Merge pull request #15 from akreisman-epam/fix-content-type-with-charset-header-check

Fix response content type header check when content type header contains charset substring

Author: yherasym-hw

CHANGELOG.rst

@@ -1,12 +1,17 @@
 Changelog
 =========
 
+1.2.1 (2019-01-17)
+------------------
+
+- FIX: Resolved issue with restricted "Accept" & "Content-Type" headers to support only "application/json" or "application/jose+json"
+
 1.2.0 (2018-12-20)
 ------------------
 
 - Restricted “Accept” & “Content-Type” headers to support only “application/json” or “application/jose+json”
 - Related resources “relatedResources” in error representation is added
-- Added Authentication token endpoint 
+- Added Authentication token endpoint
 
 1.1.4 (2018-12-04)
 ------------------

hyperwallet/__init__.py

@@ -6,7 +6,7 @@
 __email__           = 'devsupport@hyperwallet.com'
 __copyright__       = 'Copyright (c) 2018 Hyperwallet'
 __license__         = 'MIT'
-__version__         = '1.2.0'
+__version__         = '1.2.1'
 __url__             = 'https://github.com/hyperwallet/python-sdk'
 __download_url__    = 'https://pypi.python.org/pypi/hyperwallet-sdk'
 __description__     = 'A Python wrapper around the Hyperwallet API'

hyperwallet/tests/test_client.py

@@ -3,10 +3,12 @@
 import mock
 import json
 import unittest
+import os.path
 
 from hyperwallet.utils import ApiClient
 from hyperwallet.config import SERVER
 from hyperwallet.exceptions import HyperwalletAPIException
+from hyperwallet.utils.encryption import Encryption
 
 
 class ApiClientTest(unittest.TestCase):
@@ -19,6 +21,17 @@ def setUp(self):
             SERVER
         )
 
+        localDir = os.path.abspath(os.path.dirname(__file__))
+        clientPath = os.path.join(localDir, 'resources', 'private-jwkset1')
+        hyperwalletPath = os.path.join(localDir, 'resources', 'public-jwkset1')
+
+        self.clientWithEncryption = ApiClient(
+            'test-user',
+            'test-pass',
+            SERVER,
+            {'clientPrivateKeySetLocation': clientPath, 'hyperwalletKeySetLocation': hyperwalletPath}
+        )
+
     def test_failed_connection(self):
 
         with self.assertRaises(HyperwalletAPIException) as exc:
@@ -120,6 +133,173 @@ def test_receive_valid_json_response(self, session_mock):
             json.loads(encoded)
         )
 
+    @mock.patch('requests.Session.request')
+    def test_request_with_encryption_successful(self, session_mock):
+
+        data = {
+            'key': 'value'
+        }
+
+        localDir = os.path.abspath(os.path.dirname(__file__))
+        clientPath = os.path.join(localDir, 'resources', 'private-jwkset1')
+        hyperwalletPath = os.path.join(localDir, 'resources', 'public-jwkset1')
+        encryption = Encryption(clientPath, hyperwalletPath)
+        encryptedMessage = encryption.encrypt(json.dumps(data))
+
+        session_mock.return_value = mock.MagicMock(
+            status_code=200,
+            content=encryptedMessage,
+            headers={
+                "Content-Type": "application/jose+json"
+            }
+        )
+
+        encoded = json.dumps(data)
+        if hasattr(encoded, 'decode'):  # Python 2
+            encoded = encoded.decode('utf-8')
+
+        self.assertEqual(
+            self.clientWithEncryption._makeRequest(),
+            json.loads(encoded)
+        )
+
+    @mock.patch('requests.Session.request')
+    def test_request_with_encryption_when_content_type_contains_charset(self, session_mock):
+
+        data = {
+            'key': 'value'
+        }
+
+        localDir = os.path.abspath(os.path.dirname(__file__))
+        clientPath = os.path.join(localDir, 'resources', 'private-jwkset1')
+        hyperwalletPath = os.path.join(localDir, 'resources', 'public-jwkset1')
+        encryption = Encryption(clientPath, hyperwalletPath)
+        encryptedMessage = encryption.encrypt(json.dumps(data))
+
+        session_mock.return_value = mock.MagicMock(
+            status_code=200,
+            content=encryptedMessage,
+            headers={
+                "Content-Type": "application/jose+json;charset=utf-8"
+            }
+        )
+
+        encoded = json.dumps(data)
+        if hasattr(encoded, 'decode'):  # Python 2
+            encoded = encoded.decode('utf-8')
+
+        self.assertEqual(
+            self.clientWithEncryption._makeRequest(),
+            json.loads(encoded)
+        )
+
+    @mock.patch('requests.Session.request')
+    def test_request_with_encryption_when_content_type_contains_charset_ahead(self, session_mock):
+
+        data = {
+            'key': 'value'
+        }
+
+        localDir = os.path.abspath(os.path.dirname(__file__))
+        clientPath = os.path.join(localDir, 'resources', 'private-jwkset1')
+        hyperwalletPath = os.path.join(localDir, 'resources', 'public-jwkset1')
+        encryption = Encryption(clientPath, hyperwalletPath)
+        encryptedMessage = encryption.encrypt(json.dumps(data))
+
+        session_mock.return_value = mock.MagicMock(
+            status_code=200,
+            content=encryptedMessage,
+            headers={
+                "Content-Type": "charset=utf-8;application/jose+json"
+            }
+        )
+
+        encoded = json.dumps(data)
+        if hasattr(encoded, 'decode'):  # Python 2
+            encoded = encoded.decode('utf-8')
+
+        self.assertEqual(
+            self.clientWithEncryption._makeRequest(),
+            json.loads(encoded)
+        )
+
+    @mock.patch('requests.Session.request')
+    def test_request_with_encryption_when_response_content_type_is_not_valid(self, session_mock):
+
+        data = {
+            'key': 'value'
+        }
+
+        localDir = os.path.abspath(os.path.dirname(__file__))
+        clientPath = os.path.join(localDir, 'resources', 'private-jwkset1')
+        hyperwalletPath = os.path.join(localDir, 'resources', 'public-jwkset1')
+        encryption = Encryption(clientPath, hyperwalletPath)
+        encryptedMessage = encryption.encrypt(json.dumps(data))
+
+        session_mock.return_value = mock.MagicMock(
+            status_code=200,
+            content=encryptedMessage,
+            headers={
+                "Content-Type": "wrongContentType"
+            }
+        )
+
+        with self.assertRaises(HyperwalletAPIException) as exc:
+            self.clientWithEncryption._makeRequest()
+
+        self.assertEqual(
+            exc.exception.message,
+            'Invalid Content-Type specified in Response Header'
+        )
+
+    @mock.patch('requests.Session.request')
+    def test_receive_valid_json_response_when_content_type_contains_charset(self, session_mock):
+
+        data = {
+            'key': 'value'
+        }
+
+        session_mock.return_value = mock.MagicMock(
+            status_code=200,
+            content=json.dumps(data),
+            headers={
+                "Content-Type": "application/json;charset=utf-8"
+            }
+        )
+
+        encoded = json.dumps(data)
+        if hasattr(encoded, 'decode'):  # Python 2
+            encoded = encoded.decode('utf-8')
+
+        self.assertEqual(
+            self.client._makeRequest(),
+            json.loads(encoded)
+        )
+
+    @mock.patch('requests.Session.request')
+    def test_receive_valid_json_response_when_content_type_starts_with_charset(self, session_mock):
+
+        data = {
+            'key': 'value'
+        }
+
+        session_mock.return_value = mock.MagicMock(
+            status_code=200,
+            content=json.dumps(data),
+            headers={
+                "Content-Type": "charset=utf-8;application/json"
+            }
+        )
+
+        encoded = json.dumps(data)
+        if hasattr(encoded, 'decode'):  # Python 2
+            encoded = encoded.decode('utf-8')
+
+        self.assertEqual(
+            self.client._makeRequest(),
+            json.loads(encoded)
+        )
+
     @mock.patch('requests.Session.request')
     def test_receive_json_error_response_when_content_type_is_not_valid(self, session_mock):
 

hyperwallet/utils/apiclient.py

@@ -204,7 +204,7 @@ def __checkResponseHeaderContentType(self, response):
         '''
 
         contentType = response.headers['Content-Type']
-        if (not self.encrypted and contentType != 'application/json') or (self.encrypted and contentType != 'application/jose+json'):
+        if (not self.encrypted and 'application/json' not in contentType) or (self.encrypted and 'application/jose+json' not in contentType):
             raise HyperwalletAPIException('Invalid Content-Type specified in Response Header')
 
     def __getRequestData(self, data):