diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-03-15 17:35:20 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-03-15 17:35:20 +0000 |
| commit | a79a7c1ddb6c7e3f71cc9791b318bdefbc1abeb8 (patch) | |
| tree | dac591775b4527dd6ff9d03844b21f1af2885727 | |
| parent | 335927e369ee882a435c2382925977ae9527a732 (diff) | |
| parent | a80a1f8b300cadf69a3ad385cfe0d39a6ad2b9b1 (diff) | |
| download | keystone-a79a7c1ddb6c7e3f71cc9791b318bdefbc1abeb8.tar.gz keystone-a79a7c1ddb6c7e3f71cc9791b318bdefbc1abeb8.tar.xz keystone-a79a7c1ddb6c7e3f71cc9791b318bdefbc1abeb8.zip | |
Merge "xml_body returns backtrace on XMLSyntaxError"
| -rw-r--r-- | keystone/middleware/core.py | 9 | ||||
| -rw-r--r-- | tests/test_content_types.py | 18 |
2 files changed, 26 insertions, 1 deletions
diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py index 29a6832b..99cba4a0 100644 --- a/keystone/middleware/core.py +++ b/keystone/middleware/core.py @@ -149,7 +149,14 @@ class XmlBodyMiddleware(wsgi.Middleware): incoming_xml = 'application/xml' in str(request.content_type) if incoming_xml and request.body: request.content_type = 'application/json' - request.body = jsonutils.dumps(serializer.from_xml(request.body)) + try: + request.body = jsonutils.dumps( + serializer.from_xml(request.body)) + except Exception: + LOG.exception('Serializer failed') + e = exception.ValidationError(attribute='valid XML', + target='request body') + return wsgi.render_exception(e) def process_response(self, request, response): """Transform the response from JSON to XML.""" diff --git a/tests/test_content_types.py b/tests/test_content_types.py index a5457ccb..844bc841 100644 --- a/tests/test_content_types.py +++ b/tests/test_content_types.py @@ -868,3 +868,21 @@ class XmlTestCase(RestfulTestCase, CoreApiTests): for tenant in r.body.findall(self._tag('tenant')): self.assertValidTenant(tenant) self.assertIn(tenant.get('enabled'), ['true', 'false']) + + def test_authenticate_with_invalid_xml_in_password(self): + # public_request would auto escape the ampersand + r = self.request( + port=self._public_port(), + method='POST', + path='/v2.0/tokens', + headers={ + 'Content-Type': 'application/xml' + }, + body=""" + <?xml version="1.0" encoding="UTF-8"?> + <auth xmlns="http://docs.openstack.org/identity/api/v2.0" + tenantId="bar"> + <passwordCredentials username="FOO" password="&"/> + </auth> + """, + expected_status=400) |