intellivoid/SocialvoidLib

CDN Server acts like the `action` parameter was never passed

Closed this issue · 3 comments

the-blank-x commented 
> curl -v --data '{"session_id": "35714fd511b6064908da4ed77c12f587-175486d4-c7e3-4f23-9158-40c312f5d37f-65b6a0fd", "client_public_hash": "242df072e30961d274db52a184072a0c517680e921dc988bca95fbd2b9c84203", "challenge_answer": {"session_id": "35714fd511b6064908da4ed77c12f587-175486d4-c7e3-4f23-9158-40c312f5d37f-65b6a0fd", "client_public_hash": "242df072e30961d274db52a184072a0c517680e921dc988bca95fbd2b9c84203", "challenge_answer": "e2696a38eb9feb6aa908f46d5334e695ecc318bb"}, "action": "download", "document": "i do not have a document here but an error is an error"}' http://socialvoid.qlg1.com:5602/
*   Trying 94.68.188.72:5602...
* Connected to socialvoid.qlg1.com (94.68.188.72) port 5602 (#0)
> POST / HTTP/1.1
> Host: socialvoid.qlg1.com:5602
> User-Agent: curl/7.79.1
> Accept: */*
> Content-Length: 550
> Content-Type: application/x-www-form-urlencoded
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Date: Sun, 03 Oct 2021 15:51:17 GMT
< Server: Apache
< Content-Length: 71
< Connection: close
< Content-Type: application/json
<
* Closing connection 0
{"success":false,"error_code":0,"message":"Missing parameter 'action'"}
Netkas commented

Thank you for passing this on, I will investigate this further.

Netkas commented

Corrected this issue, the reason for this is that the server only checks for POST or GET parameters and ignores the POST body request, the server will now accept body content represented in JSON, if the server does not see a parameter in the following

  • POST
  • GET
  • POST BODY

or if it fails to decode the json input, it will simply act like the parameter is missing.

Netkas commented

KEEP IN MIND That the CDN server will not accept arrays as a parameter, it must be string, integer and boolean , otherwise you will get a response telling you that you passed on the incorrect value type

Because your request contains {"session_id": "35714fd511b6064908da4ed77c12f587-175486d4-c7e3-4f23-9158-40c312f5d37f-65b6a0fd", "client_public_hash": "242df072e30961d274db52a184072a0c517680e921dc988bca95fbd2b9c84203", "challenge_answer": "e2696a38eb9feb6aa908f46d5334e695ecc318bb"} as the value for challenge_answer it detects the parameter but it contains the incorrect type. hence returns {"success":false,"error_code":8711,"message":"The session challenge answer must be a string"}, so be careful with that.