Fix extension in url support

rouilj · rouilj · commit 62e369bb244b · 2021-10-21T10:40:15.000-04:00
Make error cases: .jon return errors in tests. I must not have tested
the prior checkin. This limits length of extension to under 6
characters. This allows most mime types (including .vcard maybe for
downloading a users record) likley to be specified for download.
It also permits JWT though.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -31,8 +31,8 @@ Fixed:
   encoded/compressed. (John Rouillard)
 - In REST interface do not raise UsageError for invalid api version.
   Return json error with proper message. Fixes crash. (John Rouillard)
-- In REST interface, only allow .json or .xml (if supported) as
-  extensions. All other paths with a . in then will be passed through
+- In REST interface, allow extensions on URI less than 6 characters in
+  length. All other paths with a . in then will be passed through
   without change. This allows items like a JWT to be passed as a path
   element. (John Rouillard)
 
diff --git a/roundup/rest.py b/roundup/rest.py
@@ -1961,9 +1961,12 @@ def dispatch(self, method, uri, input):
         #            default (application/json)
         ext_type = os.path.splitext(urlparse(uri).path)[1][1:]
 
-        # Use explicit list of extensions. Even if xml isn't supported
-        # recognize it as a valid directive.
-        if ext_type in ['json', 'xml']:
+        # Check to see if the length of the extension is less than 6.
+        # this allows use of .vcard for a future use in downloading
+        # user info. It also allows passing through larger items like
+        # JWT that has a final component > 6 items. This method also
+        # allow detection of mistyped types like jon for json.
+        if ext_type  and (len(ext_type) < 6):
             # strip extension so uri make sense
             # .../issue.json -> .../issue
             uri = uri[:-(len(ext_type) + 1)]
@@ -1976,11 +1979,6 @@ def dispatch(self, method, uri, input):
         # with invalid values.
         data_type = ext_type or accept_type or headers.get('Accept') or "invalid"
 
-        if (ext_type):
-            # strip extension so uri make sense
-            # .../issue.json -> .../issue
-            uri = uri[:-(len(ext_type) + 1)]
-
         # add access-control-allow-* to support CORS
         self.client.setHeader("Access-Control-Allow-Origin", "*")
         self.client.setHeader(
