misc: fix handling of invalid json content (return 400 Bad Request) (#18150)

tests/test_api.py

@@ -435,6 +435,13 @@ def test_formdef_schema(pub):
 
     get_app(pub).get('/api/formdefs/xxx/schema', status=404)
 
+def test_post_invalid_json(pub, local_user):
+    resp = get_app(pub).post('/api/formdefs/test/submit',
+            params='not a json payload',
+            content_type='application/json',
+            status=400)
+    assert resp.json['err'] == 1
+    assert resp.json['err_class'] == 'Invalid request'
 
 def test_formdef_submit(pub, local_user):
     Role.wipe()

wcs/middleware.py

@@ -14,13 +14,15 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see <http://www.gnu.org/licenses/>.
 
+import json
 import thread
 import threading
 import urllib
 
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseBadRequest, HttpResponseRedirect
 
 from quixote import get_publisher
+from quixote.errors import RequestError
 from .qommon.publisher import ImmediateRedirectException
 from .qommon.http_response import HTTPResponse
 from .compat import CompatHTTPRequest, CompatWcsPublisher
@@ -39,7 +41,16 @@ class PublisherInitialisationMiddleware(object):
             return HttpResponseRedirect(e.location)
 
         pub._set_request(compat_request)
-        pub.parse_request(compat_request)
+        try:
+            pub.parse_request(compat_request)
+        except RequestError, e:
+            if compat_request.is_json():
+                return HttpResponseBadRequest(json.dumps(
+                    {'err': 1, 'err_class': e.title, 'err_desc': e.public_msg}),
+                    content_type='application/json')
+            else:
+                return HttpResponseBadRequest(str(e))
+
         request._publisher = pub
 
         # if a ?toggle-mobile query string is passed, we explicitely set the