Maybe return bad_content_type on _session POST
Currently, when POSTing to `/_session` with a Content-Type header
other than either `application/x-www-form-urlencoded` or
`application/json`, the error response can be surprising.
This changes the response to 415 `bad_content_type` when it's not one
of the above.
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index cc02a1e..c308549 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -459,7 +459,13 @@
Pairs
);
_ ->
- []
+ throw(
+ {bad_ctype, <<
+ "Content-Type must be "
+ "'application/x-www-form-urlencoded' or "
+ "'application/json'"
+ >>}
+ )
end,
UserName = ?l2b(extract_username(Form)),
Password = ?l2b(couch_util:get_value("password", Form, "")),
diff --git a/src/couch/test/eunit/couchdb_auth_tests.erl b/src/couch/test/eunit/couchdb_auth_tests.erl
index dfb22dc..bc5caab 100644
--- a/src/couch/test/eunit/couchdb_auth_tests.erl
+++ b/src/couch/test/eunit/couchdb_auth_tests.erl
@@ -34,6 +34,7 @@
Tests = [
fun should_return_username_on_post_to_session/2,
fun should_not_return_authenticated_field/2,
+ fun should_return_bad_content_type_appropriately/2,
fun should_return_list_of_handlers/2
],
RequireValidUserTests = [
@@ -85,6 +86,20 @@
end
).
+should_return_bad_content_type_appropriately(_PortType, Url) ->
+ ?_assertEqual(
+ <<"bad_content_type">>,
+ begin
+ {ok, 415, _, Body} = test_request:post(
+ Url,
+ [{"Content-Type", ""}],
+ []
+ ),
+ #{<<"error">> := Error} = jiffy:decode(Body, [return_maps]),
+ Error
+ end
+ ).
+
should_not_return_authenticated_field(_PortType, Url) ->
?_assertThrow(
{not_found, _},
