diff options
| author | Unmesh Gurjar <unmesh.gurjar@vertex.co.in> | 2012-07-19 13:16:12 +0530 |
|---|---|---|
| committer | Unmesh Gurjar <unmesh.gurjar@vertex.co.in> | 2012-07-19 13:16:12 +0530 |
| commit | 28061817edc1950bfc1ad61f69baaacaa7a89468 (patch) | |
| tree | cc3cd27e3f5ce66f02ac9c3eac235e8c4a9e0de3 | |
| parent | 4b97716e4a68cb55652fe2bfd62373adf2b417c5 (diff) | |
| download | keystone-28061817edc1950bfc1ad61f69baaacaa7a89468.tar.gz keystone-28061817edc1950bfc1ad61f69baaacaa7a89468.tar.xz keystone-28061817edc1950bfc1ad61f69baaacaa7a89468.zip | |
Added user name validation. Fixes bug 966251.
1. Verified name length while creating/updating user.
2. Disallowed blank user name in create/update.
3. Added unit test coverage.
Change-Id: I55cd5daf34f4f57d4163be403a7a75c5d22baa62
| -rw-r--r-- | keystone/clean.py | 7 | ||||
| -rw-r--r-- | keystone/identity/backends/kvs.py | 2 | ||||
| -rw-r--r-- | keystone/identity/backends/ldap/core.py | 3 | ||||
| -rw-r--r-- | keystone/identity/backends/sql.py | 3 | ||||
| -rw-r--r-- | tests/test_backend.py | 61 | ||||
| -rw-r--r-- | tests/test_backend_sql.py | 2 |
6 files changed, 77 insertions, 1 deletions
diff --git a/keystone/clean.py b/keystone/clean.py index e0bca179..8eb63b0d 100644 --- a/keystone/clean.py +++ b/keystone/clean.py @@ -42,3 +42,10 @@ def tenant_name(name): name = name.strip() check_length("Tenant name", name) return name + + +def user_name(name): + check_type("User name", name, basestring, "string or unicode") + name = name.strip() + check_length("User name", name) + return name diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py index 6d019235..81909ba5 100644 --- a/keystone/identity/backends/kvs.py +++ b/keystone/identity/backends/kvs.py @@ -196,6 +196,7 @@ class Identity(kvs.Base, identity.Driver): # CRUD def create_user(self, user_id, user): + user['name'] = clean.user_name(user['name']) try: self.get_user(user_id) except exception.UserNotFound: @@ -222,6 +223,7 @@ class Identity(kvs.Base, identity.Driver): def update_user(self, user_id, user): if 'name' in user: + user['name'] = clean.user_name(user['name']) existing = self.db.get('user_name-%s' % user['name']) if existing and user_id != existing['id']: msg = 'Duplicate name, %s.' % user['name'] diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index cf8c53e1..6b517298 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -185,9 +185,12 @@ class Identity(identity.Driver): # CRUD def create_user(self, user_id, user): + user['name'] = clean.user_name(user['name']) return self.user.create(user) def update_user(self, user_id, user): + if 'name' in user: + user['name'] = clean.user_name(user['name']) return self.user.update(user_id, user) def create_tenant(self, tenant_id, tenant): diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index a4dd6ace..dafd19bb 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -352,6 +352,7 @@ class Identity(sql.Base, identity.Driver): # CRUD @handle_conflicts(type='user') def create_user(self, user_id, user): + user['name'] = clean.user_name(user['name']) user = _ensure_hashed_password(user) session = self.get_session() with session.begin(): @@ -362,6 +363,8 @@ class Identity(sql.Base, identity.Driver): @handle_conflicts(type='user') def update_user(self, user_id, user): + if 'name' in user: + user['name'] = clean.user_name(user['name']) session = self.get_session() if 'id' in user and user_id != user['id']: raise exception.ValidationError('Cannot change user ID') diff --git a/tests/test_backend.py b/tests/test_backend.py index 6599b979..5659abb1 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -537,6 +537,67 @@ class IdentityTests(object): tenant['id'], tenant) + def test_create_user_long_name_fails(self): + user = {'id': 'fake1', 'name': 'a' * 65} + self.assertRaises(exception.ValidationError, + self.identity_api.create_user, + 'fake1', + user) + + def test_create_user_blank_name_fails(self): + user = {'id': 'fake1', 'name': ''} + self.assertRaises(exception.ValidationError, + self.identity_api.create_user, + 'fake1', + user) + + def test_create_user_invalid_name_fails(self): + user = {'id': 'fake1', 'name': None} + self.assertRaises(exception.ValidationError, + self.identity_api.create_user, + 'fake1', + user) + + user = {'id': 'fake1', 'name': 123} + self.assertRaises(exception.ValidationError, + self.identity_api.create_user, + 'fake1', + user) + + def test_update_user_long_name_fails(self): + user = {'id': 'fake1', 'name': 'fake1'} + self.identity_api.create_user('fake1', user) + user['name'] = 'a' * 65 + self.assertRaises(exception.ValidationError, + self.identity_api.update_user, + 'fake1', + user) + + def test_update_user_blank_name_fails(self): + user = {'id': 'fake1', 'name': 'fake1'} + self.identity_api.create_user('fake1', user) + user['name'] = '' + self.assertRaises(exception.ValidationError, + self.identity_api.update_user, + 'fake1', + user) + + def test_update_user_invalid_name_fails(self): + user = {'id': 'fake1', 'name': 'fake1'} + self.identity_api.create_user('fake1', user) + + user['name'] = None + self.assertRaises(exception.ValidationError, + self.identity_api.update_user, + 'fake1', + user) + + user['name'] = 123 + self.assertRaises(exception.ValidationError, + self.identity_api.update_user, + 'fake1', + user) + class TokenTests(object): def test_token_crud(self): diff --git a/tests/test_backend_sql.py b/tests/test_backend_sql.py index 91ee312c..9a0bcc00 100644 --- a/tests/test_backend_sql.py +++ b/tests/test_backend_sql.py @@ -56,7 +56,7 @@ class SqlIdentity(test.TestCase, test_backend.IdentityTests): user = {'id': uuid.uuid4().hex, 'name': None, 'password': uuid.uuid4().hex} - self.assertRaises(exception.Conflict, + self.assertRaises(exception.ValidationError, self.identity_api.create_user, user['id'], user) |