Accept" & "Content-Type" headers to support only "application/json" or "application/jose+json"

1.0.0 (2018-12-21)
-------------------
Expand Down
53 changes: 37 additions & 16 deletions src/utils/ApiClient.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ export default class ApiClient {
if (this.isEncrypted) {
contentType = "application/jose+json";
accept = "application/jose+json";
this.createJoseJsonParser();
requestDataPromise = this.encryption.encrypt(data);
}
requestDataPromise.then((requestData) => {
Expand Down Expand Up @@ -120,6 +121,7 @@ export default class ApiClient {
if (this.isEncrypted) {
contentType = "application/jose+json";
accept = "application/jose+json";
this.createJoseJsonParser();
requestDataPromise = this.encryption.encrypt(data);
}
requestDataPromise.then((requestData) => {
Expand Down Expand Up @@ -148,6 +150,7 @@ export default class ApiClient {
if (this.isEncrypted) {
contentType = "application/jose+json";
accept = "application/jose+json";
this.createJoseJsonParser();
}
request
.get(`${this.server}/rest/v3/${partialUrl}`)
Expand All @@ -170,14 +173,15 @@ export default class ApiClient {
*/
wrapCallback(httpMethod, callback = () => null) {
return (err, res) => {
if (res && ((!this.isEncrypted && res.type !== "application/json") || (this.isEncrypted && res.type !== "application/jose+json"))) {
if (res && res.header && ((!this.isEncrypted && res.header["content-type"].indexOf("application/json") === -1) ||
(this.isEncrypted && res.header["content-type"].indexOf("application/jose+json") === -1))) {
callback([{
message: "Invalid Content-Type specified in Response Header",
}], res ? res.body : undefined, res);
return;
}
if (this.isEncrypted) {
this.processEncryptedResponse(httpMethod, err, res, callback);
this.processEncryptedResponse(httpMethod, err, res.body, callback);
} else {
this.processNonEncryptedResponse(err, res, callback);
}
Expand Down Expand Up @@ -222,20 +226,37 @@ export default class ApiClient {
* @private
*/
processEncryptedResponse(httpMethod, err, res, callback) {
if (!err) {
let responseBody = res.rawResponse ? res.rawResponse : res.text;
try {
responseBody = this.encryption.base64Encode(JSON.parse(res.text));
} catch (e) {
// nothing to do
}
this.encryption.decrypt(responseBody)
.then((decryptedData) => {
callback(undefined, JSON.parse(decryptedData.payload.toString()), decryptedData);
})
.catch(() => callback(`Failed to decrypt response for ${httpMethod} request`, responseBody, responseBody));
} else {
this.processNonEncryptedResponse(err, res, callback);
if (!res) {
callback("Try to decrypt empty response body", undefined, undefined);
}
this.encryption.decrypt(res)
.then((decryptedData) => {
const responseBody = JSON.parse(decryptedData.payload.toString());
if (responseBody.errors) {
const responseWithErrors = {};
responseWithErrors.body = responseBody;
this.processNonEncryptedResponse(responseBody, responseWithErrors, callback);
} else {
callback(undefined, responseBody, decryptedData);
}
})
.catch(() => callback(`Failed to decrypt response for ${httpMethod} request`, res, res));
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why are we passing res parameter 2 times?

Copy link
Contributor Author

@akreisman-epam akreisman-epam Jan 11, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For convension in callback we use 1st parameter for error, 2nd parameter for response body and 3rd parameter for entire response. As this part of code is inside processEncryptedResponse method res parameter is actually the response body, so in that case we could pass 3rd parameter as undefined, but I suppose that in that case we can pass response body(res) as the 3rd response parameter

}

/**
* Creates response body parser for application/jose+json content-type
*
* @private
*/
createJoseJsonParser() {
request.parse["application/jose+json"] = (res, callback) => {
let data = "";
res.on("data", (chunk) => {
data += chunk;
});
res.on("end", () => {
callback(null, data);
});
};
}
}
Loading