Skip to content

Commit

Permalink
Silently ignore content on APIs that don't require it
Browse files Browse the repository at this point in the history
Signed-off-by: Daniel Widdis <[email protected]>
  • Loading branch information
dbwiddis committed Apr 2, 2024
1 parent 28cf793 commit 0793954
Show file tree
Hide file tree
Showing 10 changed files with 23 additions and 100 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,11 @@ protected BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest request
RestStatus.FORBIDDEN
);
}
// Validate content
if (request.hasContent()) {
// BaseRestHandler will give appropriate error message
return channel -> channel.sendResponse(null);
}

// Always consume content to silently ignore it
// https://github.com/opensearch-project/flow-framework/issues/578
request.content();

// Validate params
if (workflowId == null) {
throw new FlowFrameworkException("workflow_id cannot be null", RestStatus.BAD_REQUEST);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,11 @@ protected BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest request
RestStatus.FORBIDDEN
);
}
// Validate content
if (request.hasContent()) {
throw new FlowFrameworkException("deprovision request should have no payload", RestStatus.BAD_REQUEST);
}

// Always consume content to silently ignore it
// https://github.com/opensearch-project/flow-framework/issues/578
request.content();

// Validate params
if (workflowId == null) {
throw new FlowFrameworkException("workflow_id cannot be null", RestStatus.BAD_REQUEST);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,11 @@ protected BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest request
RestStatus.FORBIDDEN
);
}
// Validate content
if (request.hasContent()) {
// BaseRestHandler will give appropriate error message
return channel -> channel.sendResponse(null);
}

// Always consume content to silently ignore it
// https://github.com/opensearch-project/flow-framework/issues/578
request.content();

// Validate params
if (workflowId == null) {
throw new FlowFrameworkException("workflow_id cannot be null", RestStatus.BAD_REQUEST);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,10 @@ protected BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest request
);
}

// Validate content
if (request.hasContent()) {
// BaseRestHandler will give appropriate error message
return channel -> channel.sendResponse(null);
}
// Always consume content to silently ignore it
// https://github.com/opensearch-project/flow-framework/issues/578
request.content();

// Validate params
if (workflowId == null) {
throw new FlowFrameworkException("workflow_id cannot be null", RestStatus.BAD_REQUEST);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,10 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
);
}

// Always consume content to silently ignore it
// https://github.com/opensearch-project/flow-framework/issues/578
request.content();

Map<String, String> params = request.hasParam(WORKFLOW_STEP)
? Map.of(WORKFLOW_STEP, request.param(WORKFLOW_STEP))
: Collections.emptyMap();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,7 @@
package org.opensearch.flowframework.rest;

import org.opensearch.client.node.NodeClient;
import org.opensearch.core.common.bytes.BytesArray;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.core.xcontent.MediaTypeRegistry;
import org.opensearch.flowframework.common.FlowFrameworkSettings;
import org.opensearch.rest.RestHandler;
import org.opensearch.rest.RestRequest;
Expand Down Expand Up @@ -55,19 +53,6 @@ public void testRestDeleteWorkflowActionRoutes() {
assertEquals(this.getPath, routes.get(0).getPath());
}

public void testInvalidRequestWithContent() {
RestRequest request = new FakeRestRequest.Builder(xContentRegistry()).withMethod(RestRequest.Method.DELETE)
.withPath(this.getPath)
.withContent(new BytesArray("request body"), MediaTypeRegistry.JSON)
.build();

FakeRestChannel channel = new FakeRestChannel(request, false, 1);
IllegalArgumentException ex = expectThrows(IllegalArgumentException.class, () -> {
restDeleteWorkflowAction.handleRequest(request, channel, nodeClient);
});
assertEquals("request [DELETE /_plugins/_flow_framework/workflow/{workflow_id}] does not support having a body", ex.getMessage());
}

public void testNullWorkflowId() throws Exception {

// Request with no params
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,7 @@
package org.opensearch.flowframework.rest;

import org.opensearch.client.node.NodeClient;
import org.opensearch.core.common.bytes.BytesArray;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.core.xcontent.MediaTypeRegistry;
import org.opensearch.flowframework.common.FlowFrameworkSettings;
import org.opensearch.rest.RestHandler.Route;
import org.opensearch.rest.RestRequest;
Expand Down Expand Up @@ -71,22 +69,6 @@ public void testNullWorkflowId() throws Exception {
assertTrue(channel.capturedResponse().content().utf8ToString().contains("workflow_id cannot be null"));
}

public void testInvalidRequestWithContent() {
RestRequest request = new FakeRestRequest.Builder(xContentRegistry()).withMethod(RestRequest.Method.POST)
.withPath(this.deprovisionWorkflowPath)
.withContent(new BytesArray("request body"), MediaTypeRegistry.JSON)
.build();

FakeRestChannel channel = new FakeRestChannel(request, false, 1);
IllegalArgumentException ex = expectThrows(IllegalArgumentException.class, () -> {
deprovisionWorkflowRestAction.handleRequest(request, channel, nodeClient);
});
assertEquals(
"request [POST /_plugins/_flow_framework/workflow/{workflow_id}/_deprovision] does not support having a body",
ex.getMessage()
);
}

public void testFeatureFlagNotEnabled() throws Exception {
when(flowFrameworkFeatureEnabledSetting.isFlowFrameworkEnabled()).thenReturn(false);
RestRequest request = new FakeRestRequest.Builder(xContentRegistry()).withMethod(RestRequest.Method.POST)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,7 @@
package org.opensearch.flowframework.rest;

import org.opensearch.client.node.NodeClient;
import org.opensearch.core.common.bytes.BytesArray;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.core.xcontent.MediaTypeRegistry;
import org.opensearch.flowframework.common.FlowFrameworkSettings;
import org.opensearch.rest.RestHandler;
import org.opensearch.rest.RestRequest;
Expand Down Expand Up @@ -55,19 +53,6 @@ public void testRestGetWorkflowActionRoutes() {
assertEquals(this.getPath, routes.get(0).getPath());
}

public void testInvalidRequestWithContent() {
RestRequest request = new FakeRestRequest.Builder(xContentRegistry()).withMethod(RestRequest.Method.GET)
.withPath(this.getPath)
.withContent(new BytesArray("request body"), MediaTypeRegistry.JSON)
.build();

FakeRestChannel channel = new FakeRestChannel(request, false, 1);
IllegalArgumentException ex = expectThrows(IllegalArgumentException.class, () -> {
restGetWorkflowAction.handleRequest(request, channel, nodeClient);
});
assertEquals("request [GET /_plugins/_flow_framework/workflow/{workflow_id}] does not support having a body", ex.getMessage());
}

public void testNullWorkflowId() throws Exception {

// Request with no params
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,7 @@
package org.opensearch.flowframework.rest;

import org.opensearch.client.node.NodeClient;
import org.opensearch.core.common.bytes.BytesArray;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.core.xcontent.MediaTypeRegistry;
import org.opensearch.flowframework.common.FlowFrameworkSettings;
import org.opensearch.rest.RestHandler;
import org.opensearch.rest.RestRequest;
Expand Down Expand Up @@ -75,22 +73,6 @@ public void testNullWorkflowId() throws Exception {
assertTrue(channel.capturedResponse().content().utf8ToString().contains("workflow_id cannot be null"));
}

public void testInvalidRequestWithContent() {
RestRequest request = new FakeRestRequest.Builder(xContentRegistry()).withMethod(RestRequest.Method.GET)
.withPath(this.getPath)
.withContent(new BytesArray("request body"), MediaTypeRegistry.JSON)
.build();

FakeRestChannel channel = new FakeRestChannel(request, false, 1);
IllegalArgumentException ex = expectThrows(IllegalArgumentException.class, () -> {
restGetWorkflowStateAction.handleRequest(request, channel, nodeClient);
});
assertEquals(
"request [GET /_plugins/_flow_framework/workflow/{workflow_id}/_status] does not support having a body",
ex.getMessage()
);
}

public void testFeatureFlagNotEnabled() throws Exception {
when(flowFrameworkFeatureEnabledSetting.isFlowFrameworkEnabled()).thenReturn(false);
RestRequest request = new FakeRestRequest.Builder(xContentRegistry()).withMethod(RestRequest.Method.GET)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,7 @@
import org.opensearch.client.Client;
import org.opensearch.client.node.NodeClient;
import org.opensearch.core.action.ActionListener;
import org.opensearch.core.common.bytes.BytesArray;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.core.xcontent.MediaTypeRegistry;
import org.opensearch.flowframework.common.FlowFrameworkSettings;
import org.opensearch.flowframework.exception.FlowFrameworkException;
import org.opensearch.flowframework.indices.FlowFrameworkIndicesHandler;
Expand Down Expand Up @@ -85,19 +83,6 @@ public void testRestGetWorkflowStepActionRoutes() {
assertEquals(this.getPath, routes.get(0).getPath());
}

public void testInvalidRequestWithContent() {
RestRequest request = new FakeRestRequest.Builder(xContentRegistry()).withMethod(RestRequest.Method.GET)
.withPath(this.getPath)
.withContent(new BytesArray("request body"), MediaTypeRegistry.JSON)
.build();

FakeRestChannel channel = new FakeRestChannel(request, false, 1);
IllegalArgumentException ex = expectThrows(IllegalArgumentException.class, () -> {
restGetWorkflowStepAction.handleRequest(request, channel, nodeClient);
});
assertEquals("request [GET /_plugins/_flow_framework/workflow/_steps] does not support having a body", ex.getMessage());
}

public void testWorkflowSteps() throws Exception {
RestRequest request = new FakeRestRequest.Builder(xContentRegistry()).withMethod(RestRequest.Method.GET)
.withPath(this.getPath + "?workflow_step=create_connector")
Expand Down

0 comments on commit 0793954

Please sign in to comment.