Merge pull request #11 from akreisman-epam/content-type-header-check

Peter Joseph Olamit · web-flow · commit dbd6cca6d018 · 2018-12-14T11:12:56.000-08:00
Check hyperwallet client response content type
diff --git a/hyperwallet/tests/test_client.py b/hyperwallet/tests/test_client.py
@@ -45,7 +45,10 @@ def test_receive_non_json_response(self, session_mock):
 
         session_mock.return_value = mock.MagicMock(
             status_code=404,
-            content=data
+            content=data,
+            headers={
+                "Content-Type": "application/json"
+            }
         )
 
         with self.assertRaises(HyperwalletAPIException) as exc:
@@ -70,7 +73,10 @@ def test_receive_valid_json_error_response(self, session_mock):
 
         session_mock.return_value = mock.MagicMock(
             status_code=400,
-            content=json.dumps(data)
+            content=json.dumps(data),
+            headers={
+                "Content-Type": "application/json"
+            }
         )
 
         with self.assertRaises(HyperwalletAPIException) as exc:
@@ -100,7 +106,10 @@ def test_receive_valid_json_response(self, session_mock):
 
         session_mock.return_value = mock.MagicMock(
             status_code=200,
-            content=json.dumps(data)
+            content=json.dumps(data),
+            headers={
+                "Content-Type": "application/json"
+            }
         )
 
         encoded = json.dumps(data)
@@ -112,6 +121,29 @@ def test_receive_valid_json_response(self, session_mock):
             json.loads(encoded)
         )
 
+    @mock.patch('requests.Session.request')
+    def test_receive_json_error_response_when_content_type_is_not_valid(self, session_mock):
+
+        data = {
+            'key': 'value'
+        }
+
+        session_mock.return_value = mock.MagicMock(
+            status_code=200,
+            content=json.dumps(data),
+            headers={
+                "Content-Type": "wrongContentType"
+            }
+        )
+
+        with self.assertRaises(HyperwalletAPIException) as exc:
+            self.client._makeRequest()
+
+        self.assertEqual(
+            exc.exception.message,
+            'Invalid Content-Type specified in Response Header'
+        )
+
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/hyperwallet/utils/apiclient.py b/hyperwallet/utils/apiclient.py
@@ -41,7 +41,7 @@ def __init__(self, username, password, server, encryptionData=None):
         # Hyperwallet SDK.
         self.baseHeaders = {
             'User-Agent': 'Hyperwallet Python SDK v{}'.format(__version__),
-            'Accept': 'application/json',
+            'Accept': 'application/jose+json' if self.encrypted else 'application/json',
             'Content-Type': 'application/jose+json' if self.encrypted else 'application/json'
         }
 
@@ -113,6 +113,8 @@ def _makeRequest(self,
         if response.status_code is 204:
             return {}
 
+        self.__checkResponseHeaderContentType(response)
+
         content = response.content
         if hasattr(content, 'decode'):  # Python 2
             content = content.decode('utf-8')
@@ -193,6 +195,20 @@ def doPut(self, partialUrl, data):
             data=json.dumps(data).encode('utf-8')
         )
 
+    def __checkResponseHeaderContentType(self, response):
+        '''
+        Check response header Content-Type.
+
+        :param response:
+            Response to be checked. **REQUIRED**
+        '''
+
+        if response is None:
+            return
+        contentType = response.headers['Content-Type']
+        if (not self.encrypted and contentType != 'application/json') or (self.encrypted and contentType != 'application/jose+json'):
+            raise HyperwalletAPIException('Invalid Content-Type specified in Response Header')
+
     def __getRequestData(self, data):
         '''
         If encryption is enabled try to encrypt request data, otherwise no action required.
