diff options
author | Bruno Semperlotti <bruno.semperlotti@gmail.com> | 2013-04-19 16:22:58 +0200 |
---|---|---|
committer | Bruno Semperlotti <bruno.semperlotti@gmail.com> | 2013-05-16 12:12:21 +0200 |
commit | 840a0758e7dc12360acf83106526436135e8f814 (patch) | |
tree | 58afa0f464540a061baacfd66d0b3e7b27526bf2 /tests/test_backend.py | |
parent | 2e15fe428a2393f786852eb28c26bb9fee166bda (diff) | |
download | keystone-840a0758e7dc12360acf83106526436135e8f814.tar.gz keystone-840a0758e7dc12360acf83106526436135e8f814.tar.xz keystone-840a0758e7dc12360acf83106526436135e8f814.zip |
Http 400 when user enabled is not a boolean
When creating or updating a user, no type check was performed on the
enabled attribute. Therefore, if enabled value in JSON/XML is not a
boolean buta string or an int, keystone responds with an incorrect
Http 500 error code and the stacktrace.
The change introduces a type validation of the enabled attribute
at backend and api layer. If the type is not a boolean, keystone
now returns an appropriate Http 400 error code with a message
pointing a bad format for the attribute.
Test cases have been added to file test_backend and
test_content_types for testing the case when enabled attribute is a
string or int when creating or updating user.
The same correction can be done for create/update projects, domains.
Change-Id: I7d2fe3acf0c4dbd3ce5bdf9f4d059df085853b84
Fixes: bug #1110435
Diffstat (limited to 'tests/test_backend.py')
-rw-r--r-- | tests/test_backend.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/tests/test_backend.py b/tests/test_backend.py index 03fbf00d..7bd98fa2 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -1525,6 +1525,18 @@ class IdentityTests(object): 'fake1', user) + def test_create_user_invalid_enabled_type(self): + user = {'id': uuid.uuid4().hex, + 'name': uuid.uuid4().hex, + 'domain_id': DEFAULT_DOMAIN_ID, + 'password': uuid.uuid4().hex, + # invalid string value + 'enabled': "true"} + self.assertRaises(exception.ValidationError, + self.identity_man.create_user, {}, + user['id'], + user) + def test_update_user_long_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} @@ -1665,11 +1677,46 @@ class IdentityTests(object): user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], user['enabled']) + # If not present, enabled field should not be updated + del user['enabled'] + self.identity_api.update_user('fake1', user) + user_ref = self.identity_api.get_user('fake1') + self.assertEqual(user_ref['enabled'], False) + user['enabled'] = True self.identity_api.update_user('fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], user['enabled']) + del user['enabled'] + self.identity_api.update_user('fake1', user) + user_ref = self.identity_api.get_user('fake1') + self.assertEqual(user_ref['enabled'], True) + + # Integers are valid Python's booleans. Explicitly test it. + user['enabled'] = 0 + self.identity_api.update_user('fake1', user) + user_ref = self.identity_api.get_user('fake1') + self.assertEqual(user_ref['enabled'], False) + + # Any integers other than 0 are interpreted as True + user['enabled'] = -42 + self.identity_api.update_user('fake1', user) + user_ref = self.identity_api.get_user('fake1') + self.assertEqual(user_ref['enabled'], True) + + def test_update_user_enable_fails(self): + user = {'id': 'fake1', 'name': 'fake1', 'enabled': True, + 'domain_id': DEFAULT_DOMAIN_ID} + self.identity_api.create_user('fake1', user) + user_ref = self.identity_api.get_user('fake1') + self.assertEqual(user_ref['enabled'], True) + + # Strings are not valid boolean values + user['enabled'] = "false" + self.assertRaises(exception.ValidationError, + self.identity_api.update_user, 'fake1', user) + def test_update_project_enable(self): tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID} |