Separate request rejection from bad request state setting.

Cesar Blum Silveira · Cesar Blum Silveira · commit 78584799a412 · 2016-10-17T15:16:50.000-07:00
diff --git a/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/Frame.cs b/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/Frame.cs
@@ -47,7 +47,6 @@ public abstract partial class Frame : IFrameControl
         private readonly object _onStartingSync = new Object();
         private readonly object _onCompletedSync = new Object();
 
-        protected bool _requestRejected;
         private Streams _frameStreams;
 
         protected Stack<KeyValuePair<Func<object, Task>, object>> _onStarting;
@@ -64,6 +63,7 @@ public abstract partial class Frame : IFrameControl
         private bool _canHaveBody;
         private bool _autoChunk;
         protected Exception _applicationException;
+        private BadHttpRequestException _requestRejectedException;
 
         protected HttpVersion _httpVersion;
 
@@ -717,7 +717,7 @@ private void ProduceStart(bool appCompleted)
 
         protected Task TryProduceInvalidRequestResponse()
         {
-            if (_requestRejected)
+            if (_requestRejectedException != null)
             {
                 if (FrameRequestHeaders == null || FrameResponseHeaders == null)
                 {
@@ -732,7 +732,7 @@ protected Task TryProduceInvalidRequestResponse()
 
         protected Task ProduceEnd()
         {
-            if (_requestRejected || _applicationException != null)
+            if (_requestRejectedException != null || _applicationException != null)
             {
                 if (HasResponseStarted)
                 {
@@ -741,8 +741,13 @@ protected Task ProduceEnd()
                     return TaskCache.CompletedTask;
                 }
 
-                // If the request was rejected, the error state has already been set by SetBadRequestState
-                if (!_requestRejected)
+                // If the request was rejected, the error state has already been set by SetBadRequestState and
+                // that should take precedence.
+                if (_requestRejectedException != null)
+                {
+                    SetErrorResponseHeaders(statusCode: _requestRejectedException.StatusCode);
+                }
+                else
                 {
                     // 500 Internal Server Error
                     SetErrorResponseHeaders(statusCode: 500);
@@ -1394,24 +1399,19 @@ private void ThrowResponseAbortedException()
                     _applicationException);
         }
 
-        public void RejectRequest(string message)
+        public void RejectRequest(RequestRejectionReason reason)
         {
-            throw new ObjectDisposedException(
-                "The response has been aborted due to an unhandled application exception.",
-                _applicationException);
+            RejectRequest(BadHttpRequestException.GetException(reason));
         }
 
-        public void RejectRequest(RequestRejectionReason reason)
+        public void RejectRequest(RequestRejectionReason reason, string value)
         {
-            var ex = BadHttpRequestException.GetException(reason);
-            SetBadRequestState(ex);
-            throw ex;
+            RejectRequest(BadHttpRequestException.GetException(reason, value));
         }
 
-        public void RejectRequest(RequestRejectionReason reason, string value)
+        private void RejectRequest(BadHttpRequestException ex)
         {
-            var ex = BadHttpRequestException.GetException(reason, value);
-            SetBadRequestState(ex);
+            Log.ConnectionBadRequest(ConnectionId, ex);
             throw ex;
         }
 
@@ -1422,17 +1422,14 @@ public void SetBadRequestState(RequestRejectionReason reason)
 
         public void SetBadRequestState(BadHttpRequestException ex)
         {
-            // Setting status code will throw if response has already started
             if (!HasResponseStarted)
             {
-                SetErrorResponseHeaders(statusCode: ex.StatusCode);
+                SetErrorResponseHeaders(ex.StatusCode);
             }
 
             _keepAlive = false;
             _requestProcessingStopping = true;
-            _requestRejected = true;
-
-            Log.ConnectionBadRequest(ConnectionId, ex);
+            _requestRejectedException = ex;
         }
 
         protected void ReportApplicationError(Exception ex)
diff --git a/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/FrameOfT.cs b/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/FrameOfT.cs
@@ -100,6 +100,11 @@ public override async Task RequestProcessingAsync()
                             catch (Exception ex)
                             {
                                 ReportApplicationError(ex);
+
+                                if (ex is BadHttpRequestException)
+                                {
+                                    throw;
+                                }
                             }
                             finally
                             {
@@ -118,31 +123,38 @@ public override async Task RequestProcessingAsync()
                                 {
                                     await FireOnCompleted();
                                 }
+                            }
 
-                                // If _requestAbort is set, the connection has already been closed.
-                                if (Volatile.Read(ref _requestAborted) == 0)
-                                {
-                                    ResumeStreams();
-
-                                    if (_keepAlive)
-                                    {
-                                        // Finish reading the request body in case the app did not.
-                                        await messageBody.Consume();
-                                    }
-
-                                    // ProduceEnd() must be called before _application.DisposeContext(), to ensure
-                                    // HttpContext.Response.StatusCode is correctly set when
-                                    // IHttpContextFactory.Dispose(HttpContext) is called.
-                                    await ProduceEnd();
-                                }
-                                else if (!HasResponseStarted)
+                            // If _requestAbort is set, the connection has already been closed.
+                            if (Volatile.Read(ref _requestAborted) == 0)
+                            {
+                                ResumeStreams();
+
+                                if (_keepAlive)
                                 {
-                                    // If the request was aborted and no response was sent, there's no
-                                    // meaningful status code to log.
-                                    StatusCode = 0;
+                                    // Finish reading the request body in case the app did not.
+                                    await messageBody.Consume();
                                 }
+
+                                // ProduceEnd() must be called before _application.DisposeContext(), to ensure
+                                // HttpContext.Response.StatusCode is correctly set when
+                                // IHttpContextFactory.Dispose(HttpContext) is called.
+                                await ProduceEnd();
+                            }
+                            else if (!HasResponseStarted)
+                            {
+                                // If the request was aborted and no response was sent, there's no
+                                // meaningful status code to log.
+                                StatusCode = 0;
                             }
                         }
+                        catch (BadHttpRequestException ex)
+                        {
+                            // Handle BadHttpRequestException thrown during app execution or remaining message body consumption.
+                            // This has to be caught here so StatusCode is set properly before disposing the HttpContext
+                            // (DisposeContext logs StatusCode).
+                            SetBadRequestState(ex);
+                        }
                         finally
                         {
                             _application.DisposeContext(context, _applicationException);
@@ -169,11 +181,9 @@ public override async Task RequestProcessingAsync()
             }
             catch (BadHttpRequestException ex)
             {
-                if (!_requestRejected)
-                {
-                    // SetBadRequestState logs the error.
-                    SetBadRequestState(ex);
-                }
+                // Handle BadHttpRequestException thrown during request line or header parsing.
+                // SetBadRequestState logs the error.
+                SetBadRequestState(ex);
             }
             catch (Exception ex)
             {
@@ -183,11 +193,10 @@ public override async Task RequestProcessingAsync()
             {
                 try
                 {
-                    await TryProduceInvalidRequestResponse();
-
                     // If _requestAborted is set, the connection has already been closed.
                     if (Volatile.Read(ref _requestAborted) == 0)
                     {
+                        await TryProduceInvalidRequestResponse();
                         ConnectionControl.End(ProduceEndType.SocketShutdown);
                     }
                 }
diff --git a/test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/ResponseTests.cs b/test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/ResponseTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IO;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -239,6 +238,38 @@ public Task ResponseStatusCodeSetBeforeHttpContextDisposedRequestMalformed()
                 sendMalformedRequest: true);
         }
 
+        [Fact]
+        public Task ResponseStatusCodeSetBeforeHttpContextDisposedRequestMalformedRead()
+        {
+            return ResponseStatusCodeSetBeforeHttpContextDispose(
+                async context =>
+                {
+                    await context.Request.Body.ReadAsync(new byte[1], 0, 1);
+                },
+                expectedClientStatusCode: null,
+                expectedServerStatusCode: HttpStatusCode.BadRequest,
+                sendMalformedRequest: true);
+        }
+
+        [Fact]
+        public Task ResponseStatusCodeSetBeforeHttpContextDisposedRequestMalformedReadIgnored()
+        {
+            return ResponseStatusCodeSetBeforeHttpContextDispose(
+                async context =>
+                {
+                    try
+                    {
+                        await context.Request.Body.ReadAsync(new byte[1], 0, 1);
+                    }
+                    catch (BadHttpRequestException)
+                    {
+                    }
+                },
+                expectedClientStatusCode: null,
+                expectedServerStatusCode: HttpStatusCode.BadRequest,
+                sendMalformedRequest: true);
+        }
+
         private static async Task ResponseStatusCodeSetBeforeHttpContextDispose(
             RequestDelegate handler,
             HttpStatusCode? expectedClientStatusCode,
@@ -730,14 +761,11 @@ await connection.Receive(
         [Fact]
         public async Task HeadResponseCanContainContentLengthHeader()
         {
-            var testLogger = new TestApplicationErrorLogger();
-            var serviceContext = new TestServiceContext { Log = new TestKestrelTrace(testLogger) };
-
             using (var server = new TestServer(httpContext =>
             {
                 httpContext.Response.ContentLength = 42;
                 return TaskCache.CompletedTask;
-            }, serviceContext))
+            }, new TestServiceContext()))
             {
                 using (var connection = server.CreateConnection())
                 {
@@ -746,7 +774,7 @@ await connection.SendEnd(
                         "",
                         "");
                     await connection.ReceiveEnd(
-                        $"HTTP/1.1 200 OK",
+                        "HTTP/1.1 200 OK",
                         $"Date: {server.Context.DateHeaderValue}",
                         "Content-Length: 42",
                         "",
@@ -758,14 +786,11 @@ await connection.ReceiveEnd(
         [Fact]
         public async Task HeadResponseCanContainContentLengthHeaderButBodyNotWritten()
         {
-            var testLogger = new TestApplicationErrorLogger();
-            var serviceContext = new TestServiceContext { Log = new TestKestrelTrace(testLogger) };
-
             using (var server = new TestServer(async httpContext =>
             {
                 httpContext.Response.ContentLength = 12;
                 await httpContext.Response.WriteAsync("hello, world");
-            }, serviceContext))
+            }, new TestServiceContext()))
             {
                 using (var connection = server.CreateConnection())
                 {
@@ -774,7 +799,7 @@ await connection.SendEnd(
                         "",
                         "");
                     await connection.ReceiveEnd(
-                        $"HTTP/1.1 200 OK",
+                        "HTTP/1.1 200 OK",
                         $"Date: {server.Context.DateHeaderValue}",
                         "Content-Length: 12",
                         "",
@@ -783,6 +808,46 @@ await connection.ReceiveEnd(
             }
         }
 
+        [Fact]
+        public async Task AppCanWriteOwnBadRequestResponse()
+        {
+            var expectedResponse = string.Empty;
+            var responseWrittenTcs = new TaskCompletionSource<object>();
+
+            using (var server = new TestServer(async httpContext =>
+            {
+                try
+                {
+                    await httpContext.Request.Body.ReadAsync(new byte[1], 0, 1);
+                }
+                catch (BadHttpRequestException ex)
+                {
+                    expectedResponse = ex.Message;
+                    httpContext.Response.StatusCode = 400;
+                    httpContext.Response.ContentLength = ex.Message.Length;
+                    await httpContext.Response.WriteAsync(ex.Message);
+                    responseWrittenTcs.SetResult(null);
+                }
+            }, new TestServiceContext()))
+            {
+                using (var connection = server.CreateConnection())
+                {
+                    await connection.SendEnd(
+                        "POST / HTTP/1.1",
+                        "Transfer-Encoding: chunked",
+                        "",
+                        "bad");
+                    await responseWrittenTcs.Task;
+                    await connection.ReceiveEnd(
+                        "HTTP/1.1 400 Bad Request",
+                        $"Date: {server.Context.DateHeaderValue}",
+                        $"Content-Length: {expectedResponse.Length}",
+                        "",
+                        expectedResponse);
+                }
+            }
+        }
+
         public static TheoryData<string, StringValues, string> NullHeaderData
         {
             get

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,6 @@ public abstract partial class Frame : IFrameControl`
`47`	`47`	`private readonly object _onStartingSync = new Object();`
`48`	`48`	`private readonly object _onCompletedSync = new Object();`
`49`	`49`
`50`		`- protected bool _requestRejected;`
`51`	`50`	`private Streams _frameStreams;`
`52`	`51`
`53`	`52`	`protected Stack<KeyValuePair<Func<object, Task>, object>> _onStarting;`
`@@ -64,6 +63,7 @@ public abstract partial class Frame : IFrameControl`
`64`	`63`	`private bool _canHaveBody;`
`65`	`64`	`private bool _autoChunk;`
`66`	`65`	`protected Exception _applicationException;`
	`66`	`+ private BadHttpRequestException _requestRejectedException;`
`67`	`67`
`68`	`68`	`protected HttpVersion _httpVersion;`
`69`	`69`
`@@ -717,7 +717,7 @@ private void ProduceStart(bool appCompleted)`
`717`	`717`
`718`	`718`	`protected Task TryProduceInvalidRequestResponse()`
`719`	`719`	`{`
`720`		`- if (_requestRejected)`
	`720`	`+ if (_requestRejectedException != null)`
`721`	`721`	`{`
`722`	`722`	`if (FrameRequestHeaders == null \|\| FrameResponseHeaders == null)`
`723`	`723`	`{`
`@@ -732,7 +732,7 @@ protected Task TryProduceInvalidRequestResponse()`
`732`	`732`
`733`	`733`	`protected Task ProduceEnd()`
`734`	`734`	`{`
`735`		`- if (_requestRejected \|\| _applicationException != null)`
	`735`	`+ if (_requestRejectedException != null \|\| _applicationException != null)`
`736`	`736`	`{`
`737`	`737`	`if (HasResponseStarted)`
`738`	`738`	`{`
`@@ -741,8 +741,13 @@ protected Task ProduceEnd()`
`741`	`741`	`return TaskCache.CompletedTask;`
`742`	`742`	`}`
`743`	`743`
`744`		`- // If the request was rejected, the error state has already been set by SetBadRequestState`
`745`		`- if (!_requestRejected)`
	`744`	`+ // If the request was rejected, the error state has already been set by SetBadRequestState and`
	`745`	`+ // that should take precedence.`
	`746`	`+ if (_requestRejectedException != null)`
	`747`	`+ {`
	`748`	`+ SetErrorResponseHeaders(statusCode: _requestRejectedException.StatusCode);`
	`749`	`+ }`
	`750`	`+ else`
`746`	`751`	`{`
`747`	`752`	`// 500 Internal Server Error`
`748`	`753`	`SetErrorResponseHeaders(statusCode: 500);`
`@@ -1394,24 +1399,19 @@ private void ThrowResponseAbortedException()`
`1394`	`1399`	`_applicationException);`
`1395`	`1400`	`}`
`1396`	`1401`
`1397`		`- public void RejectRequest(string message)`
	`1402`	`+ public void RejectRequest(RequestRejectionReason reason)`
`1398`	`1403`	`{`
`1399`		`- throw new ObjectDisposedException(`
`1400`		`- "The response has been aborted due to an unhandled application exception.",`
`1401`		`- _applicationException);`
	`1404`	`+ RejectRequest(BadHttpRequestException.GetException(reason));`
`1402`	`1405`	`}`
`1403`	`1406`
`1404`		`- public void RejectRequest(RequestRejectionReason reason)`
	`1407`	`+ public void RejectRequest(RequestRejectionReason reason, string value)`
`1405`	`1408`	`{`
`1406`		`- var ex = BadHttpRequestException.GetException(reason);`
`1407`		`- SetBadRequestState(ex);`
`1408`		`- throw ex;`
	`1409`	`+ RejectRequest(BadHttpRequestException.GetException(reason, value));`
`1409`	`1410`	`}`
`1410`	`1411`
`1411`		`- public void RejectRequest(RequestRejectionReason reason, string value)`
	`1412`	`+ private void RejectRequest(BadHttpRequestException ex)`
`1412`	`1413`	`{`
`1413`		`- var ex = BadHttpRequestException.GetException(reason, value);`
`1414`		`- SetBadRequestState(ex);`
	`1414`	`+ Log.ConnectionBadRequest(ConnectionId, ex);`
`1415`	`1415`	`throw ex;`
`1416`	`1416`	`}`
`1417`	`1417`
`@@ -1422,17 +1422,14 @@ public void SetBadRequestState(RequestRejectionReason reason)`
`1422`	`1422`
`1423`	`1423`	`public void SetBadRequestState(BadHttpRequestException ex)`
`1424`	`1424`	`{`
`1425`		`- // Setting status code will throw if response has already started`
`1426`	`1425`	`if (!HasResponseStarted)`
`1427`	`1426`	`{`
`1428`		`- SetErrorResponseHeaders(statusCode: ex.StatusCode);`
	`1427`	`+ SetErrorResponseHeaders(ex.StatusCode);`
`1429`	`1428`	`}`
`1430`	`1429`
`1431`	`1430`	`_keepAlive = false;`
`1432`	`1431`	`_requestProcessingStopping = true;`
`1433`		`- _requestRejected = true;`
`1434`		`-`
`1435`		`- Log.ConnectionBadRequest(ConnectionId, ex);`
	`1432`	`+ _requestRejectedException = ex;`
`1436`	`1433`	`}`
`1437`	`1434`
`1438`	`1435`	`protected void ReportApplicationError(Exception ex)`
Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,11 @@ public override async Task RequestProcessingAsync()`
`100`	`100`	`catch (Exception ex)`
`101`	`101`	`{`
`102`	`102`	`ReportApplicationError(ex);`
	`103`	`+`
	`104`	`+ if (ex is BadHttpRequestException)`
	`105`	`+ {`
	`106`	`+ throw;`
	`107`	`+ }`
`103`	`108`	`}`
`104`	`109`	`finally`
`105`	`110`	`{`
`@@ -118,31 +123,38 @@ public override async Task RequestProcessingAsync()`
`118`	`123`	`{`
`119`	`124`	`await FireOnCompleted();`
`120`	`125`	`}`
	`126`	`+ }`
`121`	`127`
`122`		`- // If _requestAbort is set, the connection has already been closed.`
`123`		`- if (Volatile.Read(ref _requestAborted) == 0)`
`124`		`- {`
`125`		`- ResumeStreams();`
`126`		`-`
`127`		`- if (_keepAlive)`
`128`		`- {`
`129`		`- // Finish reading the request body in case the app did not.`
`130`		`- await messageBody.Consume();`
`131`		`- }`
`132`		`-`
`133`		`- // ProduceEnd() must be called before _application.DisposeContext(), to ensure`
`134`		`- // HttpContext.Response.StatusCode is correctly set when`
`135`		`- // IHttpContextFactory.Dispose(HttpContext) is called.`
`136`		`- await ProduceEnd();`
`137`		`- }`
`138`		`- else if (!HasResponseStarted)`
	`128`	`+ // If _requestAbort is set, the connection has already been closed.`
	`129`	`+ if (Volatile.Read(ref _requestAborted) == 0)`
	`130`	`+ {`
	`131`	`+ ResumeStreams();`
	`132`	`+`
	`133`	`+ if (_keepAlive)`
`139`	`134`	`{`
`140`		`- // If the request was aborted and no response was sent, there's no`
`141`		`- // meaningful status code to log.`
`142`		`- StatusCode = 0;`
	`135`	`+ // Finish reading the request body in case the app did not.`
	`136`	`+ await messageBody.Consume();`
`143`	`137`	`}`
	`138`	`+`
	`139`	`+ // ProduceEnd() must be called before _application.DisposeContext(), to ensure`
	`140`	`+ // HttpContext.Response.StatusCode is correctly set when`
	`141`	`+ // IHttpContextFactory.Dispose(HttpContext) is called.`
	`142`	`+ await ProduceEnd();`
	`143`	`+ }`
	`144`	`+ else if (!HasResponseStarted)`
	`145`	`+ {`
	`146`	`+ // If the request was aborted and no response was sent, there's no`
	`147`	`+ // meaningful status code to log.`
	`148`	`+ StatusCode = 0;`
`144`	`149`	`}`
`145`	`150`	`}`
	`151`	`+ catch (BadHttpRequestException ex)`
	`152`	`+ {`
	`153`	`+ // Handle BadHttpRequestException thrown during app execution or remaining message body consumption.`
	`154`	`+ // This has to be caught here so StatusCode is set properly before disposing the HttpContext`
	`155`	`+ // (DisposeContext logs StatusCode).`
	`156`	`+ SetBadRequestState(ex);`
	`157`	`+ }`
`146`	`158`	`finally`
`147`	`159`	`{`
`148`	`160`	`_application.DisposeContext(context, _applicationException);`
`@@ -169,11 +181,9 @@ public override async Task RequestProcessingAsync()`
`169`	`181`	`}`
`170`	`182`	`catch (BadHttpRequestException ex)`
`171`	`183`	`{`
`172`		`- if (!_requestRejected)`
`173`		`- {`
`174`		`- // SetBadRequestState logs the error.`
`175`		`- SetBadRequestState(ex);`
`176`		`- }`
	`184`	`+ // Handle BadHttpRequestException thrown during request line or header parsing.`
	`185`	`+ // SetBadRequestState logs the error.`
	`186`	`+ SetBadRequestState(ex);`
`177`	`187`	`}`
`178`	`188`	`catch (Exception ex)`
`179`	`189`	`{`
`@@ -183,11 +193,10 @@ public override async Task RequestProcessingAsync()`
`183`	`193`	`{`
`184`	`194`	`try`
`185`	`195`	`{`
`186`		`- await TryProduceInvalidRequestResponse();`
`187`		`-`
`188`	`196`	`// If _requestAborted is set, the connection has already been closed.`
`189`	`197`	`if (Volatile.Read(ref _requestAborted) == 0)`
`190`	`198`	`{`
	`199`	`+ await TryProduceInvalidRequestResponse();`
`191`	`200`	`ConnectionControl.End(ProduceEndType.SocketShutdown);`
`192`	`201`	`}`
`193`	`202`	`}`