From dcd9f3763b0dbb8c2b2d2571566ab4b3a02ccade Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 7 Jul 2025 13:48:01 -0500
Subject: Check "Content-Type" header. Also process get params.

* Use the "Content-Type" value to check whether or not to attempt to
  read the sent values as json
* Process also the get parameter, to allow the endpoints to be
  slightly more flexible (this probably breaks how HTTP should work).
---
 gn_auth/auth/requests.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'gn_auth/auth/requests.py')

diff --git a/gn_auth/auth/requests.py b/gn_auth/auth/requests.py
index cd939dd..f577b9f 100644
--- a/gn_auth/auth/requests.py
+++ b/gn_auth/auth/requests.py
@@ -4,11 +4,10 @@ from flask import request
 
 def request_json() -> dict:
     """Retrieve the JSON sent in a request."""
-    try:
-        json_data = request.json
+    if request.headers.get("Content-Type") == "application/json":
         # KLUDGE: We have this check here since request.json has the
         # type Any | None; see:
         # <https://github.com/pallets/werkzeug/blob/7868bef5d978093a8baa0784464ebe5d775ae92a/src/werkzeug/wrappers/request.py#L545>
-        return json_data if isinstance(json_data, dict) else {}
-    except werkzeug.exceptions.UnsupportedMediaType:
-        return dict(request.form) or {}
+        return request.json or {}
+    else:
+        return dict(request.args) or dict(request.form) or {}
-- 
cgit v1.2.3