Fix request Content-Type header checking in servers

CHANGELOG.next.toml

@@ -9,4 +9,17 @@
 # message = "Fix typos in module documentation for generated crates"
 # references = ["smithy-rs#920"]
 # meta = { "breaking" = false, "tada" = false, "bug" = false, "target" = "client | server | all"}
-# author = "rcoh"
+# author = "rcoh"
+[[smithy-rs]]
+message = """Fix request `Content-Type` header checking
+
+Two bugs related to how servers were checking the `Content-Type` header in incoming requests have been fixed:
+
+1. `Content-Type` header checking was incorrectly succeeding when no `Content-Type` header was present but one was expected.
+2. When a shape was @httpPayload`-bound, `Content-Type` header checking occurred even when no payload was being sent. In this case it is not necessary to check the header, since there is no content.
+
+This is a breaking change in that servers are now stricter at enforcing the expected `Content-Type` header is being sent by the client in general, and laxer when the shape is bound with `@httpPayload`.
+"""
+references = ["smithy-rs#3690"]
+meta = { "breaking" = true, "tada" = false, "bug" = true, "target" = "server"}
+author = "david-perez"

codegen-client-test/build.gradle.kts

@@ -67,7 +67,16 @@ val allCodegenTests = listOf(
     ClientTest(
         "aws.protocoltests.restjson#RestJsonExtras",
         "rest_json_extras",
-        dependsOn = listOf("rest-json-extras.smithy"),
+        dependsOn = listOf(
+            "rest-json-extras.smithy",
+            // TODO(https://github.com/smithy-lang/smithy/pull/2310): Can be deleted when consumed in next Smithy version.
+            "rest-json-extras-2310.smithy",
+            // TODO(https://github.com/smithy-lang/smithy/pull/2314): Can be deleted when consumed in next Smithy version.
+            "rest-json-extras-2314.smithy",
+            // TODO(https://github.com/smithy-lang/smithy/pull/2315): Can be deleted when consumed in next Smithy version.
+            // TODO(https://github.com/smithy-lang/smithy/pull/2331): Can be deleted when consumed in next Smithy version.
+            "rest-json-extras-2315.smithy",
+        ),
     ),
     ClientTest("aws.protocoltests.misc#MiscService", "misc", dependsOn = listOf("misc.smithy")),
     ClientTest("aws.protocoltests.restxml#RestXml", "rest_xml", addMessageToErrors = false),

codegen-core/common-test-models/rest-json-extras-2310.smithy

@@ -0,0 +1,35 @@
+$version: "1.0"
+
+namespace aws.protocoltests.restjson
+
+use aws.protocols#restJson1
+use smithy.test#httpMalformedRequestTests
+
+@http(method: "POST", uri: "/MalformedContentTypeWithBody")
+operation MalformedContentTypeWithBody2 {
+    input: GreetingStruct
+}
+
+structure GreetingStruct {
+    salutation: String,
+}
+
+apply MalformedContentTypeWithBody2 @httpMalformedRequestTests([
+    {
+        id: "RestJsonWithBodyExpectsApplicationJsonContentTypeNoHeaders",
+        documentation: "When there is modeled input, the content type must be application/json",
+        protocol: restJson1,
+        request: {
+            method: "POST",
+            uri: "/MalformedContentTypeWithBody",
+            body: "{}",
+        },
+        response: {
+            code: 415,
+            headers: {
+                "x-amzn-errortype": "UnsupportedMediaTypeException"
+            }
+        },
+        tags: [ "content-type" ]
+    }
+])

codegen-core/common-test-models/rest-json-extras-2314.smithy

@@ -0,0 +1,39 @@
+$version: "1.0"
+
+namespace aws.protocoltests.restjson
+
+use aws.protocols#restJson1
+use smithy.test#httpRequestTests
+
+/// This example serializes a blob shape in the payload.
+///
+/// In this example, no JSON document is synthesized because the payload is
+/// not a structure or a union type.
+@http(uri: "/HttpPayloadTraits", method: "POST")
+operation HttpPayloadTraits2 {
+    input: HttpPayloadTraitsInputOutput,
+    output: HttpPayloadTraitsInputOutput
+}
+
+apply HttpPayloadTraits2 @httpRequestTests([
+    {
+        id: "RestJsonHttpPayloadTraitsWithBlobAcceptsNoContentType",
+        documentation: """
+            Servers must accept no content type for blob inputs
+            without the media type trait.""",
+        protocol: restJson1,
+        method: "POST",
+        uri: "/HttpPayloadTraits",
+        body: "This is definitely a jpeg",
+        bodyMediaType: "application/octet-stream",
+        headers: {
+            "X-Foo": "Foo",
+        },
+        params: {
+            foo: "Foo",
+            blob: "This is definitely a jpeg"
+        },
+        appliesTo: "server",
+        tags: [ "content-type" ]
+    }
+])

codegen-core/common-test-models/rest-json-extras-2315.smithy

@@ -0,0 +1,133 @@
+$version: "2.0"
+
+namespace aws.protocoltests.restjson
+
+use smithy.test#httpRequestTests
+use smithy.test#httpResponseTests
+use smithy.test#httpMalformedRequestTests
+use smithy.framework#ValidationException
+
+@http(uri: "/EnumPayload2", method: "POST")
+@httpRequestTests([
+    {
+        id: "RestJsonEnumPayloadRequest2",
+        uri: "/EnumPayload2",
+        headers: { "Content-Type": "text/plain" },
+        body: "enumvalue",
+        params: { payload: "enumvalue" },
+        method: "POST",
+        protocol: "aws.protocols#restJson1"
+    }
+])
+@httpResponseTests([
+    {
+        id: "RestJsonEnumPayloadResponse2",
+        headers: { "Content-Type": "text/plain" },
+        body: "enumvalue",
+        params: { payload: "enumvalue" },
+        protocol: "aws.protocols#restJson1",
+        code: 200
+    }
+])
+operation HttpEnumPayload2 {
+    input: EnumPayloadInput,
+    output: EnumPayloadInput
+    errors: [ValidationException]
+}
+
+@http(uri: "/StringPayload2", method: "POST")
+@httpRequestTests([
+    {
+        id: "RestJsonStringPayloadRequest2",
+        uri: "/StringPayload2",
+        body: "rawstring",
+        bodyMediaType: "text/plain",
+        headers: {
+            "Content-Type": "text/plain",
+        },
+        requireHeaders: [
+            "Content-Length"
+        ],
+        params: { payload: "rawstring" },
+        method: "POST",
+        protocol: "aws.protocols#restJson1"
+    }
+])
+@httpResponseTests([
+    {
+        id: "RestJsonStringPayloadResponse2",
+        headers: { "Content-Type": "text/plain" },
+        body: "rawstring",
+        bodyMediaType: "text/plain",
+        params: { payload: "rawstring" },
+        protocol: "aws.protocols#restJson1",
+        code: 200
+    }
+])
+@httpMalformedRequestTests([
+    {
+        id: "RestJsonStringPayloadNoContentType2",
+        documentation: "Serializes a string in the HTTP payload without a content-type header",
+        protocol: "aws.protocols#restJson1",
+        request: {
+            method: "POST",
+            uri: "/StringPayload2",
+            body: "rawstring",
+            // We expect a `Content-Type` header but none was provided.
+        },
+        response: {
+            code: 415,
+            headers: {
+                "x-amzn-errortype": "UnsupportedMediaTypeException"
+            }
+        },
+        tags: [ "content-type" ]
+    },
+    {
+        id: "RestJsonStringPayloadWrongContentType2",
+        documentation: "Serializes a string in the HTTP payload without the expected content-type header",
+        protocol: "aws.protocols#restJson1",
+        request: {
+            method: "POST",
+            uri: "/StringPayload2",
+            body: "rawstring",
+            headers: {
+                // We expect `text/plain`.
+                "Content-Type": "application/json",
+            },
+        },
+        response: {
+            code: 415,
+            headers: {
+                "x-amzn-errortype": "UnsupportedMediaTypeException"
+            }
+        },
+        tags: [ "content-type" ]
+    },
+    {
+        id: "RestJsonStringPayloadUnsatisfiableAccept2",
+        documentation: "Serializes a string in the HTTP payload with an unstatisfiable accept header",
+        protocol: "aws.protocols#restJson1",
+        request: {
+            method: "POST",
+            uri: "/StringPayload2",
+            body: "rawstring",
+            headers: {
+                "Content-Type": "text/plain",
+                // We can't satisfy this requirement; the server will return `text/plain`.
+                "Accept": "application/json",
+            },
+        },
+        response: {
+            code: 406,
+            headers: {
+                "x-amzn-errortype": "NotAcceptableException"
+            }
+        },
+        tags: [ "accept" ]
+    },
+])
+operation HttpStringPayload2 {
+    input: StringPayloadInput,
+    output: StringPayloadInput
+}

codegen-core/common-test-models/rest-json-extras.smithy

@@ -66,6 +66,13 @@ service RestJsonExtras {
         CaseInsensitiveErrorOperation,
         EmptyStructWithContentOnWireOp,
         QueryPrecedence,
+        // TODO(https://github.com/smithy-lang/smithy/pull/2314)
+        HttpPayloadTraits2,
+        // TODO(https://github.com/smithy-lang/smithy/pull/2310)
+        MalformedContentTypeWithBody2,
+        // TODO(https://github.com/smithy-lang/smithy/pull/2315)
+        HttpEnumPayload2,
+        HttpStringPayload2,
     ],
     errors: [ExtraError]
 }
@@ -101,6 +108,7 @@ structure ExtraError {}
         id: "StringPayload",
         uri: "/StringPayload",
         body: "rawstring",
+        headers: { "Content-Type": "text/plain" },
         params: { payload: "rawstring" },
         method: "POST",
         protocol: "aws.protocols#restJson1"

codegen-server-test/build.gradle.kts

@@ -64,7 +64,16 @@ val allCodegenTests = "../codegen-core/common-test-models".let { commonModels ->
         CodegenTest(
             "aws.protocoltests.restjson#RestJsonExtras",
             "rest_json_extras",
-            imports = listOf("$commonModels/rest-json-extras.smithy"),
+            imports = listOf(
+                "$commonModels/rest-json-extras.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2310): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2310.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2314): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2314.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2315): Can be deleted when consumed in next Smithy version.
+                // TODO(https://github.com/smithy-lang/smithy/pull/2331): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2315.smithy",
+            ),
         ),
         CodegenTest(
             "aws.protocoltests.restjson.validation#RestJsonValidation",

codegen-server-test/python/build.gradle.kts

@@ -61,7 +61,15 @@ val allCodegenTests = "../../codegen-core/common-test-models".let { commonModels
         CodegenTest(
             "aws.protocoltests.restjson#RestJsonExtras",
             "rest_json_extras",
-            imports = listOf("$commonModels/rest-json-extras.smithy"),
+            imports = listOf(
+                "$commonModels/rest-json-extras.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2310): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2310.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2314): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2314.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2315): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2315.smithy",
+            ),
         ),
         // TODO(https://github.com/smithy-lang/smithy-rs/issues/2477)
         // CodegenTest(

codegen-server/python/src/test/kotlin/software/amazon/smithy/rust/codegen/server/python/smithy/generators/PythonServerTypesTest.kt

@@ -130,6 +130,7 @@ internal class PythonServerTypesTest {
                     let req = Request::builder()
                         .method("POST")
                         .uri("/echo")
+                        .header("content-type", "application/json")
                         .body(Body::from(${payload.dq()}))
                         .unwrap();
 
@@ -222,6 +223,7 @@ internal class PythonServerTypesTest {
                 let req = Request::builder()
                     .method("POST")
                     .uri("/echo")
+                    .header("content-type", "application/json")
                     .body(Body::from("{\"value\":1676298520}"))
                     .unwrap();
                 let res = service.call(req).await.unwrap();

codegen-server/src/main/kotlin/software/amazon/smithy/rust/codegen/server/smithy/generators/protocol/ServerProtocolTestGenerator.kt

@@ -812,6 +812,9 @@ class ServerProtocolTestGenerator(
                 FailingTest(REST_JSON, "RestJsonEndpointTrait", TestType.Request),
                 FailingTest(REST_JSON, "RestJsonEndpointTraitWithHostLabel", TestType.Request),
                 FailingTest(REST_JSON, "RestJsonOmitsEmptyListQueryValues", TestType.Request),
+                // TODO(https://github.com/smithy-lang/smithy/pull/2315): Can be deleted when fixed tests are consumed in next Smithy version
+                FailingTest(REST_JSON, "RestJsonEnumPayloadRequest", TestType.Request),
+                FailingTest(REST_JSON, "RestJsonStringPayloadRequest", TestType.Request),
                 // Tests involving `@range` on floats.
                 // Pending resolution from the Smithy team, see https://github.com/smithy-lang/smithy-rs/issues/2007.
                 FailingTest(REST_JSON_VALIDATION, "RestJsonMalformedRangeFloat_case0", TestType.MalformedRequest),