Merge pull request #45 from mdsol/fix/status-should-be-string

ejinotti-mdsol · web-flow · commit a6e83303e171 · 2023-06-29T10:12:46.000-04:00
[MCC-1080766] Status for `start_response` must be `str`
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 1.6.1
+- Fix `MAuthWSGIMiddleware` to return a string for "status" and to properly set
+  content-length header.
+
 # 1.6.0
 - Fix bug with reading request body in `MAuthWSGIMiddleware`.
 - Remove Support for EOL Python 3.7
diff --git a/mauth_client/middlewares/wsgi.py b/mauth_client/middlewares/wsgi.py
@@ -37,17 +37,15 @@ def __call__(self, environ, start_response):
         )
         signed = Signed.from_headers(self._extract_headers(environ))
         authenticator = LocalAuthenticator(signable, signed, logger)
-        is_authentic, status, message = authenticator.is_authentic()
+        is_authentic, code, message = authenticator.is_authentic()
 
         if is_authentic:
             environ[ENV_APP_UUID] = signed.app_uuid
             environ[ENV_AUTHENTIC] = True
             environ[ENV_PROTOCOL_VERSION] = signed.protocol_version()
             return self.app(environ, start_response)
 
-        start_response(status, [("content-type", "application/json")])
-        body = {"errors": {"mauth": [message]}}
-        return [json.dumps(body).encode("utf-8")]
+        return self._send_response(code, message, start_response)
 
     def _validate_configs(self):
         # Validate the client settings (APP_UUID, PRIVATE_KEY)
@@ -135,3 +133,21 @@ def _extract_url(self, environ):
             url_parts.append(f"?{quote(qs, safe=self.SAFE_CHARS)}")
 
         return "".join(url_parts)
+
+    _STATUS_STRS = {
+        401: "401 Unauthorized",
+        500: "500 Internal Server Error",
+    }
+
+    def _send_response(self, code, msg, start_response):
+        status = self._STATUS_STRS[code]
+        body = {"errors": {"mauth": [msg]}}
+        body_bytes = json.dumps(body).encode("utf-8")
+
+        headers = [
+            ("Content-Type", "application/json"),
+            ("Content-Length", str(len(body_bytes))),
+        ]
+        start_response(status, headers)
+
+        return [body_bytes]
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "mauth-client"
-version = "1.6.0"
+version = "1.6.1"
 description = "MAuth Client for Python"
 repository = "https://github.com/mdsol/mauth-client-python"
 authors = ["Medidata Solutions <support@mdsol.com>"]
diff --git a/tests/middlewares/wsgi_test.py b/tests/middlewares/wsgi_test.py
@@ -99,6 +99,7 @@ def test_401_response_when_not_authenticated(self):
         response = self.client.get("/")
 
         self.assertEqual(response.status_code, 401)
+        self.assertEqual(response.headers["Content-Length"], "151")
         self.assertEqual(response.json, {
             "errors": {
                 "mauth": [(
