From 9feb7031cd53f2fa3b3855459fa38dbbd0cc9ee8 Mon Sep 17 00:00:00 2001
From: Jan Kaluza <jkaluza@redhat.com>
Date: Sep 20 2017 06:01:34 +0000
Subject: Use flask.request.get_json() in views.py instead of getting json manually.


---

diff --git a/server/odcs/server/__init__.py b/server/odcs/server/__init__.py
index 71fc4b9..6b10f0b 100644
--- a/server/odcs/server/__init__.py
+++ b/server/odcs/server/__init__.py
@@ -26,6 +26,7 @@ from logging import getLogger
 from flask import Flask, jsonify
 from flask_sqlalchemy import SQLAlchemy
 from flask_login import LoginManager
+from werkzeug.exceptions import BadRequest
 
 from odcs.server.logger import init_logging
 from odcs.server.config import init_config
@@ -87,3 +88,9 @@ def validationerror_error(e):
 def runtimeerror_error(e):
     """Flask error handler for RuntimeError exceptions"""
     return json_error(500, 'Internal Server Error', e.args[0])
+
+
+@app.errorhandler(BadRequest)
+def badrequest_error(e):
+    """Flask error handler for RuntimeError exceptions"""
+    return json_error(e.code, 'Bad Request', e.get_description())
diff --git a/server/odcs/server/views.py b/server/odcs/server/views.py
index 0b5ea70..7418402 100644
--- a/server/odcs/server/views.py
+++ b/server/odcs/server/views.py
@@ -22,7 +22,6 @@
 # Written by Jan Kaluza <jkaluza@redhat.com>
 
 import datetime
-import json
 
 from flask.views import MethodView
 from flask import request, jsonify
@@ -89,11 +88,9 @@ class ODCSAPI(MethodView):
     def post(self):
         owner = "Unknown"  # TODO
 
-        try:
-            data = json.loads(request.get_data().decode("utf-8"))
-        except Exception:
-            log.exception('Invalid JSON submitted')
-            raise ValueError('Invalid JSON submitted')
+        data = request.get_json(force=True)
+        if not data:
+            raise ValueError('No JSON POST data submitted')
 
         seconds_to_live = conf.seconds_to_live
         if "seconds-to-live" in data:
diff --git a/server/tests/test_views.py b/server/tests/test_views.py
index f0421e2..fb41156 100644
--- a/server/tests/test_views.py
+++ b/server/tests/test_views.py
@@ -122,6 +122,16 @@ class TestViews(ViewBaseTest):
             db.session.add(self.c2)
             db.session.commit()
 
+    def test_submit_invalid_json(self):
+        with self.test_request_context(user='dev'):
+            rv = self.client.post('/odcs/1/composes/', data="{")
+            data = json.loads(rv.data.decode('utf8'))
+
+        self.assertEqual(rv.status, '400 BAD REQUEST')
+        self.assertEqual(data["error"], "Bad Request")
+        self.assertEqual(data["status"], 400)
+        self.assertTrue(data["message"].find("Failed to decode JSON object") != -1)
+
     def test_submit_build(self):
         with self.test_request_context(user='dev'):
             rv = self.client.post('/odcs/1/composes/', data=json.dumps(