Merge pull request mevdschee#333 from saraf/master

mevdschee · web-flow · commit 0b8eeee07a90 · 2018-01-24T07:22:04.000+01:00
Correct 400 response to malformed json in POST
diff --git a/api.php b/api.php
@@ -1270,6 +1270,15 @@ protected function exitWith404($type) {
 		}
 	}
 
+	protected function exitWith400($type) {
+		if (isset($_SERVER['REQUEST_METHOD'])) {
+			header('Content-Type:',true,400);
+			die("The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications. ($type)");
+		} else {
+			throw new \Exception("Bad request ($type)");
+		}
+	}
+
 	protected function exitWith422($object) {
 		if (isset($_SERVER['REQUEST_METHOD'])) {
 			header('Content-Type:',true,422);
@@ -1684,6 +1693,11 @@ protected function retrieveInputs($data) {
 			$input = false;
 		} else if ($data[0]=='{' || $data[0]=='[') {
 			$input = json_decode($data);
+			$causeCode = json_last_error();
+			if ($causeCode !== JSON_ERROR_NONE) {
+				$errorString = "Error decoding input JSON. json_last_error code: " . $causeCode;
+				$this->exitWith400($errorString);
+			}
 		} else {
 			parse_str($data, $input);
 			foreach ($input as $key => $value) {
diff --git a/tests/Api.php b/tests/Api.php
@@ -138,4 +138,22 @@ public function expect($output, $error=false)
         }
         return $this;
     }
+
+    public function expectPattern($expectedOutputPattern, $expectedErrorPattern) {
+        $exception = false;
+        ob_start();
+        try {
+            $this->api->executeCommand();
+        } catch (\Exception $e) {
+            $exception = $e->getMessage();
+        }
+        $outputData = ob_get_contents();
+        ob_end_clean();
+        if ($exception) {
+            $this->test->assertRegExp($expectedErrorPattern, $exception);
+        } else {
+            $this->test->assertRegExp($expectedOutputPattern, $outputData);
+        }
+        return $this;
+    }
 }
diff --git a/tests/Tests.php b/tests/Tests.php
@@ -290,7 +290,7 @@ public function testErrorOnInvalidJson()
     {
         $test = new Api($this);
         $test->post('/posts', '{"}');
-        $test->expect(false, 'Not found (input)');
+        $test->expectPattern(false, '/^Bad request.*$/');
     }
 
     public function testErrorOnDuplicatePrimaryKey()

Original file line number	Diff line number	Diff line change
`@@ -290,7 +290,7 @@ public function testErrorOnInvalidJson()`
`290`	`290`	`{`
`291`	`291`	`$test = new Api($this);`
`292`	`292`	`$test->post('/posts', '{"}');`
`293`		`- $test->expect(false, 'Not found (input)');`
	`293`	`+ $test->expectPattern(false, '/^Bad request.*$/');`
`294`	`294`	`}`
`295`	`295`
`296`	`296`	`public function testErrorOnDuplicatePrimaryKey()`