Http 400 when user enabled is not a boolean

When creating or updating a user, no type check was performed on the enabled attribute. Therefore, if enabled value in JSON/XML is not a boolean buta string or an int, keystone responds with an incorrect Http 500 error code and the stacktrace. The change introduces a type validation of the enabled attribute at backend and api layer. If the type is not a boolean, keystone now returns an appropriate Http 400 error code with a message pointing a bad format for the attribute. Test cases have been added to file test_backend and test_content_types for testing the case when enabled attribute is a string or int when creating or updating user. The same correction can be done for create/update projects, domains. Change-Id: I7d2fe3acf0c4dbd3ce5bdf9f4d059df085853b84 Fixes: bug #1110435
author: Bruno Semperlotti <bruno.semperlotti@gmail.com> 2013-04-19 16:22:58 +0200
committer: Bruno Semperlotti <bruno.semperlotti@gmail.com> 2013-05-16 12:12:21 +0200
commit: 840a0758e7dc12360acf83106526436135e8f814 (patch)
tree: 58afa0f464540a061baacfd66d0b3e7b27526bf2 /tests/test_content_types.py
parent: 2e15fe428a2393f786852eb28c26bb9fee166bda (diff)
download: keystone-840a0758e7dc12360acf83106526436135e8f814.tar.gz
keystone-840a0758e7dc12360acf83106526436135e8f814.tar.xz
keystone-840a0758e7dc12360acf83106526436135e8f814.zip
1 files changed, 102 insertions, 0 deletions
diff --git a/tests/test_content_types.py b/tests/test_content_types.py
index 800784cb..5dbc6642 100644
--- a/tests/test_content_types.py
+++ b/tests/test_content_types.py
@@ -500,6 +500,72 @@ class CoreApiTests(object):
             token=token)
         self.assertValidUserResponse(r)
 
+    def test_create_update_user_invalid_enabled_type(self):
+        # Enforce usage of boolean for 'enabled' field in JSON and XML
+        token = self.get_scoped_token()
+
+        # Test CREATE request
+        r = self.admin_request(
+            method='POST',
+            path='/v2.0/users',
+            body={
+                'user': {
+                    'name': uuid.uuid4().hex,
+                    'password': uuid.uuid4().hex,
+                    # In XML, only "true|false" are converted to boolean.
+                    'enabled': "False",
+                },
+            },
+            token=token,
+            expected_status=400)
+        self.assertValidErrorResponse(r)
+
+        r = self.admin_request(
+            method='POST',
+            path='/v2.0/users',
+            body={
+                'user': {
+                    'name': uuid.uuid4().hex,
+                    'password': uuid.uuid4().hex,
+                    # In JSON, 0|1 are not booleans
+                    'enabled': 0,
+                },
+            },
+            token=token,
+            expected_status=400)
+        self.assertValidErrorResponse(r)
+
+        # Test UPDATE request
+        path = '/v2.0/users/%(user_id)s' % {
+               'user_id': self.user_foo['id'],
+        }
+
+        r = self.admin_request(
+            method='PUT',
+            path=path,
+            body={
+                'user': {
+                    # In XML, only "true|false" are converted to boolean.
+                    'enabled': "False",
+                },
+            },
+            token=token,
+            expected_status=400)
+        self.assertValidErrorResponse(r)
+
+        r = self.admin_request(
+            method='PUT',
+            path=path,
+            body={
+                'user': {
+                    # In JSON, 0|1 are not booleans
+                    'enabled': 1,
+                },
+            },
+            token=token,
+            expected_status=400)
+        self.assertValidErrorResponse(r)
+
     def test_error_response(self):
         """This triggers assertValidErrorResponse by convention."""
         self.public_request(path='/v2.0/tenants', expected_status=401)
@@ -723,6 +789,42 @@ class JsonTestCase(RestfulTestCase, CoreApiTests):
     def assertValidRevocationListResponse(self, response):
         self.assertIsNotNone(response.body['signed'])
 
+    def test_create_update_user_json_invalid_enabled_type(self):
+        # Enforce usage of boolean for 'enabled' field in JSON
+        token = self.get_scoped_token()
+
+        # Test CREATE request
+        r = self.admin_request(
+            method='POST',
+            path='/v2.0/users',
+            body={
+                'user': {
+                    'name': uuid.uuid4().hex,
+                    'password': uuid.uuid4().hex,
+                    # In JSON, "true|false" are not boolean
+                    'enabled': "true",
+                },
+            },
+            token=token,
+            expected_status=400)
+        self.assertValidErrorResponse(r)
+
+        # Test UPDATE request
+        r = self.admin_request(
+            method='PUT',
+            path='/v2.0/users/%(user_id)s' % {
+                 'user_id': self.user_foo['id'],
+            },
+            body={
+                'user': {
+                    # In JSON, "true|false" are not boolean
+                    'enabled': "true",
+                },
+            },
+            token=token,
+            expected_status=400)
+        self.assertValidErrorResponse(r)
+
 
 class XmlTestCase(RestfulTestCase, CoreApiTests):
     xmlns = 'http://docs.openstack.org/identity/api/v2.0'
author	Bruno Semperlotti <bruno.semperlotti@gmail.com>	2013-04-19 16:22:58 +0200
committer	Bruno Semperlotti <bruno.semperlotti@gmail.com>	2013-05-16 12:12:21 +0200
commit	840a0758e7dc12360acf83106526436135e8f814 (patch)
tree	58afa0f464540a061baacfd66d0b3e7b27526bf2 /tests/test_content_types.py
parent	2e15fe428a2393f786852eb28c26bb9fee166bda (diff)
download	keystone-840a0758e7dc12360acf83106526436135e8f814.tar.gz keystone-840a0758e7dc12360acf83106526436135e8f814.tar.xz keystone-840a0758e7dc12360acf83106526436135e8f814.zip