fix(activate): Reject empty userId with a 400 (#205)

Mike Davis · web-flow · commit 740716197123 · 2020-03-25T11:11:10.000-07:00
Prior to this change, empty userIds would still yield a valid decision which might have masked a request error. If this becomes an sticking point with customers we will introduce a "generateUserId" config option that will allow users to control this behavior. https://optimizely.atlassian.net/browse/OASIS-6132
diff --git a/pkg/handlers/activate.go b/pkg/handlers/activate.go
@@ -18,6 +18,7 @@
 package handlers
 
 import (
+	"errors"
 	"fmt"
 	"net/http"
 
@@ -174,12 +175,19 @@ func filterDecisions(r *http.Request, decisions []*optimizely.Decision) []*optim
 	return filtered
 }
 
+// ErrEmptyUserID is a constant error if userId is omitted from the request
+var ErrEmptyUserID = errors.New(`missing "userId" in request payload`)
+
 func getUserContext(r *http.Request) (entities.UserContext, error) {
 	var body ActivateBody
 	err := ParseRequestBody(r, &body)
 	if err != nil {
 		return entities.UserContext{}, err
 	}
 
+	if body.UserID == "" {
+		return entities.UserContext{}, ErrEmptyUserID
+	}
+
 	return entities.UserContext{ID: body.UserID, Attributes: body.UserAttributes}, nil
 }
diff --git a/pkg/handlers/activate_test.go b/pkg/handlers/activate_test.go
@@ -75,6 +75,14 @@ func (suite *ActivateTestSuite) SetupTest() {
 	suite.oc = optlyClient
 }
 
+func (suite *ActivateTestSuite) TestInvalidPayload() {
+	req := httptest.NewRequest("POST", "/activate", nil)
+	rec := httptest.NewRecorder()
+	suite.mux.ServeHTTP(rec, req)
+
+	suite.assertError(rec, `missing "userId" in request payload`, http.StatusBadRequest)
+}
+
 func (suite *ActivateTestSuite) TestGetFeatureWithFeatureTest() {
 	feature := entities.Feature{Key: "one"}
 	suite.tc.AddFeatureTest(feature)
@@ -410,17 +418,11 @@ func (suite *ActivateTestSuite) TestEnabledFilter() {
 }
 
 func (suite *ActivateTestSuite) TestInvalidFilter() {
-	req := httptest.NewRequest("POST", "/activate?type=invalid", nil)
+	req := httptest.NewRequest("POST", "/activate?type=invalid", bytes.NewBuffer(suite.body))
 	rec := httptest.NewRecorder()
 	suite.mux.ServeHTTP(rec, req)
 
-	suite.Equal(http.StatusBadRequest, rec.Code)
-
-	// Unmarshal response
-	var actual ErrorResponse
-	err := json.Unmarshal(rec.Body.Bytes(), &actual)
-	suite.NoError(err)
-	suite.Equal(`type "invalid" not supported`, actual.Error)
+	suite.assertError(rec, `type "invalid" not supported`, http.StatusBadRequest)
 }
 
 func (suite *ActivateTestSuite) assertError(rec *httptest.ResponseRecorder, msg string, code int) {
