Fix request Content-Type header checking in servers

david-perez · david-perez · commit a6f39fb5851f · 2024-06-11T18:31:49.000+02:00
This fixes two bugs:

1. `Content-Type` header checking was succeeding when no `Content-Type`
   header was present but one was expected.
2. When a shape was @httpPayload`-bound, `Content-Type` header checking
   occurred even when no payload was being sent. In this case it is not
   necessary to check the header, since there is no content.

Code has been refactored and cleaned up. The crux of the logic is now
easier to understand, and contained in `content_type_header_classifier`.
diff --git a/CHANGELOG.next.toml b/CHANGELOG.next.toml
@@ -10,3 +10,16 @@
 # references = ["smithy-rs#920"]
 # meta = { "breaking" = false, "tada" = false, "bug" = false, "target" = "client | server | all"}
 # author = "rcoh"
+[[smithy-rs]]
+message = """Fix request `Content-Type` header checking
+
+Two bugs related to how servers were checking the `Content-Type` header in incoming requests have been fixed:
+
+1. `Content-Type` header checking was incorrectly succeeding when no `Content-Type` header was present but one was expected.
+2. When a shape was @httpPayload`-bound, `Content-Type` header checking occurred even when no payload was being sent. In this case it is not necessary to check the header, since there is no content.
+
+This is a breaking change in that servers are now stricter at enforcing the expected `Content-Type` header is being sent by the client in general, and laxer when the shape is bound with `@httpPayload`.
+"""
+references = ["smithy-rs#3690"]
+meta = { "breaking" = true, "tada" = false, "bug" = true, "target" = "server"}
+author = "david-perez"
diff --git a/codegen-core/common-test-models/rest-json-extras-2310.smithy b/codegen-core/common-test-models/rest-json-extras-2310.smithy
@@ -0,0 +1,36 @@
+$version: "1.0"
+
+namespace aws.protocoltests.restjson
+
+use aws.protocols#restJson1
+use smithy.test#httpMalformedRequestTests
+
+@http(method: "POST", uri: "/MalformedContentTypeWithBody")
+operation MalformedContentTypeWithBody2 {
+    input: GreetingStruct
+}
+
+structure GreetingStruct {
+    salutation: String,
+}
+
+apply MalformedContentTypeWithBody2 @httpMalformedRequestTests([
+    {
+        id: "RestJsonWithBodyExpectsApplicationJsonContentTypeNoHeaders",
+        documentation: """
+        When there is modeled input, the content type must be application/json""",
+        protocol: restJson1,
+        request: {
+            method: "POST",
+            uri: "/MalformedContentTypeWithBody",
+            body: "{}",
+        },
+        response: {
+            code: 415,
+            headers: {
+                "x-amzn-errortype": "UnsupportedMediaTypeException"
+            }
+        },
+        tags: [ "content-type" ]
+    }
+])
diff --git a/codegen-core/common-test-models/rest-json-extras-2314.smithy b/codegen-core/common-test-models/rest-json-extras-2314.smithy
@@ -0,0 +1,158 @@
+$version: "1.0"
+
+namespace aws.protocoltests.restjson
+
+use aws.protocols#restJson1
+use smithy.test#httpMalformedRequestTests
+use smithy.test#httpRequestTests
+use smithy.test#httpResponseTests
+
+/// This example serializes a blob shape in the payload.
+///
+/// In this example, no JSON document is synthesized because the payload is
+/// not a structure or a union type.
+@http(uri: "/HttpPayloadTraits", method: "POST")
+operation HttpPayloadTraits2 {
+    input: HttpPayloadTraitsInputOutput,
+    output: HttpPayloadTraitsInputOutput
+}
+
+apply HttpPayloadTraits2 @httpRequestTests([
+    {
+        id: "RestJsonHttpPayloadTraitsWithBlobAcceptsNoContentType",
+        documentation: """
+            Servers must accept no content type for blob inputs
+            without the media type trait.""",
+        protocol: restJson1,
+        method: "POST",
+        uri: "/HttpPayloadTraits",
+        body: "This is definitely a jpeg",
+        bodyMediaType: "application/octet-stream",
+        headers: {
+            "X-Foo": "Foo",
+        },
+        params: {
+            foo: "Foo",
+            blob: "This is definitely a jpeg"
+        },
+        appliesTo: "server",
+        tags: [ "content-type" ]
+    }
+])
+
+/// This example serializes a string shape in the payload.
+///
+/// In this example, no JSON document is synthesized because the payload is
+/// not a structure or a union type.
+@http(uri: "/HttpPayloadTraitOnString", method: "POST")
+operation HttpPayloadTraitOnString2 {
+    input: HttpPayloadTraitOnStringInputOutput,
+    output: HttpPayloadTraitOnStringInputOutput
+}
+
+structure HttpPayloadTraitOnStringInputOutput {
+    @httpPayload
+    foo: String,
+}
+
+apply HttpPayloadTraitOnString2 @httpRequestTests([
+    {
+        id: "RestJsonHttpPayloadTraitOnString",
+        documentation: "Serializes a string in the HTTP payload",
+        protocol: restJson1,
+        method: "POST",
+        uri: "/HttpPayloadTraitOnString",
+        body: "Foo",
+        bodyMediaType: "text/plain",
+        headers: {
+            "Content-Type": "text/plain",
+        },
+        requireHeaders: [
+            "Content-Length"
+        ],
+        params: {
+            foo: "Foo",
+        }
+    },
+])
+
+apply HttpPayloadTraitOnString2 @httpResponseTests([
+    {
+        id: "RestJsonHttpPayloadTraitOnString",
+        documentation: "Serializes a string in the HTTP payload",
+        protocol: restJson1,
+        code: 200,
+        body: "Foo",
+        bodyMediaType: "text/plain",
+        headers: {
+            "Content-Type": "text/plain",
+        },
+        params: {
+            foo: "Foo",
+        }
+    },
+])
+
+apply HttpPayloadTraitOnString2 @httpMalformedRequestTests([
+    {
+        id: "RestJsonHttpPayloadTraitOnStringNoContentType",
+        documentation: "Serializes a string in the HTTP payload without a content-type header",
+        protocol: restJson1,
+        request: {
+            method: "POST",
+            uri: "/HttpPayloadTraitOnString",
+            body: "Foo",
+            // We expect a `Content-Type` header but none was provided.
+        },
+        response: {
+            code: 415,
+            headers: {
+                "x-amzn-errortype": "UnsupportedMediaTypeException"
+            }
+        },
+        tags: [ "content-type" ]
+    },
+    {
+        id: "RestJsonHttpPayloadTraitOnStringWrongContentType",
+        documentation: "Serializes a string in the HTTP payload without the expected content-type header",
+        protocol: restJson1,
+        request: {
+            method: "POST",
+            uri: "/HttpPayloadTraitOnString",
+            body: "Foo",
+            headers: {
+                // We expect `text/plain`.
+                "Content-Type": "application/json",
+            },
+        },
+        response: {
+            code: 415,
+            headers: {
+                "x-amzn-errortype": "UnsupportedMediaTypeException"
+            }
+        },
+        tags: [ "content-type" ]
+    },
+    {
+        id: "RestJsonHttpPayloadTraitOnStringUnsatisfiableAccept",
+        documentation: "Serializes a string in the HTTP payload with an unstatisfiable accept header",
+        protocol: restJson1,
+        request: {
+            method: "POST",
+            uri: "/HttpPayloadTraitOnString",
+            body: "Foo",
+            headers: {
+                "Content-Type": "text/plain",
+                // We can't satisfy this requirement; the server will return `text/plain`.
+                "Accept": "application/json",
+            },
+        },
+        response: {
+            code: 406,
+            headers: {
+                "x-amzn-errortype": "NotAcceptableException"
+            }
+        },
+        tags: [ "accept" ]
+    },
+])
diff --git a/codegen-core/common-test-models/rest-json-extras-2315.smithy b/codegen-core/common-test-models/rest-json-extras-2315.smithy
@@ -0,0 +1,62 @@
+$version: "2.0"
+
+namespace aws.protocoltests.restjson
+
+use smithy.test#httpRequestTests
+use smithy.test#httpResponseTests
+use smithy.framework#ValidationException
+
+@http(uri: "/EnumPayload2", method: "POST")
+@httpRequestTests([
+    {
+        id: "RestJsonEnumPayloadRequest2",
+        uri: "/EnumPayload2",
+        headers: { "Content-Type": "text/plain" },
+        body: "enumvalue",
+        params: { payload: "enumvalue" },
+        method: "POST",
+        protocol: "aws.protocols#restJson1"
+    }
+])
+@httpResponseTests([
+    {
+        id: "RestJsonEnumPayloadResponse2",
+        headers: { "Content-Type": "text/plain" },
+        body: "enumvalue",
+        params: { payload: "enumvalue" },
+        protocol: "aws.protocols#restJson1",
+        code: 200
+    }
+])
+operation HttpEnumPayload2 {
+    input: EnumPayloadInput,
+    output: EnumPayloadInput
+    errors: [ValidationException]
+}
+
+@http(uri: "/StringPayload2", method: "POST")
+@httpRequestTests([
+    {
+        id: "RestJsonStringPayloadRequest2",
+        uri: "/StringPayload2",
+        headers: { "Content-Type": "text/plain" },
+        body: "rawstring",
+        params: { payload: "rawstring" },
+        method: "POST",
+        protocol: "aws.protocols#restJson1"
+    }
+])
+@httpResponseTests([
+    {
+        id: "RestJsonStringPayloadResponse2",
+        headers: { "Content-Type": "text/plain" },
+        body: "rawstring",
+        params: { payload: "rawstring" },
+        protocol: "aws.protocols#restJson1",
+        code: 200
+    }
+])
+operation HttpStringPayload2 {
+    input: StringPayloadInput,
+    output: StringPayloadInput
+}
diff --git a/codegen-core/common-test-models/rest-json-extras.smithy b/codegen-core/common-test-models/rest-json-extras.smithy
@@ -66,6 +66,14 @@ service RestJsonExtras {
         CaseInsensitiveErrorOperation,
         EmptyStructWithContentOnWireOp,
         QueryPrecedence,
+        // TODO(https://github.com/smithy-lang/smithy/pull/2314)
+        HttpPayloadTraitOnString2,
+        HttpPayloadTraits2,
+        // TODO(https://github.com/smithy-lang/smithy/pull/2310)
+        MalformedContentTypeWithBody2,
+        // TODO(https://github.com/smithy-lang/smithy/pull/2315)
+        HttpEnumPayload2,
+        HttpStringPayload2,
     ],
     errors: [ExtraError]
 }
@@ -101,6 +109,7 @@ structure ExtraError {}
         id: "StringPayload",
         uri: "/StringPayload",
         body: "rawstring",
+        headers: { "Content-Type": "text/plain" },
         params: { payload: "rawstring" },
         method: "POST",
         protocol: "aws.protocols#restJson1"
diff --git a/codegen-server-test/build.gradle.kts b/codegen-server-test/build.gradle.kts
@@ -64,7 +64,15 @@ val allCodegenTests = "../codegen-core/common-test-models".let { commonModels ->
         CodegenTest(
             "aws.protocoltests.restjson#RestJsonExtras",
             "rest_json_extras",
-            imports = listOf("$commonModels/rest-json-extras.smithy"),
+            imports = listOf(
+                "$commonModels/rest-json-extras.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2310): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2310.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2314): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2314.smithy",
+                // TODO(https://github.com/smithy-lang/smithy/pull/2315): Can be deleted when consumed in next Smithy version.
+                "$commonModels/rest-json-extras-2315.smithy",
+            ),
         ),
         CodegenTest(
             "aws.protocoltests.restjson.validation#RestJsonValidation",
diff --git a/codegen-server/src/main/kotlin/software/amazon/smithy/rust/codegen/server/smithy/generators/protocol/ServerProtocolTestGenerator.kt b/codegen-server/src/main/kotlin/software/amazon/smithy/rust/codegen/server/smithy/generators/protocol/ServerProtocolTestGenerator.kt
@@ -812,6 +812,9 @@ class ServerProtocolTestGenerator(
                 FailingTest(REST_JSON, "RestJsonEndpointTrait", TestType.Request),
                 FailingTest(REST_JSON, "RestJsonEndpointTraitWithHostLabel", TestType.Request),
                 FailingTest(REST_JSON, "RestJsonOmitsEmptyListQueryValues", TestType.Request),
+                // TODO(https://github.com/smithy-lang/smithy/pull/2315): Can be deleted when fixed tests are consumed in next Smithy version
+                FailingTest(REST_JSON, "RestJsonEnumPayloadRequest", TestType.Request),
+                FailingTest(REST_JSON, "RestJsonStringPayloadRequest", TestType.Request),
                 // Tests involving `@range` on floats.
                 // Pending resolution from the Smithy team, see https://github.com/smithy-lang/smithy-rs/issues/2007.
                 FailingTest(REST_JSON_VALIDATION, "RestJsonMalformedRangeFloat_case0", TestType.MalformedRequest),
diff --git a/codegen-server/src/main/kotlin/software/amazon/smithy/rust/codegen/server/smithy/protocols/ServerHttpBoundProtocolGenerator.kt b/codegen-server/src/main/kotlin/software/amazon/smithy/rust/codegen/server/smithy/protocols/ServerHttpBoundProtocolGenerator.kt
diff --git a/rust-runtime/aws-smithy-http-server/src/protocol/mod.rs b/rust-runtime/aws-smithy-http-server/src/protocol/mod.rs
diff --git a/rust-runtime/aws-smithy-http-server/src/rejection.rs b/rust-runtime/aws-smithy-http-server/src/rejection.rs
