Skip to content

Fix erroneous requests due to HTTP-specific settings #497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 27, 2020
Merged

Fix erroneous requests due to HTTP-specific settings #497

merged 4 commits into from
Mar 27, 2020

Conversation

scottinet
Copy link
Contributor

@scottinet scottinet commented Mar 26, 2020
edited
Loading

Description

The new verb HTTP specific option was handled by the SDK controllers, impacting all protocols, including WebSocket and MQTT

Impacted routes: document:mGet and security:mGetUsers
Those 2 routes send the ids argument to Kuzzle as a string, instead sending it as an array.

Fortunately, Kuzzle makes no difference between requests sent using HTTP or WebSocket or any other protocol, and it sanitizes the request in such a way that this bug is invisible to common users.

But documents aren't sanitized the same way when the API route is invoked by a plugin. And when that happens, the two routes mentioned earlier make any plugin invoking them crash.

This PR removes any specificities from the SDK controllers and, instead, makes the HTTP protocol handle the new verb option itself.

To do that, it simply converts any body object provided to a querystring if the selected API route uses the GET method. The conversion code was already there, it just needed a small fix when converting arrays (that conversion was never used before).

Other changes

  • Dependencies update
  • Migrate the deprecate mocha.opts file to .mocharc.json
  • Fix documentation deadlinks

How to reproduce

Create a small plugin, and invoke document:mGet using this.context.sdk.document.mGet

The following error ensues: Wrong type for argument "ids" (expected: array)

@scottinet scottinet self-assigned this Mar 26, 2020
@codecov
Copy link

codecov bot commented Mar 26, 2020
edited
Loading

Codecov Report

Merging #497 into master will increase coverage by 0.21%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #497      +/-   ##
==========================================
+ Coverage   95.57%   95.79%   +0.21%     
==========================================
  Files          32       32              
  Lines        1312     1308       -4     
==========================================
- Hits         1254     1253       -1     
+ Misses         58       55       -3
Impacted Files Coverage Δ
src/Kuzzle.js 94.04% <ø> (ø)
src/controllers/document.js 95.23% <ø> (-0.22%) ⬇️
src/controllers/security/index.js 97.08% <ø> (+2.08%) ⬆️
src/protocols/http.js 90.90% <100.00%> (+0.11%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3d1e7c0...3fe5964. Read the comment docs.

@Aschen Aschen merged commit 696d418 into master Mar 27, 2020
@Aschen Aschen deleted the fix-http-specific-params branch March 27, 2020 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rolljee rolljee rolljee approved these changes

+1 more reviewer

@Aschen Aschen Aschen approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@scottinet scottinet

Labels

changelog:bug-fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@scottinet @Aschen @rolljee