Uploaded image for project: 'Trapperkeeper (moved to puppet.atlassian.net)'
  1. Trapperkeeper (moved to puppet.atlassian.net)
  2. TK-277

Avoid slurping request body during tk-authorization



    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • None
    • TrapperKeeper
    • None


      The work for TK-259 involved having trapperkeeper-authorization use Ring's wrap-params middleware to parse query parameters out of a request's query string. wrap-params also, in the case of a urlencoded form post, will slurp the body of the request - so that the content can be parsed for form parameters - without leaving the original body content around for downstream consumers to use, as needed.

      In Puppet Server, there is code which pre-parses the request body into a string before any Ring param middleware can slurp up the request body, leaving the original string around for consumption as needed within core Ruby Puppet indirector route handling. See https://github.com/puppetlabs/puppet-server/blob/puppet-server-2.1.1/src/clj/puppetlabs/services/request_handler/request_handler_core.clj#L87-L88. This was originally done to make Puppet Server backward compatible with Rack and WEBrick around the handling of the request body. So that this code can continue to function properly, trapperkeeper-authorization should parse the query params in such a way that the body of the request isn't indirectly consumed before Puppet Server request handling code can access it.

      There has been some debate about whether or not it is necessary for Puppet Server to continue providing a string representation of the request body to core Ruby Puppet when the request contains a urlencoded form post payload. SERVER-594 covers investigating this further. In the meantime, for backward compatibility, it would be safest for trapperkeeper-authorization to avoid having the request body slurped.


        Issue Links



              Unassigned Unassigned
              jeremy.barlow Jeremy Barlow
              Erik Dasher Erik Dasher
              0 Vote for this issue
              1 Start watching this issue



                Zendesk Support