Add the validation rules when create token

HTTP 500 being returned when the request body attibute for POST /v3/auth/tokens has an empty string instead of dict. This patch fix when the domain and the project in the scope has an empty string. Change-Id: I11031a5a19acb9e336721d69b59e7e6f691eb2a4 Partial-Bug: #1580338
2016-05-13 14:46:45 +09:00 · 2016-05-13 14:46:45 +09:00 · fe3b4c0f65
parent 973b9d7aa3
commit fe3b4c0f65
2 changed files with 28 additions and 0 deletions
--- a/keystone/auth/controllers.py
+++ b/keystone/auth/controllers.py
@ -170,6 +170,9 @@ class AuthInfo(object):
                        sys.exc_info()[2])

    def _lookup_domain(self, domain_info):
+        if isinstance(domain_info, dict) is False:
+            raise exception.ValidationError(attribute='dict',
+                                            target='domain')
        domain_id = domain_info.get('id')
        domain_name = domain_info.get('name')
        domain_ref = None
@ -193,6 +196,9 @@ class AuthInfo(object):
        return domain_ref

    def _lookup_project(self, project_info):
+        if isinstance(project_info, dict) is False:
+            raise exception.ValidationError(attribute='dict',
+                                            target='project')
        project_id = project_info.get('id')
        project_name = project_info.get('name')
        project_ref = None
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -119,6 +119,28 @@ class TestAuthInfo(common_auth.AuthTestMixin, testcase.TestCase):
                          auth_info.get_method_data,
                          method_name)

+    def test_empty_domain_in_scope(self):
+        auth_data = self.build_authentication_request(
+            user_id='test',
+            password='test',
+            domain_name='')['auth']
+        auth_data['scope']['domain'] = []
+        self.assertRaises(exception.ValidationError,
+                          auth.controllers.AuthInfo.create,
+                          None,
+                          auth_data)
+
+    def test_empty_project_in_scope(self):
+        auth_data = self.build_authentication_request(
+            user_id='test',
+            password='test',
+            project_name='')['auth']
+        auth_data['scope']['project'] = []
+        self.assertRaises(exception.ValidationError,
+                          auth.controllers.AuthInfo.create,
+                          None,
+                          auth_data)
+

 class TokenAPITests(object):
    # Why is this not just setUp? Because TokenAPITests is not a test class