diff options
author | Bruno Semperlotti <bruno.semperlotti@gmail.com> | 2013-04-19 16:22:58 +0200 |
---|---|---|
committer | Bruno Semperlotti <bruno.semperlotti@gmail.com> | 2013-05-16 12:12:21 +0200 |
commit | 840a0758e7dc12360acf83106526436135e8f814 (patch) | |
tree | 58afa0f464540a061baacfd66d0b3e7b27526bf2 /tests/test_content_types.py | |
parent | 2e15fe428a2393f786852eb28c26bb9fee166bda (diff) | |
download | keystone-840a0758e7dc12360acf83106526436135e8f814.tar.gz keystone-840a0758e7dc12360acf83106526436135e8f814.tar.xz keystone-840a0758e7dc12360acf83106526436135e8f814.zip |
Http 400 when user enabled is not a boolean
When creating or updating a user, no type check was performed on the
enabled attribute. Therefore, if enabled value in JSON/XML is not a
boolean buta string or an int, keystone responds with an incorrect
Http 500 error code and the stacktrace.
The change introduces a type validation of the enabled attribute
at backend and api layer. If the type is not a boolean, keystone
now returns an appropriate Http 400 error code with a message
pointing a bad format for the attribute.
Test cases have been added to file test_backend and
test_content_types for testing the case when enabled attribute is a
string or int when creating or updating user.
The same correction can be done for create/update projects, domains.
Change-Id: I7d2fe3acf0c4dbd3ce5bdf9f4d059df085853b84
Fixes: bug #1110435
Diffstat (limited to 'tests/test_content_types.py')
-rw-r--r-- | tests/test_content_types.py | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/tests/test_content_types.py b/tests/test_content_types.py index 800784cb..5dbc6642 100644 --- a/tests/test_content_types.py +++ b/tests/test_content_types.py @@ -500,6 +500,72 @@ class CoreApiTests(object): token=token) self.assertValidUserResponse(r) + def test_create_update_user_invalid_enabled_type(self): + # Enforce usage of boolean for 'enabled' field in JSON and XML + token = self.get_scoped_token() + + # Test CREATE request + r = self.admin_request( + method='POST', + path='/v2.0/users', + body={ + 'user': { + 'name': uuid.uuid4().hex, + 'password': uuid.uuid4().hex, + # In XML, only "true|false" are converted to boolean. + 'enabled': "False", + }, + }, + token=token, + expected_status=400) + self.assertValidErrorResponse(r) + + r = self.admin_request( + method='POST', + path='/v2.0/users', + body={ + 'user': { + 'name': uuid.uuid4().hex, + 'password': uuid.uuid4().hex, + # In JSON, 0|1 are not booleans + 'enabled': 0, + }, + }, + token=token, + expected_status=400) + self.assertValidErrorResponse(r) + + # Test UPDATE request + path = '/v2.0/users/%(user_id)s' % { + 'user_id': self.user_foo['id'], + } + + r = self.admin_request( + method='PUT', + path=path, + body={ + 'user': { + # In XML, only "true|false" are converted to boolean. + 'enabled': "False", + }, + }, + token=token, + expected_status=400) + self.assertValidErrorResponse(r) + + r = self.admin_request( + method='PUT', + path=path, + body={ + 'user': { + # In JSON, 0|1 are not booleans + 'enabled': 1, + }, + }, + token=token, + expected_status=400) + self.assertValidErrorResponse(r) + def test_error_response(self): """This triggers assertValidErrorResponse by convention.""" self.public_request(path='/v2.0/tenants', expected_status=401) @@ -723,6 +789,42 @@ class JsonTestCase(RestfulTestCase, CoreApiTests): def assertValidRevocationListResponse(self, response): self.assertIsNotNone(response.body['signed']) + def test_create_update_user_json_invalid_enabled_type(self): + # Enforce usage of boolean for 'enabled' field in JSON + token = self.get_scoped_token() + + # Test CREATE request + r = self.admin_request( + method='POST', + path='/v2.0/users', + body={ + 'user': { + 'name': uuid.uuid4().hex, + 'password': uuid.uuid4().hex, + # In JSON, "true|false" are not boolean + 'enabled': "true", + }, + }, + token=token, + expected_status=400) + self.assertValidErrorResponse(r) + + # Test UPDATE request + r = self.admin_request( + method='PUT', + path='/v2.0/users/%(user_id)s' % { + 'user_id': self.user_foo['id'], + }, + body={ + 'user': { + # In JSON, "true|false" are not boolean + 'enabled': "true", + }, + }, + token=token, + expected_status=400) + self.assertValidErrorResponse(r) + class XmlTestCase(RestfulTestCase, CoreApiTests): xmlns = 'http://docs.openstack.org/identity/api/v2.0' |