xml_body returns backtrace on XMLSyntaxError

Protected against XMLSyntaxError that can occur in from_xml.  Return
a validation error (400) instead of an internal server error (500).

Change-Id: Ic5160f4f6c810e96b74dbf9563547ac739a54c5e
Fixes: bug #1101043

1 files changed, 18 insertions, 0 deletions

diff --git a/tests/test_content_types.py b/tests/test_content_types.py
index a5457ccb..844bc841 100644
--- a/tests/test_content_types.py
+++ b/tests/test_content_types.py
@@ -868,3 +868,21 @@ class XmlTestCase(RestfulTestCase, CoreApiTests):
         for tenant in r.body.findall(self._tag('tenant')):
             self.assertValidTenant(tenant)
             self.assertIn(tenant.get('enabled'), ['true', 'false'])
+
+    def test_authenticate_with_invalid_xml_in_password(self):
+        # public_request would auto escape the ampersand
+        r = self.request(
+            port=self._public_port(),
+            method='POST',
+            path='/v2.0/tokens',
+            headers={
+                'Content-Type': 'application/xml'
+            },
+            body="""
+                <?xml version="1.0" encoding="UTF-8"?>
+                <auth xmlns="http://docs.openstack.org/identity/api/v2.0"
+                        tenantId="bar">
+                     <passwordCredentials username="FOO" password="&"/>
+                </auth>
+            """,
+            expected_status=400)