From f415cf64b68fe5bc49aebbec363f5647a900983b Mon Sep 17 00:00:00 2001 From: Yogeshwar Srikrishnan Date: Fri, 22 Jul 2011 15:56:29 -0500 Subject: #3 Preventing creation of users with empty user id and pwds. --- keystone/logic/service.py | 2 +- keystone/logic/types/user.py | 11 +++++++++-- keystone/test/unit/test_common.py | 8 ++++---- keystone/test/unit/test_users.py | 33 +++++++++++++++++++++++++++++++-- 4 files changed, 45 insertions(+), 9 deletions(-) diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 63b60f6d..524ccc34 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -439,7 +439,7 @@ class IdentityService(object): if not isinstance(user, User): raise fault.BadRequestFault("Expecting a User") - if user.user_id == None: + if user.user_id == None or len(user.user_id.strip()) == 0: raise fault.BadRequestFault("Expecting a unique User Id") if api.user.get(user.user_id) != None: diff --git a/keystone/logic/types/user.py b/keystone/logic/types/user.py index f1b89a1f..95bcaa38 100755 --- a/keystone/logic/types/user.py +++ b/keystone/logic/types/user.py @@ -44,9 +44,9 @@ class User(object): email = root.get("email") password = root.get("password") enabled = root.get("enabled") - if user_id == None: + if user_id == None or len(user_id.strip()) == 0: raise fault.BadRequestFault("Expecting User") - elif password == None: + elif password == None or len(password.strip()) == 0: raise fault.BadRequestFault("Expecting User password") elif email == None: raise fault.BadRequestFault("Expecting User email") @@ -73,9 +73,16 @@ class User(object): user_id = None else: user_id = user["id"] + if not "password" in user: raise fault.BadRequestFault("Expecting User Password") password = user["password"] + + if user_id == None or len(user_id.strip()) == 0: + raise fault.BadRequestFault("Expecting User") + elif password == None or len(password.strip()) == 0: + raise fault.BadRequestFault("Expecting User password") + if "tenantId" in user: tenant_id = user["tenantId"] else: diff --git a/keystone/test/unit/test_common.py b/keystone/test/unit/test_common.py index 9bb33608..bcd7d49e 100755 --- a/keystone/test/unit/test_common.py +++ b/keystone/test/unit/test_common.py @@ -256,14 +256,14 @@ def delete_tenant_group_xml(groupid, tenantid, auth_token): return (resp, content) -def create_user(tenantid, userid, auth_token, email=None): +def create_user(tenantid, userid, auth_token, email=None, password = 'secrete'): header = httplib2.Http(".cache") url = '%susers' % (URL_V2) if email is not None: email_id = email else: email_id = "%s@openstack.org" % userid - body = {"user": {"password": "secrete", + body = {"user": {"password": password, "id": userid, "tenantId": tenantid, "email": "%s" % email_id, @@ -283,7 +283,7 @@ def delete_user(userid, auth_token): return resp -def create_user_xml(tenantid, userid, auth_token, email=None): +def create_user_xml(tenantid, userid, auth_token, email=None, password = 'secrete'): header = httplib2.Http(".cache") url = '%susers' % (URL_V2) if email is not None: @@ -294,7 +294,7 @@ def create_user_xml(tenantid, userid, auth_token, email=None): ' % (email_id, tenantid, userid) + enabled="true" password="%s"/>' % (email_id, tenantid, userid, password) resp, content = header.request(url, "PUT", body=body, headers={"Content-Type": "application/xml", "X-Auth-Token": auth_token, diff --git a/keystone/test/unit/test_users.py b/keystone/test/unit/test_users.py index 6dcc7543..53297704 100755 --- a/keystone/test/unit/test_users.py +++ b/keystone/test/unit/test_users.py @@ -148,6 +148,35 @@ class CreateUserTest(UserTest): utils.content_type(resp)) self.assertEqual(409, int(resp['status'])) self.assertEqual('application/xml', utils.content_type(resp)) + + def test_a_user_create_empty_password(self): + #JSON + resp, content = utils.create_user(self.tenant, + self.user, + str(self.auth_token), + self.email, '') + self.assertEqual(400, int(resp['status'])) + + #Blank Password + resp, content = utils.create_user(self.tenant, + self.user, + str(self.auth_token), + self.email, '') + self.assertEqual(400, int(resp['status'])) + + def test_a_user_create_empty_username(self): + resp, content = utils.create_user_xml(self.tenant, + '', + str(self.auth_token), + self.email) + self.assertEqual(400, int(resp['status'])) + + resp, content = utils.create_user(self.tenant, + '', + str(self.auth_token), + self.email) + self.assertEqual(400, int(resp['status'])) + def test_a_user_create_expired_token(self): resp, content = utils.create_user(self.tenant, self.user, @@ -848,7 +877,7 @@ class UpdateUserTest(UserTest): self.assertEqual(200, resp_val) #Resetting to empty email to allow other tests to pass. utils.user_update_json(self.auth_token, - self.userdisabled, None) + self.userdisabled, '') def test_user_update_user_disabled_xml(self): utils.create_user(self.tenant, self.user, str(self.auth_token)) @@ -864,7 +893,7 @@ class UpdateUserTest(UserTest): self.assertEqual('application/xml', utils.content_type(resp)) #Resetting to empty email to allow other tests to pass. utils.user_update_xml(self.auth_token, - self.userdisabled, None) + self.userdisabled, '') def test_user_update_email_conflict(self): -- cgit