Bug #6774

Receive HTTP 500 after issuing HTTP POST with non-JSON request body

Added by Dominic Cleal about 8 years ago. Updated about 4 years ago.

Target version:
Bugzilla link:
Fixed in Releases:
Found in Releases:


Cloned from
Description of problem:
Issuing an HTTP POST request to (thus far) absolutely any URL results in an HTTP 500 error. This occurs when credentials are not supplied with the request.

Version-Release number of selected component (if applicable):
  • apr-util-ldap-1.3.9-3.el6_0.1.x86_64
  • candlepin-0.9.21-1.el6.noarch
  • candlepin-selinux-0.9.21-1.el6.noarch
  • candlepin-tomcat6-0.9.21-1.el6.noarch
  • elasticsearch-0.90.10-4.el6.noarch
  • foreman-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
  • foreman-compute-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
  • foreman-gce-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
  • foreman-libvirt-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
  • foreman-ovirt-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
  • foreman-postgresql-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
  • foreman-proxy-1.6.0-0.develop.201407211449git2cba606.el6.noarch
  • foreman-release-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
  • foreman-selinux-1.6.0-0.develop.201406261522git5532684.el6.noarch
  • foreman-vmware-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
  • katello-1.5.0-14.201407211524gitddbde13.el6.noarch
  • katello-ca-1.0-1.noarch
  • katello-certs-tools-1.5.2-1.git.1.edab2c4.el6.noarch
  • katello-installer-0.0.19-1.201407162131gitb142720.el6.noarch
  • katello-repos-1.5.1-1.git.14.0868bd1.el6.noarch
  • openldap-2.4.23-31.el6.x86_64
  • pulp-katello-0.3-3.el6.noarch
  • pulp-nodes-common-2.4.0-0.24.beta.el6.noarch
  • pulp-nodes-parent-2.4.0-0.24.beta.el6.noarch
  • pulp-puppet-plugins-2.4.0-0.24.beta.el6.noarch
  • pulp-puppet-tools-2.4.0-0.24.beta.el6.noarch
  • pulp-rpm-plugins-2.4.0-0.24.beta.el6.noarch
  • pulp-selinux-2.4.0-0.24.beta.el6.noarch
  • pulp-server-2.4.0-0.24.beta.el6.noarch
  • python-ldap-2.3.10-1.el6.x86_64
  • ruby193-rubygem-net-ldap-0.3.1-2.el6.noarch
  • ruby193-rubygem-runcible-1.1.0-1.el6.noarch

How reproducible:

Steps to Reproduce:
1. Issue an HTTP POST request to any URL, and do not provide credentials.
2. Examine the status code of the response.
3. See an HTTP 500. :(

Actual results:
HTTP 500

Expected results:
HTTP 401

Additional info:
Relevant test code can be seen here:

Pull request #1068 will cause the code to move. If it is accepted, you can find the test code here instead:

Associated revisions

Revision 44dbdbc3 (diff)
Added by Tom Caspy over 7 years ago

fixes #6774 - in case of parsing of non json or broken json, return 400


#1 Updated by Dominic Cleal about 8 years ago

  • Category set to API
  • Assignee deleted (Dominic Cleal)

I've only reproduced this on an EL6 installation, so it might be partially dependent on the versions of RPMs versus a source install.

Simple reproducer:
curl -d "null" -H "Content-type: application/json" -k

The following error is logged in production.log:

NoMethodError (undefined method `each' for nil:NilClass):
  lib/middleware/catch_json_parse_errors.rb:9:in `call'

A similar issue occurs if you provide invalid JSON:
curl -d "{'foo" -H "Content-type: application/json" -k

MultiJson::LoadError (784: unexpected token at '{'foo'):
  lib/middleware/catch_json_parse_errors.rb:9:in `call'

#2 Updated by Tom Caspy over 7 years ago

  • Assignee set to Tom Caspy

#3 Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request added
  • Pull request deleted ()

#4 Updated by Tom Caspy over 7 years ago

just a correction to the ticket description: the expected result should be 400 (bad request), not 401 (unauthorised)

#5 Updated by Tom Caspy over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#6 Updated by Dominic Cleal over 7 years ago

  • Legacy Backlogs Release (now unused) set to 28

Also available in: Atom PDF