test(content-negotiation): respond 406 for bad accept header

jaredcnance · jaredcnance · commit bcf8fbbc87c2 · 2017-02-18T17:41:03.000-06:00
diff --git a/src/JsonApiDotNetCore/Extensions/IApplicationBuilderExtensions.cs b/src/JsonApiDotNetCore/Extensions/IApplicationBuilderExtensions.cs
@@ -1,4 +1,6 @@
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Primitives;
 
 namespace JsonApiDotNetCore.Routing
 {
@@ -8,24 +10,58 @@ public static IApplicationBuilder UseJsonApi(this IApplicationBuilder app)
         {
             app.Use(async (context, next) =>
             {
-                var contentType = context.Request.ContentType;
-                if (contentType != null)
+                if (IsValid(context))
+                    await next.Invoke();
+            });
+
+            app.UseMvc();
+
+            return app;
+        }
+
+        private static bool IsValid(HttpContext context)
+        {
+            return IsValidContentTypeHeader(context) && IsValidAcceptHeader(context);
+        }
+
+        private static bool IsValidContentTypeHeader(HttpContext context)
+        {
+            var contentType = context.Request.ContentType;
+            if (contentType != null && ContainsMediaTypeParameters(contentType))
+            {
+                FlushResponse(context, 415);
+                return false;
+            }
+            return true;
+        }
+
+        private static bool IsValidAcceptHeader(HttpContext context)
+        {
+            var acceptHeaders = new StringValues();
+            if (context.Request.Headers.TryGetValue("Accept", out acceptHeaders))
+            {
+                foreach (var acceptHeader in acceptHeaders)
                 {
-                    var contentTypeArr = contentType.Split(';');
-                    if (contentTypeArr[0] == "application/vnd.api+json" && contentTypeArr.Length == 2)
+                    if (ContainsMediaTypeParameters(acceptHeader))
                     {
-                        context.Response.StatusCode = 415;
-                        context.Response.Body.Flush();
-                        return;
+                        FlushResponse(context, 406);
+                        return false;
                     }
                 }
+            }
+            return true;
+        }
 
-                await next.Invoke();
-            });
-
-            app.UseMvc();
+        private static bool ContainsMediaTypeParameters(string mediaType)
+        {
+            var mediaTypeArr = mediaType.Split(';');
+            return (mediaTypeArr[0] == "application/vnd.api+json" && mediaTypeArr.Length == 2);
+        }
 
-            return app;
+        private static void FlushResponse(HttpContext context, int statusCode)
+        {
+            context.Response.StatusCode = statusCode;
+            context.Response.Body.Flush();
         }
     }
 }
diff --git a/test/JsonApiDotNetCoreExampleTests/IntegrationTests/Spec/ContentNegotiation.cs b/test/JsonApiDotNetCoreExampleTests/IntegrationTests/Spec/ContentNegotiation.cs
@@ -1,17 +1,12 @@
-using System;
-using System.Diagnostics.Contracts;
-using System.Globalization;
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
-using System.Text;
 using System.Threading.Tasks;
 using DotNetCoreDocs;
 using DotNetCoreDocs.Models;
 using DotNetCoreDocs.Writers;
 using JsonApiDotNetCoreExample;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Mvc.Formatters.Internal;
 using Microsoft.AspNetCore.TestHost;
 using Xunit;
 
@@ -61,13 +56,38 @@ public async Task Server_Responds_415_With_MediaType_Parameters()
             var request = new HttpRequestMessage(httpMethod, route);
             request.Content = new StringContent(string.Empty);
             request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/vnd.api+json");
-            request.Content.Headers.ContentType.CharSet="ISO-8859-4";
+            request.Content.Headers.ContentType.CharSet = "ISO-8859-4";
 
             // act
             var response = await client.SendAsync(request);
 
             // assert
             Assert.Equal(HttpStatusCode.UnsupportedMediaType, response.StatusCode);
         }
+
+        [Fact]
+        public async Task ServerResponds_406_If_RequestAcceptHeader_Contains_MediaTypeParameters()
+        {
+            // arrange
+            var builder = new WebHostBuilder()
+                .UseStartup<Startup>();
+            var httpMethod = new HttpMethod("GET");
+            var route = "/api/v1/todo-items";
+            var description = new RequestProperties("Server responds with 406...");
+            var server = new TestServer(builder);
+            var client = server.CreateClient();
+            var acceptHeader = new MediaTypeWithQualityHeaderValue("application/vnd.api+json");
+            acceptHeader.CharSet = "ISO-8859-4";
+            client.DefaultRequestHeaders
+                    .Accept
+                    .Add(acceptHeader);
+            var request = new HttpRequestMessage(httpMethod, route);
+
+            // act
+            var response = await client.SendAsync(request);
+
+            // assert
+            Assert.Equal(HttpStatusCode.NotAcceptable, response.StatusCode);
+        }
     }
 }
