pub/aiohttp-pydantic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent internal server error when receiving a JSON request body with non-object top-level structure (#9)

Browse Source 
Prevent internal server error when receiving a JSON request body with non-object top-level structure
This commit is contained in:
Daan de Ruiter 2021-03-05 21:46:13 +01:00 committed by GitHub
parent c6b979dcaf
commit 81d4e93a1d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 75 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
aiohttp_pydantic/__init__.py
View File

@ -1,5 +1,5 @@
from .view import PydanticView from .view import PydanticView
__version__ = "1.7.2" __version__ = "1.8.0"
__all__ = ("PydanticView", "__version__") __all__ = ("PydanticView", "__version__")

12
aiohttp_pydantic/injectors.py
View File

@ -61,6 +61,7 @@ class BodyGetter(AbstractInjector):
def __init__(self, args_spec: dict, default_values: dict): def __init__(self, args_spec: dict, default_values: dict):
self.arg_name, self.model = next(iter(args_spec.items())) self.arg_name, self.model = next(iter(args_spec.items()))
self._expect_object = self.model.schema()["type"] == "object"
async def inject(self, request: BaseRequest, args_view: list, kwargs_view: dict): async def inject(self, request: BaseRequest, args_view: list, kwargs_view: dict):
try: try:
@ -70,7 +71,16 @@ class BodyGetter(AbstractInjector):
text='{"error": "Malformed JSON"}', content_type="application/json" text='{"error": "Malformed JSON"}', content_type="application/json"
) from None ) from None
kwargs_view[self.arg_name] = self.model(**body) # Pydantic tries to cast certain structures, such as a list of 2-tuples,
# to a dict. Prevent this by requiring the body to be a dict for object models.
if self._expect_object and not isinstance(body, dict):
raise HTTPBadRequest(
text='[{"in": "body", "loc": ["__root__"], "msg": "value is not a '
'valid dict", "type": "type_error.dict"}]',
content_type="application/json",
) from None
kwargs_view[self.arg_name] = self.model.parse_obj(body)
class QueryGetter(AbstractInjector): class QueryGetter(AbstractInjector):

64
tests/test_validation_body.py
View File

@ -1,4 +1,4 @@
from typing import Optional from typing import Iterator, List, Optional
from aiohttp import web from aiohttp import web
from pydantic import BaseModel from pydantic import BaseModel
@ -11,10 +11,20 @@ class ArticleModel(BaseModel):
nb_page: Optional[int] nb_page: Optional[int]
class ArticleModels(BaseModel):
__root__: List[ArticleModel]
def __iter__(self) -> Iterator[ArticleModel]:
return iter(self.__root__)
class ArticleView(PydanticView): class ArticleView(PydanticView):
async def post(self, article: ArticleModel): async def post(self, article: ArticleModel):
return web.json_response(article.dict()) return web.json_response(article.dict())
async def put(self, articles: ArticleModels):
return web.json_response([article.dict() for article in articles])
async def test_post_an_article_without_required_field_should_return_an_error_message( async def test_post_an_article_without_required_field_should_return_an_error_message(
aiohttp_client, loop aiohttp_client, loop
@ -56,6 +66,58 @@ async def test_post_an_article_with_wrong_type_field_should_return_an_error_mess
] ]
async def test_post_an_array_json_is_supported(aiohttp_client, loop):
app = web.Application()
app.router.add_view("/article", ArticleView)
client = await aiohttp_client(app)
body = [{"name": "foo", "nb_page": 3}] * 2
resp = await client.put("/article", json=body)
assert resp.status == 200
assert resp.content_type == "application/json"
assert await resp.json() == body
async def test_post_an_array_json_to_an_object_model_should_return_an_error(
aiohttp_client, loop
):
app = web.Application()
app.router.add_view("/article", ArticleView)
client = await aiohttp_client(app)
resp = await client.post("/article", json=[{"name": "foo", "nb_page": 3}])
assert resp.status == 400
assert resp.content_type == "application/json"
assert await resp.json() == [
{
"in": "body",
"loc": ["__root__"],
"msg": "value is not a valid dict",
"type": "type_error.dict",
}
]
async def test_post_an_object_json_to_a_list_model_should_return_an_error(
aiohttp_client, loop
):
app = web.Application()
app.router.add_view("/article", ArticleView)
client = await aiohttp_client(app)
resp = await client.put("/article", json={"name": "foo", "nb_page": 3})
assert resp.status == 400
assert resp.content_type == "application/json"
assert await resp.json() == [
{
"in": "body",
"loc": ["__root__"],
"msg": "value is not a valid list",
"type": "type_error.list",
}
]
async def test_post_a_valid_article_should_return_the_parsed_type(aiohttp_client, loop): async def test_post_a_valid_article_should_return_the_parsed_type(aiohttp_client, loop):
app = web.Application() app = web.Application()
app.router.add_view("/article", ArticleView) app.router.add_view("/article", ArticleView)