From f205586e351572a663f2279fd251b5db4b635a08 Mon Sep 17 00:00:00 2001 From: Stefan Vermaas Date: Wed, 17 Mar 2021 10:25:23 +0100 Subject: [PATCH 1/3] Respond with a 204 HTTP status code after cancelling a Session According to the official HTTP/1.1 specs a successful DELETE request can be handled in various ways. > If a DELETE method is successfully applied, the origin server SHOULD send a 202 (Accepted) status code if the action will likely succeed but has not yet been enacted, a 204 (No Content) status code if the action has been enacted and no further information is to be supplied, or a 200 (OK) status code if the action has been enacted and the response message includes a representation describing the status. This commit will make sure a 204 HTTP status code is returned after successfully cancelling the session. --- server/irmaserver/handle.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/irmaserver/handle.go b/server/irmaserver/handle.go index 03e5e91b4..8e5768fce 100644 --- a/server/irmaserver/handle.go +++ b/server/irmaserver/handle.go @@ -12,7 +12,7 @@ import ( "github.com/go-chi/chi" "github.com/privacybydesign/gabi" "github.com/privacybydesign/gabi/signed" - "github.com/privacybydesign/irmago" + irma "github.com/privacybydesign/irmago" "github.com/privacybydesign/irmago/internal/common" "github.com/privacybydesign/irmago/server" "github.com/sirupsen/logrus" @@ -284,7 +284,7 @@ func (s *Server) handleSessionStatusEvents(w http.ResponseWriter, r *http.Reques func (s *Server) handleSessionDelete(w http.ResponseWriter, r *http.Request) { r.Context().Value("session").(*session).handleDelete() - w.WriteHeader(200) + w.WriteHeader(204) } func (s *Server) handleSessionGet(w http.ResponseWriter, r *http.Request) { From 35ac1253bb3f9438cd9d2a0e477c9619f9d9216c Mon Sep 17 00:00:00 2001 From: Stefan Vermaas Date: Thu, 18 Mar 2021 12:23:35 +0100 Subject: [PATCH 2/3] Use the http.StatusNoContent instead of hardcoding the 204 HTTP response code. --- server/irmaserver/handle.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/irmaserver/handle.go b/server/irmaserver/handle.go index 8e5768fce..047c136bc 100644 --- a/server/irmaserver/handle.go +++ b/server/irmaserver/handle.go @@ -284,7 +284,7 @@ func (s *Server) handleSessionStatusEvents(w http.ResponseWriter, r *http.Reques func (s *Server) handleSessionDelete(w http.ResponseWriter, r *http.Request) { r.Context().Value("session").(*session).handleDelete() - w.WriteHeader(204) + w.WriteHeader(http.StatusNoContent) } func (s *Server) handleSessionGet(w http.ResponseWriter, r *http.Request) { From eaad91065fa399a4be35587764f3adda3c746a31 Mon Sep 17 00:00:00 2001 From: Stefan Vermaas Date: Thu, 18 Mar 2021 12:24:14 +0100 Subject: [PATCH 3/3] Test setup for verifying the HTTP response headers for cancelling an IRMA session. --- internal/sessiontest/handle_test.go | 34 +++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 internal/sessiontest/handle_test.go diff --git a/internal/sessiontest/handle_test.go b/internal/sessiontest/handle_test.go new file mode 100644 index 000000000..2bcfb1ee8 --- /dev/null +++ b/internal/sessiontest/handle_test.go @@ -0,0 +1,34 @@ +package sessiontest + +import ( + "net/http" + "testing" + + irma "github.com/privacybydesign/irmago" + "github.com/privacybydesign/irmago/internal/common" + "github.com/stretchr/testify/require" +) + +func init() { + common.ForceHTTPS = false + irma.SetLogger(logger) +} + +func TestHandleSessionDelete(t *testing.T) { + StartIrmaServer(t, false, "") + defer StopIrmaServer() + + // Setup a new disclosure session + id := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID") + session := startSession(t, getDisclosureRequest(id), "verification") + + // Attempt to delete the disclosed session + req, reqErr := http.NewRequest(http.MethodDelete, "http://localhost:48682/session/"+session.Token, nil) + require.NoError(t, reqErr) + + // Verify the API response + // TODO: Also test the actual deletion of the session + res, resErr := (&http.Client{}).Do(req) + require.NoError(t, resErr) + require.Equal(t, res.StatusCode, http.StatusNoContent) +}