fix: use pipe to pass body remote authorizer (#426)

Resolves flaky tests.
ory · Apr 30, 2020 · 1a44087 · 1a44087
1 parent d9e29d6
commit 1a44087
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 10 deletions.
diff --git a/pipeline/authz/remote.go b/pipeline/authz/remote.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"text/template"
 
@@ -54,13 +54,13 @@ func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.Authenticat
 		return err
 	}
 
-	var body bytes.Buffer
-	err = pipeRequestBody(r, &body)
-	if err != nil {
-		return errors.Wrapf(err, `could not pipe request body in rule "%s"`, rl.GetID())
-	}
+	read, write := io.Pipe()
+	go func() {
+		err := pipeRequestBody(r, write)
+		write.CloseWithError(errors.Wrapf(err, `could not pipe request body in rule "%s"`, rl.GetID()))
+	}()
 
-	req, err := http.NewRequest("POST", c.Remote, ioutil.NopCloser(&body))
+	req, err := http.NewRequest("POST", c.Remote, read)
 	if err != nil {
 		return errors.WithStack(err)
 	}

diff --git a/pipeline/authz/remote_test.go b/pipeline/authz/remote_test.go
@@ -1,7 +1,6 @@
 package authz_test
 
 import (
-	"bytes"
 	"encoding/json"
 	"io/ioutil"
 	"net/http"
@@ -71,6 +70,21 @@ func TestAuthorizerRemoteAuthorize(t *testing.T) {
 			config:  json.RawMessage(`{}`),
 			wantErr: true,
 		},
+		{
+			name: "nobody",
+			setup: func(t *testing.T) *httptest.Server {
+				return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+					assert.Contains(t, r.Header, "Content-Type")
+					assert.Contains(t, r.Header["Content-Type"], "text/plain")
+					body, err := ioutil.ReadAll(r.Body)
+					require.NoError(t, err)
+					assert.Equal(t, "", string(body))
+					w.WriteHeader(http.StatusOK)
+				}))
+			},
+			body:   "",
+			config: json.RawMessage(`{}`),
+		},
 		{
 			name: "ok",
 			setup: func(t *testing.T) *httptest.Server {
@@ -92,11 +106,11 @@ func TestAuthorizerRemoteAuthorize(t *testing.T) {
 				return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 					body, err := ioutil.ReadAll(r.Body)
 					require.NoError(t, err)
-					assert.Equal(t, bytes.Repeat([]byte("1"), 1024*1024*50), body)
+					assert.True(t, strings.Repeat("1", 1024*1024) == string(body))
 					w.WriteHeader(http.StatusOK)
 				}))
 			},
-			body:   strings.Repeat("1", 1024*1024*50),
+			body:   strings.Repeat("1", 1024*1024),
 			config: json.RawMessage(`{}`),
 		},
 		{

diff --git a/pipeline/authz/utils.go b/pipeline/authz/utils.go
@@ -13,7 +13,11 @@ func pipeRequestBody(r *http.Request, w io.Writer) error {
 	}
 
 	var body bytes.Buffer
+	defer r.Body.Close()
 	_, err := io.Copy(w, io.TeeReader(r.Body, &body))
+	if err != nil {
+		return err
+	}
 	r.Body = ioutil.NopCloser(&body)
 	return err
 }