[ODS-6011] Filter POST requests to fix issue with swagger (#846)

Ed-Fi-Alliance-OSS · Oct 12, 2023 · 0c02122 · 0c02122
1 parent 7450775
commit 0c02122
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 7 deletions.
diff --git a/Application/EdFi.Ods.Api/Middleware/OAuthContentTypeValidationMiddleware.cs b/Application/EdFi.Ods.Api/Middleware/OAuthContentTypeValidationMiddleware.cs
@@ -5,18 +5,16 @@
 
 using System;
 using System.Threading.Tasks;
-using log4net;
 using Microsoft.AspNetCore.Http;
 
 namespace EdFi.Ods.Api.Middleware
 {
     public class OAuthContentTypeValidationMiddleware : IMiddleware
     {
-        private readonly ILog _logger = LogManager.GetLogger(typeof(OAuthContentTypeValidationMiddleware));
-
         public async Task InvokeAsync(HttpContext context, RequestDelegate next)
         {
-            if (context.Request.Path.ToString().Contains("oauth", StringComparison.OrdinalIgnoreCase))
+            if (context.Request.Path.ToString().Contains("oauth", StringComparison.OrdinalIgnoreCase) &&
+                context.Request.Method == HttpMethods.Post)
             {
                 if (!context.Request.Headers.ContainsKey("Content-Type"))
                 {

diff --git a/Application/EdFi.Ods.Tests/EdFi.Ods.Api/Middleware/OAuthContentTypeValidationMiddleware.cs b/Application/EdFi.Ods.Tests/EdFi.Ods.Api/Middleware/OAuthContentTypeValidationMiddleware.cs
@@ -25,11 +25,12 @@ public void Setup()
         }
 
         [Test]
-        public async Task Middleware_Returns_BadRequest_When_Content_Type_Is_Missing_For_OAuth_Request()
+        public async Task Middleware_Returns_BadRequest_When_Content_Type_Is_Missing_For_OAuth_Post_Request()
         {
             // Arrange
             var context = new DefaultHttpContext();
             context.Request.Path = "/oauth/token";
+            context.Request.Method = HttpMethods.Post;
             context.Response.Body = new MemoryStream();
             var next = A.Fake<RequestDelegate>();
 
@@ -45,11 +46,12 @@ public async Task Middleware_Returns_BadRequest_When_Content_Type_Is_Missing_For
         }
 
         [Test]
-        public async Task Middleware_Passes_Through_When_Content_Type_Is_Present_For_OAuth_Request()
+        public async Task Middleware_Passes_Through_When_Content_Type_Is_Present_For_OAuth_Post_Request()
         {
             // Arrange
             var context = new DefaultHttpContext();
             context.Request.Path = "/oauth/token";
+            context.Request.Method = HttpMethods.Post;
             context.Request.ContentType = "application/json";
             var next = A.Fake<RequestDelegate>();
 
@@ -61,11 +63,28 @@ public async Task Middleware_Passes_Through_When_Content_Type_Is_Present_For_OAu
         }
 
         [Test]
-        public async Task Middleware_Passes_Through_For_Non_OAuth_Request()
+        public async Task Middleware_Passes_Through_For_Non_OAuth_Post_Request()
         {
             // Arrange
             var context = new DefaultHttpContext();
             context.Request.Path = "/data/v3/ed-fi/localEducationAgencies";
+            context.Request.Method = HttpMethods.Post;
+            var next = A.Fake<RequestDelegate>();
+
+            // Act
+            await _middleware.InvokeAsync(context, next);
+
+            // Assert
+            A.CallTo(() => next(context)).MustHaveHappened();
+        }
+
+        [Test]
+        public async Task Middleware_Passes_Through_For_NonPost_OAuth_Request()
+        {
+            // Arrange
+            var context = new DefaultHttpContext();
+            context.Request.Path = "/data/v3/ed-fi/localEducationAgencies";
+            context.Request.Method = HttpMethods.Options;
             var next = A.Fake<RequestDelegate>();
 
             // Act