Malformed JSON gets 400

2019-05-29 10:31:26 +01:00 · 2019-05-29 10:31:26 +01:00 · d93212320b
commit d93212320b
--- a/django_kepi/views.py
+++ b/django_kepi/views.py
@ -292,6 +292,16 @@ class InboxView(django.views.View):
                ]:
            return HttpResponse(
                    status = 415, # unsupported media type
+                    reason = 'Try application/activity+json',
+                    )
+
+        try:
+            decoded_body = json.loads(
+                    str(request.body, encoding='UTF-8'))
+        except json.decoder.JSONDecodeError:
+            return HttpResponse(
+                    status = 415, # unsupported media type
+                    reason = 'Invalid JSON',
                    )

        capture = django_kepi.validation.IncomingMessage(
@ -300,7 +310,7 @@ class InboxView(django.views.View):
                path = request.path,
                signature = request.META['HTTP_SIGNATURE'],
                content_type = request.META['CONTENT_TYPE'],
-                body = str(request.body, encoding='UTF-8'),
+                body = str(decoded_body)
                )
        capture.save()
        logger.debug('%s: received %s with headers %s at %s -- now validating',
--- a/tests/test_inbox.py
+++ b/tests/test_inbox.py
@ -54,7 +54,6 @@ class TestInbox(TestCase):
        self._post_to_inbox(INBOX_PATH)

    def test_non_json(self):
-
        keys = json.load(open('tests/keys/keys-0001.json', 'r'))

        body, headers = test_message_body_and_headers(
@ -84,35 +83,28 @@ class TestInbox(TestCase):
    @httpretty.activate
    def test_malformed_json(self):

-        HUMAN_URL = 'https://users.example.com/my-dame'
-        ANIMAL_URL = 'https://animals.example.com/a-lame-tame-crane'
+        keys = json.load(open('tests/keys/keys-0001.json', 'r'))

-        mock_remote_object(HUMAN_URL, ftype='Person')
-        mock_remote_object(ANIMAL_URL, ftype='Person')
+        body, headers = test_message_body_and_headers(
+                f_actor = REMOTE_FRED,
+                secret = keys['private'],
+                )
+
+        broken_json = json.dumps(body)[1:]

        c = Client()
-
-        c.post('/sharedInbox',
-                content_type = 'application/activity+json',
-                data = {
-                    "id": "https://example.net/hello-world",
-                    "actor": HUMAN_URL,
-                    "object": ANIMAL_URL,
-                    "type": "Like",
-                    },
+        result = c.post(
+                path = INBOX_PATH,
+                content_type = headers['content-type'],
+                data = broken_json,
+                HTTP_DATE = headers['date'],
+                HOST = headers['host'],
+                HTTP_SIGNATURE = headers['signature'],
                )
-        return

-        self.assertTrue(
-                IncomingMessage.objects.all().exists())
-
-        IncomingMessage.objects.all().delete()
-
-        text = text[1:] # remove leading {, so the JSON is invalid
-
-        c.post('/sharedInbox',
-                content_type = 'application/activity+json',
-                data = text,
+        self.assertEqual(
+                result.status_code,
+                415, # unsupported media type
                )

        self.assertFalse(