Fix 500 error when authenticate with "mapped"

When authenticate with "mapped" method, if users forget to add
"identity_provider" or "protocol" keypair, keystone will raise
500 error.

In this case, keystone should raise 400 error(ValidationError).

Change-Id: I85feb078b7fb2a5b091407fa69db7409a9c75199
Closes-bug: #1730270
This commit is contained in:
wangxiyuan 2017-11-06 11:58:56 +08:00
parent 52bb8757e6
commit 503882cb8c
2 changed files with 29 additions and 2 deletions

View File

@ -202,8 +202,16 @@ def handle_unscoped_token(request, auth_payload, resource_api, federation_api,
return resp
assertion = extract_assertion_data(request)
identity_provider = auth_payload['identity_provider']
protocol = auth_payload['protocol']
try:
identity_provider = auth_payload['identity_provider']
except KeyError:
raise exception.ValidationError(
attribute='identity_provider', target='mapped')
try:
protocol = auth_payload['protocol']
except KeyError:
raise exception.ValidationError(
attribute='protocol', target='mapped')
utils.assert_enabled_identity_provider(federation_api, identity_provider)

View File

@ -18,6 +18,7 @@ import mock
from keystone import auth
from keystone.auth.plugins import base
from keystone.auth.plugins import mapped
from keystone import exception
from keystone.tests import unit
from keystone.tests.unit.ksfixtures import auth_plugins
@ -189,6 +190,24 @@ class TestMapped(unit.TestCase):
kwargs) = authenticate.call_args
self.assertEqual(method_name, auth_payload['protocol'])
def test_mapped_without_identity_provider_or_protocol(self):
test_mapped = mapped.Mapped()
test_mapped.resource_api = mock.Mock()
test_mapped.federation_api = mock.Mock()
test_mapped.identity_api = mock.Mock()
test_mapped.assignment_api = mock.Mock()
test_mapped.role_api = mock.Mock()
request = self.make_request()
auth_payload = {'identity_provider': 'test_provider'}
self.assertRaises(exception.ValidationError, test_mapped.authenticate,
request, auth_payload)
auth_payload = {'protocol': 'saml2'}
self.assertRaises(exception.ValidationError, test_mapped.authenticate,
request, auth_payload)
def test_supporting_multiple_methods(self):
method_names = ('saml2', 'openid', 'x509', 'mapped')
self.useFixture(auth_plugins.LoadAuthPlugins(*method_names))