8000
  • Skip to content

    fix: validate API key is not empty in HTTPRequest node#29950

    Merged
    crazywoola merged 2 commits intolanggenius:mainfrom
    AziizBg:fix/http-request-empty-api-key-validation
    Dec 21, 2025
    Merged

    fix: validate API key is not empty in HTTPRequest node#29950
    crazywoola merged 2 commits intolanggenius:mainfrom
    AziizBg:fix/http-request-empty-api-key-validation

    Conversation

    @AziizBg
    Copy link
    Copy Markdown
    Contributor
    @AziizBg AziizBg commented Dec 19, 2025

    Fix: HTTPRequest Node fails when API key is empty

    Description

    Fixes issue #21830 where the HTTPRequest node fails to execute when the API key used for authorization is empty, resulting in invalid headers like "Basic " (with no credentials) and causing "Illegal header value" errors.

    Changes

    Core Fix

    • Added validation in Executor.__init__ to check if API key is empty or whitespace-only after template conversion
    • Raises AuthorizationConfigError with a clear error message when API key is empty
    • Prevents invalid authorization headers from being created

    Files Modified

    1. api/core/workflow/nodes/http_request/executor.py

      • Added validation after template conversion (lines 89-93)
      • Validates both empty strings and whitespace-only strings

    2. api/tests/unit_tests/core/workflow/nodes/http_request/test_http_request_executor.py

      • Added 5 new unit tests:
        • test_empty_api_key_raises_error_bearer - Tests bearer auth with empty key
        • test_empty_api_key_raises_error_basic - Tests basic auth with empty key
        • test_empty_api_key_raises_error_custom - Tests custom auth with empty key
        • test_whitespace_only_api_key_raises_error - Tests whitespace-only key
        • test_valid_api_key_works - Ensures valid keys still work

    3. api/tests/integration_tests/workflow/nodes/test_http.py

      • Updated test_custom_auth_with_empty_api_key_raises_error to expect AuthorizationConfigError
      • Updated test_custom_authorization_with_empty_api_key to verify proper error handling in node execution

    Testing

    Unit Tests

    All new unit tests pass:

    • ✅ Empty API key validation for bearer, basic, and custom auth types
    • ✅ Whitespace-only API key validation
    • ✅ Valid API key still works correctly

    Integration Tests

    • ✅ Updated integration tests to verify error handling in full node execution

    Manual Testing

    To test manually:

    1. Create a workflow with an HTTPRequest node
    2. Set authorization type to "api-key" (bearer, basic, or custom)
    3. Leave the API key field empty
    4. Execute the workflow
    5. Should receive a clear error: "API key is required for authorization but was empty. Please provide a valid API key."

    Impact

    • Before: Empty API keys caused cryptic errors like "Illegal header value b'Basic '" during HTTP request execution
    • After: Empty API keys are caught early with a clear, actionable error message before any HTTP request is made

    Related Issues

    Fixes #21830

    Checklist

    • Code follows project style guidelines
    • Tests added/updated
    • All tests pass
    • No linter errors
    • Error messages are clear and actionable
    • Backward compatibility maintained (valid API keys still work)

    @AziizBg
    fix: validate API key is not empty in HTTPRequest node
    d3681ee 
    - Add validation after template conversion to check for empty/whitespace API keys
- Raise AuthorizationConfigError with clear message when API key is empty
- Prevents invalid headers like 'Basic ' from being created
- Add comprehensive unit tests for all auth types (bearer, basic, custom)
- Update integration tests to verify proper error handling

Fixes langgenius#21830
    @dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Dec 19, 2025
    @gemini-code-assist
    Copy link
    Copy Markdown
    Contributor
    gemini-code-assist bot commented Dec 19, 2025

    Summary of Changes

    Hello @AziizBg, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

    This pull request resolves an issue where the HTTPRequest node would fail with obscure "Illegal header value" errors when an empty or whitespace-only API key was configured for authorization. The changes introduce robust pre-execution validation to detect such invalid API keys, ensuring that a clear and informative AuthorizationConfigError is raised instead, significantly improving the diagnostic experience for users.

    Highlights

    • Core Fix: Implemented validation in the Executor.__init__ method of the HTTPRequest node to check if the API key is empty or contains only whitespace characters after template conversion. This prevents the creation of invalid authorization headers.
    • Error Handling: When an empty or whitespace-only API key is detected, an AuthorizationConfigError is now raised with a clear, actionable error message, providing early feedback to the user before any HTTP request is made.
    • Unit Tests: Added five new unit tests to cover various scenarios, including empty API keys for bearer, basic, and custom authentication types, whitespace-only API keys, and to ensure that valid API keys continue to function as expected.
    • Integration Tests: Updated existing integration tests to reflect the new error handling, specifically modifying tests that previously checked for the absence of headers to now assert that an AuthorizationConfigError is raised when an empty API key is provided.

    🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

    Using Gemini Code Assist

    The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

    Invoking Gemini

    You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

    Feature Command Description
    Code Review /gemini review Performs a code review for the current pull request in its current state.
    Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
    Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
    Help /gemini help Displays a list of available commands.

    Customization

    To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

    Limitations & Feedback

    Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

    You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

    Footnotes

    1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

    gemini-code-assist[bot]
    gemini-code-assist bot reviewed Dec 19, 2025
    View reviewed changes
    Copy link
    Copy Markdown
    Contributor
    @gemini-code-assist gemini-code-assist bot left a comment

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    8000

    Code Review

    This pull request effectively resolves the issue of the HTTPRequest node failing with an empty API key by introducing validation early in the executor's initialization. The changes are well-implemented, and the inclusion of both unit and integration tests ensures the fix is robust and reliable. My feedback includes a couple of suggestions for improving code conciseness and test maintainability.

    @dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Dec 21, 2025
    @crazywoola crazywoola merged commit 6cf7136 into langgenius:main Dec 21, 2025
    12 checks passed
    This was referenced Dec 30, 2025
    Open
    Open
    9009
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

    Reviewers

    @crazywoola crazywoola crazywoola approved these changes

    @QuantumGhost QuantumGhost Awaiting requested review from QuantumGhost QuantumGhost is a code owner

    +1 more reviewer

    @gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

    Reviewers whose approvals may not affect merge requirements

    Assignees

    No one assigned

    Labels

    lgtm This PR has been approved by a maintainer size:L This PR changes 100-499 lines, ignoring generated files.

    Projects

    None yet

    Milestone

    No milestone

    Development

    Successfully merging this pull request may close these issues.

    HTTPRequest node fails to execute when API key used for authorization is empty

    2 participants

    @AziizBg @crazywoola
    0