Skip to content

Commit

Permalink
Detect content type correctly if raised any low level errors\n
Browse files Browse the repository at this point in the history
If Rack level errors raise, content type of the request couldn't be detected correctly. Basically there are two types of errors might happen in Rack level, Rack::Utils::ParameterTypeError and Rack::Utils::InvalidParameterError.\n
Passing query parameters like `x[y]=1&x[y]z=2` and `foo%81E=1` will raise the Rack level errors and the content type couldn't be detected correctly.
  • Loading branch information
hamedrnik committed Jun 15, 2016
1 parent 864568d commit b69cce5
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@

#### Fixes

* [#1427](https://github.com/ruby-grape/grape/pull/1427): Detect content type in case of raising Rack level errors - [@iCEAGE](https://github.com/iCEAGE)
* [#1405](https://github.com/ruby-grape/grape/pull/1405): Fix priority of `rescue_from` clauses applying - [@hedgesky](https://github.com/hedgesky).
* [#1365](https://github.com/ruby-grape/grape/pull/1365): Fix finding exception handler in error middleware - [@ktimothy](https://github.com/ktimothy).
* [#1380](https://github.com/ruby-grape/grape/pull/1380): Fix `allow_blank: false` for `Time` attributes with valid values causes `NoMethodError` - [@ipkes](https://github.com/ipkes).
Expand Down
7 changes: 6 additions & 1 deletion lib/grape/middleware/formatter.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
require 'grape/middleware/base'
require 'rack/utils'

module Grape
module Middleware
Expand Down Expand Up @@ -139,7 +140,11 @@ def format_from_extension
end

def format_from_params
fmt = Rack::Utils.parse_nested_query(env[Grape::Http::Headers::QUERY_STRING])[Grape::Http::Headers::FORMAT]
fmt = begin
Rack::Utils.parse_nested_query(env[Grape::Http::Headers::QUERY_STRING])[Grape::Http::Headers::FORMAT]
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError
nil
end
# avoid symbol memory leak on an unknown format
return fmt.to_sym if content_type_for(fmt)
fmt
Expand Down
18 changes: 18 additions & 0 deletions spec/grape/middleware/formatter_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,24 @@ def to_xml
expect(subject.env['api.format']).to eq(:json)
end

it 'uses the requested format with invalid parameter type if provided in headers' do
_, headers, = subject.call(
'PATH_INFO' => '/info',
'QUERY_STRING' => 'id=12&id[]=12',
'HTTP_ACCEPT' => 'application/json'
)
expect(headers['Content-type']).to eq('application/json')
end

it 'uses the requested format with invalid byte sequence in UTF-8 if provided in headers' do
_, headers, = subject.call(
'PATH_INFO' => '/info',
'QUERY_STRING' => 'foo%81E=1',
'HTTP_ACCEPT' => 'application/json'
)
expect(headers['Content-type']).to eq('application/json')
end

it 'handles quality rankings mixed with nothing' do
subject.call('PATH_INFO' => '/info', 'HTTP_ACCEPT' => 'application/json,application/xml; q=1.0')
expect(subject.env['api.format']).to eq(:xml)
Expand Down

0 comments on commit b69cce5

Please sign in to comment.