Bug #6774
closedReceive HTTP 500 after issuing HTTP POST with non-JSON request body
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1122257
Description of problem:
Issuing an HTTP POST request to (thus far) absolutely any URL results in an HTTP 500 error. This occurs when credentials are not supplied with the request.
- apr-util-ldap-1.3.9-3.el6_0.1.x86_64
- candlepin-0.9.21-1.el6.noarch
- candlepin-selinux-0.9.21-1.el6.noarch
- candlepin-tomcat6-0.9.21-1.el6.noarch
- elasticsearch-0.90.10-4.el6.noarch
- foreman-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
- foreman-compute-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
- foreman-gce-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
- foreman-libvirt-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
- foreman-ovirt-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
- foreman-postgresql-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
- foreman-proxy-1.6.0-0.develop.201407211449git2cba606.el6.noarch
- foreman-release-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
- foreman-selinux-1.6.0-0.develop.201406261522git5532684.el6.noarch
- foreman-vmware-1.6.0-0.develop.201407211519git93f6f75.el6.noarch
- katello-1.5.0-14.201407211524gitddbde13.el6.noarch
- katello-ca-1.0-1.noarch
- katello-certs-tools-1.5.2-1.git.1.edab2c4.el6.noarch
- katello-installer-0.0.19-1.201407162131gitb142720.el6.noarch
- katello-repos-1.5.1-1.git.14.0868bd1.el6.noarch
- openldap-2.4.23-31.el6.x86_64
- pulp-katello-0.3-3.el6.noarch
- pulp-nodes-common-2.4.0-0.24.beta.el6.noarch
- pulp-nodes-parent-2.4.0-0.24.beta.el6.noarch
- pulp-puppet-plugins-2.4.0-0.24.beta.el6.noarch
- pulp-puppet-tools-2.4.0-0.24.beta.el6.noarch
- pulp-rpm-plugins-2.4.0-0.24.beta.el6.noarch
- pulp-selinux-2.4.0-0.24.beta.el6.noarch
- pulp-server-2.4.0-0.24.beta.el6.noarch
- python-ldap-2.3.10-1.el6.x86_64
- ruby193-rubygem-net-ldap-0.3.1-2.el6.noarch
- ruby193-rubygem-runcible-1.1.0-1.el6.noarch
How reproducible:
100%
Steps to Reproduce:
1. Issue an HTTP POST request to any URL, and do not provide credentials.
2. Examine the status code of the response.
3. See an HTTP 500. :(
Actual results:
HTTP 500
Expected results:
HTTP 401
Additional info:
Relevant test code can be seen here: https://github.com/omaciel/robottelo/blob/master/tests/foreman/api/test_multiple_paths.py#L130-L154
Pull request #1068 will cause the code to move. If it is accepted, you can find the test code here instead: https://github.com/omaciel/robottelo/blob/master/tests/foreman/api/test_multiple_paths.py#L96-L120
Updated by Dominic Cleal about 10 years ago
- Category set to API
- Assignee deleted (
Dominic Cleal)
I've only reproduced this on an EL6 installation, so it might be partially dependent on the versions of RPMs versus a source install.
Simple reproducer:
curl -d "null" -H "Content-type: application/json" -k http://foreman-el6.example.com/api/v2/hosts
The following error is logged in production.log:
NoMethodError (undefined method `each' for nil:NilClass): lib/middleware/catch_json_parse_errors.rb:9:in `call'
A similar issue occurs if you provide invalid JSON:
curl -d "{'foo" -H "Content-type: application/json" -k http://foreman-el6.example.com/api/v2/hosts
MultiJson::LoadError (784: unexpected token at '{'foo'): lib/middleware/catch_json_parse_errors.rb:9:in `call'
Updated by The Foreman Bot over 9 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2074 added
- Pull request deleted (
)
Updated by Tom Caspy over 9 years ago
just a correction to the ticket description: the expected result should be 400 (bad request), not 401 (unauthorised)
Updated by Tom Caspy over 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 44dbdbc3b5d9bba1a3e81825abc4430a7f99d753.
Updated by Dominic Cleal over 9 years ago
- Translation missing: en.field_release set to 28