diff options
author | David Höppner <0xffea@gmail.com> | 2013-03-10 20:04:07 +0100 |
---|---|---|
committer | David Höppner <0xffea@gmail.com> | 2013-03-14 16:07:39 +0100 |
commit | a80a1f8b300cadf69a3ad385cfe0d39a6ad2b9b1 (patch) | |
tree | f56c909009b79dde614bb1bcd4530b71a37ffecf | |
parent | f6a2691caf06ee02cc9d245855c3b3012427980d (diff) | |
download | keystone-a80a1f8b300cadf69a3ad385cfe0d39a6ad2b9b1.tar.gz keystone-a80a1f8b300cadf69a3ad385cfe0d39a6ad2b9b1.tar.xz keystone-a80a1f8b300cadf69a3ad385cfe0d39a6ad2b9b1.zip |
xml_body returns backtrace on XMLSyntaxError
Protected against XMLSyntaxError that can occur in from_xml. Return
a validation error (400) instead of an internal server error (500).
Change-Id: Ic5160f4f6c810e96b74dbf9563547ac739a54c5e
Fixes: bug #1101043
-rw-r--r-- | keystone/middleware/core.py | 9 | ||||
-rw-r--r-- | tests/test_content_types.py | 18 |
2 files changed, 26 insertions, 1 deletions
diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py index 29a6832b..99cba4a0 100644 --- a/keystone/middleware/core.py +++ b/keystone/middleware/core.py @@ -149,7 +149,14 @@ class XmlBodyMiddleware(wsgi.Middleware): incoming_xml = 'application/xml' in str(request.content_type) if incoming_xml and request.body: request.content_type = 'application/json' - request.body = jsonutils.dumps(serializer.from_xml(request.body)) + try: + request.body = jsonutils.dumps( + serializer.from_xml(request.body)) + except Exception: + LOG.exception('Serializer failed') + e = exception.ValidationError(attribute='valid XML', + target='request body') + return wsgi.render_exception(e) def process_response(self, request, response): """Transform the response from JSON to XML.""" diff --git a/tests/test_content_types.py b/tests/test_content_types.py index a5457ccb..844bc841 100644 --- a/tests/test_content_types.py +++ b/tests/test_content_types.py @@ -868,3 +868,21 @@ class XmlTestCase(RestfulTestCase, CoreApiTests): for tenant in r.body.findall(self._tag('tenant')): self.assertValidTenant(tenant) self.assertIn(tenant.get('enabled'), ['true', 'false']) + + def test_authenticate_with_invalid_xml_in_password(self): + # public_request would auto escape the ampersand + r = self.request( + port=self._public_port(), + method='POST', + path='/v2.0/tokens', + headers={ + 'Content-Type': 'application/xml' + }, + body=""" + <?xml version="1.0" encoding="UTF-8"?> + <auth xmlns="http://docs.openstack.org/identity/api/v2.0" + tenantId="bar"> + <passwordCredentials username="FOO" password="&"/> + </auth> + """, + expected_status=400) |