Merge pull request #1922 from IABTechLab/vse-IM-1827-fallback-to-base64-decode-if-binary-decode-fails

Fallback to base64 decode is binary decode fails

Author: aulme

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-operator</artifactId>
-    <version>5.56.49</version>
+    <version>5.56.49-alpha-204-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

src/main/java/com/uid2/operator/service/V2RequestUtil.java

@@ -58,7 +58,31 @@ public boolean isValid() {
 
     public static V2Request parseRequest(RoutingContext rc, ClientKey ck, IClock clock) {
         if (rc.request().headers().contains(HttpHeaders.CONTENT_TYPE, HttpMediaType.APPLICATION_OCTET_STREAM.getType(), true)) {
-            return V2RequestUtil.parseRequestAsBuffer(rc.body().buffer(), ck, clock);
+            V2Request requestAsBuffer = V2RequestUtil.parseRequestAsBuffer(rc.body().buffer(), ck, clock);
+
+            if (requestAsBuffer.isValid()) {
+                // If the binary request is valid, use the binary request buffer
+                return requestAsBuffer;
+            } else {
+                RoutingContextReader rcReader = new RoutingContextReader(rc);
+
+                // If the binary request is invalid, try to parse it as a base64 encoded string
+                V2Request requestAsString = V2RequestUtil.parseRequestAsString(rc.body().asString(), ck, clock);
+                if (requestAsString.isValid()) {
+                    // TODO: Delete this log line after fix is verified
+                    LOGGER.info("Fallback successful for {}, site ID: {}", rcReader.getContact(), rcReader.getSiteId());
+
+                    // If the base64 request is valid, set the request content type to text/plain, use the base64 request string
+                    rc.request().headers().set(HttpHeaders.CONTENT_TYPE, HttpMediaType.TEXT_PLAIN.getType());
+                    return requestAsString;
+                } else {
+                    // TODO: Delete this log line after fix is verified
+                    LOGGER.info("Fallback failed for {}, site ID: {}", rcReader.getContact(), rcReader.getSiteId());
+
+                    // If both binary and base64 requests are invalid, return the original binary request buffer error
+                    return requestAsBuffer;
+                }
+            }
         } else {
             return V2RequestUtil.parseRequestAsString(rc.body().asString(), ck, clock);
         }

src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java

@@ -461,10 +461,14 @@ private void post(Vertx vertx, String endpoint, JsonObject body, Handler<AsyncRe
     }
 
     private void postV2(ClientKey ck, Vertx vertx, String endpoint, JsonObject body, long nonce, String referer, Handler<AsyncResult<HttpResponse<Buffer>>> handler) {
-        postV2(ck, vertx, endpoint, body, nonce, referer, handler, Collections.emptyMap());
+        postV2(ck, vertx, endpoint, body, nonce, referer, handler, Collections.emptyMap(), false);
     }
 
     private void postV2(ClientKey ck, Vertx vertx, String endpoint, JsonObject body, long nonce, String referer, Handler<AsyncResult<HttpResponse<Buffer>>> handler, Map<String, String> additionalHeaders) {
+        postV2(ck, vertx, endpoint, body, nonce, referer, handler, additionalHeaders, false);
+    }
+
+    private void postV2(ClientKey ck, Vertx vertx, String endpoint, JsonObject body, long nonce, String referer, Handler<AsyncResult<HttpResponse<Buffer>>> handler, Map<String, String> additionalHeaders, boolean forceBase64RequestBody) {
         WebClient client = WebClient.create(vertx);
         final String apiKey = ck == null ? "" : clientKey;
         HttpRequest<Buffer> request = client.postAbs(getUrlForEndpoint(endpoint))
@@ -492,7 +496,7 @@ private void postV2(ClientKey ck, Vertx vertx, String endpoint, JsonObject body,
             request.putHeader("Referer", referer);
         }
 
-        if (request.headers().contains(HttpHeaders.CONTENT_TYPE.toString(), HttpMediaType.APPLICATION_OCTET_STREAM.getType(), true)) {
+        if (request.headers().contains(HttpHeaders.CONTENT_TYPE.toString(), HttpMediaType.APPLICATION_OCTET_STREAM.getType(), true) && !forceBase64RequestBody) {
             request.sendBuffer(bufBody, handler);
         } else {
             request.sendBuffer(Buffer.buffer(Utils.toBase64String(bufBody.getBytes()).getBytes(StandardCharsets.UTF_8)), handler);
@@ -962,6 +966,39 @@ void identityMapNewClientNoPolicySpecified(String apiVersion, String contentType
         }, Map.of(HttpHeaders.CONTENT_TYPE.toString(), contentType));
     }
 
+    @Test
+    void fallbackToBase64DecodingIfBinaryEnvelopeDecodeFails(Vertx vertx, VertxTestContext testContext) {
+        final int clientSiteId = 201;
+        fakeAuth(clientSiteId, newClientCreationDateTime, Role.MAPPER);
+        setupSalts();
+        setupKeys();
+        ClientKey ck = (ClientKey) clientKeyProvider.get("");
+        long nonce = new BigInteger(Random.getBytes(8)).longValue();
+
+        JsonObject req = new JsonObject();
+        JsonArray emails = new JsonArray();
+        req.put("email", emails);
+        emails.add("test1@uid2.com");
+
+        postV2(ck, vertx, "v2/identity/map", req, nonce, null, ar -> {
+            assertTrue(ar.succeeded());
+            assertEquals(200, ar.result().statusCode());
+
+            byte[] byteResp = Utils.decodeBase64String(ar.result().bodyAsString());
+            byte[] decrypted = AesGcm.decrypt(byteResp, 0, ck.getSecretBytes());
+
+            JsonObject respJson = new JsonObject(new String(decrypted, 16, decrypted.length - 16, StandardCharsets.UTF_8));
+            assertEquals("success", respJson.getString("status"));
+
+            // Check that response content type is text/plain
+            assertEquals(HttpMediaType.TEXT_PLAIN.getType(), ar.result().getHeader(HttpHeaders.CONTENT_TYPE.toString()));
+
+            testContext.completeNow();
+
+           // Set request content type header to application/octet-stream, but force a base64 encoded request envelope
+        }, Map.of(HttpHeaders.CONTENT_TYPE.toString(), "application/octet-stream"), true);
+    }
+
     @ParameterizedTest
     @MethodSource("versionAndPolicy")
     void identityMapNewClientWrongPolicySpecified(String apiVersion, String policyParameterKey, Vertx vertx, VertxTestContext testContext) {