fix: Internal Server Error on Empty PUT /identities/id body (#2417)

ory · Apr 26, 2022 · 5a50231 · 5a50231
1 parent ca1dab8
commit 5a50231
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/identity/handler.go b/identity/handler.go
@@ -17,6 +17,7 @@ import (
 	"github.com/julienschmidt/httprouter"
 	"github.com/pkg/errors"
 
+	"github.com/ory/x/decoderx"
 	"github.com/ory/x/jsonx"
 	"github.com/ory/x/sqlxx"
 	"github.com/ory/x/urlx"
@@ -42,7 +43,8 @@ type (
 		IdentityHandler() *Handler
 	}
 	Handler struct {
-		r handlerDependencies
+		r  handlerDependencies
+		dx *decoderx.HTTP
 	}
 )
 
@@ -51,7 +53,10 @@ func (h *Handler) Config(ctx context.Context) *config.Config {
 }
 
 func NewHandler(r handlerDependencies) *Handler {
-	return &Handler{r: r}
+	return &Handler{
+		r:  r,
+		dx: decoderx.NewHTTP(),
+	}
 }
 
 func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) {
@@ -435,7 +440,8 @@ type AdminUpdateIdentityBody struct {
 //       500: jsonError
 func (h *Handler) update(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	var ur AdminUpdateIdentityBody
-	if err := errors.WithStack(jsonx.NewStrictDecoder(r.Body).Decode(&ur)); err != nil {
+	if err := h.dx.Decode(r, &ur,
+		decoderx.HTTPJSONDecoder()); err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
 	}

diff --git a/identity/handler_test.go b/identity/handler_test.go
@@ -73,7 +73,9 @@ func TestHandler(t *testing.T) {
 
 	var send = func(t *testing.T, base *httptest.Server, method, href string, expectCode int, send interface{}) gjson.Result {
 		var b bytes.Buffer
-		require.NoError(t, json.NewEncoder(&b).Encode(send))
+		if send != nil {
+			require.NoError(t, json.NewEncoder(&b).Encode(send))
+		}
 		req, err := http.NewRequest(method, base.URL+href, &b)
 		require.NoError(t, err)
 		req.Header.Set("Content-Type", "application/json")
@@ -673,6 +675,22 @@ func TestHandler(t *testing.T) {
 		}
 	})
 
+	t.Run("case=should fail to update identity if input json is empty or json file does not exist", func(t *testing.T) {
+		for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} {
+			t.Run("endpoint="+name, func(t *testing.T) {
+				var cr identity.AdminCreateIdentityBody
+				cr.SchemaID = "employee"
+				cr.Traits = []byte(`{"email":"` + x.NewUUID().String() + `@ory.sh", "department": "ory"}`)
+				res := send(t, ts, "POST", "/identities", http.StatusCreated, &cr)
+
+				id := res.Get("id").String()
+				res = send(t, ts, "PUT", "/identities/"+id, http.StatusBadRequest, nil)
+				assert.Contains(t, res.Get("error.reason").String(), `Unable to decode HTTP Request Body because its HTTP `+
+					`Header "Content-Length" is zero`, "%s", res.Raw)
+			})
+		}
+	})
+
 	t.Run("case=should list all identities", func(t *testing.T) {
 		for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} {
 			t.Run("endpoint="+name, func(t *testing.T) {