Merge remote-tracking branch 'remotes/origin/master' into ja_20190822_1440_infinispan_query_cache

This commit is contained in:
Ken Stevens 2019-09-05 15:59:45 -04:00
commit bc821a7060
4 changed files with 28 additions and 10 deletions

View File

@ -157,9 +157,6 @@ public class ResourceParameter implements IParameter {
} }
} }
if (isBlank(ctValue)) { if (isBlank(ctValue)) {
/*
* If the client didn't send a content type, try to guess
*/
String body; String body;
try { try {
body = IOUtils.toString(requestReader); body = IOUtils.toString(requestReader);
@ -170,12 +167,9 @@ public class ResourceParameter implements IParameter {
if (isBlank(body)) { if (isBlank(body)) {
return null; return null;
} }
encoding = EncodingEnum.detectEncodingNoDefault(body);
if (encoding == null) { String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "noContentTypeInRequest", restOperationType);
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "noContentTypeInRequest", restOperationType); throw new InvalidRequestException(msg);
throw new InvalidRequestException(msg);
}
requestReader = new InputStreamReader(new ByteArrayInputStream(theRequest.loadRequestContents()), charset);
} else { } else {
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "invalidContentTypeInRequest", ctValue, restOperationType); String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "invalidContentTypeInRequest", ctValue, restOperationType);
throw new InvalidRequestException(msg); throw new InvalidRequestException(msg);

View File

@ -77,6 +77,23 @@ public class CreateR4Test {
} }
@Test
public void testCreateFailsIfNoContentTypeProvided() throws Exception {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity("{\"resourceType\":\"Patient\", \"id\":\"999\", \"status\":\"active\"}", (ContentType) null));
try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
String responseContent = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
ourLog.info("Response was:\n{}", responseContent);
assertEquals(400, status.getStatusLine().getStatusCode());
assertThat(responseContent, containsString("No Content-Type header was provided in the request. This is required for \\\"CREATE\\\" operation"));
}
}
/** /**
* #472 * #472
*/ */

View File

@ -232,9 +232,9 @@ public class OperationGenericServer2R4Test {
HttpGet httpPost = new HttpGet("http://localhost:" + myPort + "/Patient/123/$OP_INSTANCE"); HttpGet httpPost = new HttpGet("http://localhost:" + myPort + "/Patient/123/$OP_INSTANCE");
try (CloseableHttpResponse status = ourClient.execute(httpPost)) { try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
assertEquals(200, status.getStatusLine().getStatusCode());
String response = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8); String response = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
ourLog.info(response); ourLog.info(response);
assertEquals(200, status.getStatusLine().getStatusCode());
status.getEntity().getContent().close(); status.getEntity().getContent().close();
assertEquals("123", ourLastId.getIdPart()); assertEquals("123", ourLastId.getIdPart());

View File

@ -110,6 +110,13 @@
A note has been added to the downloads page explaning the removal of the hapi-fhir-utilities A note has been added to the downloads page explaning the removal of the hapi-fhir-utilities
module. Thanks to Andrew Fitzgerald for the PR! module. Thanks to Andrew Fitzgerald for the PR!
</action> </action>
<action type="change">
REST servers will no longer try to guess the content type for HTTP requests where a body
is provided but no Content-Type header is included. These requests are invalid, and will now
result in an HTTP 400. This change corrects an error where some interceptors (notably
the RequestValidatingInterceptor, but not including any HAPI FHIR security interceptors)
could be bypassed if a Content Type was not included.
</action>
</release> </release>
<release version="4.0.1" date="2019-09-03" description="Igloo (Point Release)"> <release version="4.0.1" date="2019-09-03" description="Igloo (Point Release)">
<action type="fix"> <action type="fix">