From b2aa508a3ed7bf337aa82dfd4645765a49a327ad Mon Sep 17 00:00:00 2001 From: Paul Joseph Davis Date: Sun, 19 Apr 2009 20:02:45 +0000 Subject: COUCHDB-306 - Improving reported errors. Case #3 turns out to be misusing the end-point for HTML forms that Futon uses. For new people it would also be triggered by accidentally using POST when a PUT to /db_name/docid is used. git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@766505 13f79535-47bb-0310-9956-ffa450edef68 --- share/www/script/couch_tests.js | 1 + share/www/script/test/form_submit.js | 26 ++++++++++++++++++++++++++ src/couchdb/couch_httpd.erl | 2 ++ src/couchdb/couch_httpd_db.erl | 6 ++++++ 4 files changed, 35 insertions(+) create mode 100644 share/www/script/test/form_submit.js diff --git a/share/www/script/couch_tests.js b/share/www/script/couch_tests.js index 79fd6306..9bd2b45c 100644 --- a/share/www/script/couch_tests.js +++ b/share/www/script/couch_tests.js @@ -67,6 +67,7 @@ loadTest("list_views.js"); loadTest("compact.js"); loadTest("purge.js"); loadTest("config.js"); +loadTest("form_submit.js"); loadTest("security_validation.js"); loadTest("stats.js"); loadTest("rev_stemming.js"); diff --git a/share/www/script/test/form_submit.js b/share/www/script/test/form_submit.js new file mode 100644 index 00000000..3d313050 --- /dev/null +++ b/share/www/script/test/form_submit.js @@ -0,0 +1,26 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy +// of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +// Do some basic tests. +couchTests.form_upload = function(debug) { + var db = new CouchDB("test_suite_db"); + db.deleteDb(); + db.createDb(); + + // PUT on existing DB should return 412 instead of 500 + var json = "{}"; + var xhr = CouchDB.request("POST", "/test_suite_db/baz", {body: json}); + T(xhr.status == 415); + result = JSON.parse(xhr.responseText); + T(result.error, "bad_content_type"); + T(result.reason, "Invalid Content-Type header for form upload"); +}; diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl index 5e150055..5775e3a7 100644 --- a/src/couchdb/couch_httpd.erl +++ b/src/couchdb/couch_httpd.erl @@ -417,6 +417,8 @@ error_info({unauthorized, Msg}) -> error_info(file_exists) -> {412, <<"file_exists">>, <<"The database could not be " "created, the file already exists.">>}; +error_info({bad_ctype, Reason}) -> + {415, <<"bad_content_type">>, Reason}; error_info({Error, Reason}) -> {500, couch_util:to_binary(Error), couch_util:to_binary(Reason)}; error_info(Error) -> diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl index bacce4ae..f8eed81f 100644 --- a/src/couchdb/couch_httpd_db.erl +++ b/src/couchdb/couch_httpd_db.erl @@ -497,6 +497,12 @@ db_doc_req(#httpd{method='GET'}=Req, Db, DocId) -> end; db_doc_req(#httpd{method='POST'}=Req, Db, DocId) -> + case couch_httpd:header_value(Req, "content-type") of + "multipart/form-data" ++ _Rest -> + ok; + _Else -> + throw({bad_ctype, <<"Invalid Content-Type header for form upload">>}) + end, Form = couch_httpd:parse_form(Req), Rev = couch_doc:parse_rev(list_to_binary(proplists:get_value("_rev", Form))), {ok, [{ok, Doc}]} = couch_db:open_doc_revs(Db, DocId, [Rev], []), -- cgit v1.2.3