Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed parsing for zero content length response #812

Closed
wants to merge 7 commits into from
Closed

Fixed parsing for zero content length response #812

wants to merge 7 commits into from

Conversation

infohash
Copy link
Contributor

@infohash infohash commented May 6, 2022

The content-type in the header is optional when the payload has zero content length. See, Should Content-Type header be present when the message body is empty?.

This happens when the request to IdP is made for revoking tokens. In that case, IdP returns a 200 OK status code with no body and no Content-Type in the response header.

See, About the revoke request.

Revoking a token that is invalid, expired, or already revoked returns a 200 OK status code to prevent any information leaks.

To parse responses with zero content length, just check if the value of content-length is 0 and return the status code if it does.

@codecov-commenter
Copy link

codecov-commenter commented May 6, 2022
edited
Loading

Codecov Report

Merging #812 (9bfbd75) into master (62c7318) will increase coverage by 0.12%.
The diff coverage is 60.00%.

❗ Current head 9bfbd75 differs from pull request most recent head a90a2c0. Consider uploading reports for the commit a90a2c0 to get more accurate results

@@            Coverage Diff             @@
##           master     #812      +/-   ##
==========================================
+ Coverage   63.72%   63.84%   +0.12%     
==========================================
  Files          64       64              
  Lines       11856    11860       +4     
  Branches     2411     2413       +2     
==========================================
+ Hits         7555     7572      +17     
+ Misses       3703     3686      -17     
- Partials      598      602       +4
Impacted Files Coverage Δ
src/oic/oauth2/util.py 71.66% <50.00%> (+0.48%) ⬆️
src/oic/oauth2/__init__.py 69.69% <66.66%> (+0.40%) ⬆️
src/oic/extension/client.py 46.57% <0.00%> (+7.53%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 62c7318...a90a2c0. Read the comment docs.

tpazderka
tpazderka requested changes May 6, 2022
View reviewed changes
Copy link
Collaborator

@tpazderka tpazderka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new code should be covered by tests.

@infohash infohash requested a review from tpazderka May 6, 2022 19:01
tpazderka
tpazderka requested changes May 10, 2022
View reviewed changes
Copy link
Collaborator

@tpazderka tpazderka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tests should be unittests, so you should write a test for parse_request_response and verify_header functions that cover the changes introduced here.

@infohash infohash requested a review from tpazderka May 10, 2022 17:04
@infohash
Copy link
Contributor Author

@tpazderka Awaiting review.

@tpazderka tpazderka closed this in 6e2ab71 May 12, 2022
@infohash
Copy link
Contributor Author

infohash commented May 12, 2022
edited
Loading

When will be the new version released? zamzterz/Flask-pyoidc/#801 depends on it.

@infohash infohash deleted the bugfix/zero-content-length branch May 22, 2022 06:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpazderka tpazderka tpazderka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@infohash @codecov-commenter @tpazderka