Skip to content

Commit

Permalink
api: ensure all request body decode error return a 400 status code. (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
jrasell authored Nov 18, 2022
1 parent 329807b commit c495cd9
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 7 deletions.
3 changes: 3 additions & 0 deletions .changelog/15252.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
api: Ensure all request body decode errors return a 400 status code
```
6 changes: 3 additions & 3 deletions command/agent/acl_endpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func (s *HTTPServer) aclPolicyUpdate(resp http.ResponseWriter, req *http.Request
// Parse the policy
var policy structs.ACLPolicy
if err := decodeBody(req, &policy); err != nil {
return nil, CodedError(500, err.Error())
return nil, CodedError(http.StatusBadRequest, err.Error())
}

// Ensure the policy name matches
Expand Down Expand Up @@ -244,7 +244,7 @@ func (s *HTTPServer) aclTokenUpdate(resp http.ResponseWriter, req *http.Request,
// Parse the token
var token structs.ACLToken
if err := decodeBody(req, &token); err != nil {
return nil, CodedError(500, err.Error())
return nil, CodedError(http.StatusBadRequest, err.Error())
}

// Ensure the token accessor matches
Expand Down Expand Up @@ -311,7 +311,7 @@ func (s *HTTPServer) ExchangeOneTimeToken(resp http.ResponseWriter, req *http.Re

var args structs.OneTimeTokenExchangeRequest
if err := decodeBody(req, &args); err != nil {
return nil, CodedError(500, err.Error())
return nil, CodedError(http.StatusBadRequest, err.Error())
}

s.parseWriteRequest(req, &args.WriteRequest)
Expand Down
6 changes: 3 additions & 3 deletions command/agent/agent_endpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -509,17 +509,17 @@ func (s *HTTPServer) KeyringOperationRequest(resp http.ResponseWriter, req *http
sresp, err = kmgr.ListKeys()
case "install":
if err := decodeBody(req, &args); err != nil {
return nil, CodedError(500, err.Error())
return nil, CodedError(http.StatusBadRequest, err.Error())
}
sresp, err = kmgr.InstallKey(args.Key)
case "use":
if err := decodeBody(req, &args); err != nil {
return nil, CodedError(500, err.Error())
return nil, CodedError(http.StatusBadRequest, err.Error())
}
sresp, err = kmgr.UseKey(args.Key)
case "remove":
if err := decodeBody(req, &args); err != nil {
return nil, CodedError(500, err.Error())
return nil, CodedError(http.StatusBadRequest, err.Error())
}
sresp, err = kmgr.RemoveKey(args.Key)
default:
Expand Down
2 changes: 1 addition & 1 deletion command/agent/namespace_endpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ func (s *HTTPServer) namespaceUpdate(resp http.ResponseWriter, req *http.Request
// Parse the namespace
var namespace structs.Namespace
if err := decodeBody(req, &namespace); err != nil {
return nil, CodedError(500, err.Error())
return nil, CodedError(http.StatusBadRequest, err.Error())
}

// Ensure the namespace name matches
Expand Down

0 comments on commit c495cd9

Please sign in to comment.