From 27cc58a5465c5e8b38a73a43eb2bc6ec67ca9593 Mon Sep 17 00:00:00 2001 From: Dave McCowan Date: Tue, 21 Mar 2017 20:44:22 -0400 Subject: [PATCH] Add missing validation to consumer controller Name and URL are required data elements when creating a consumer. Validation was done to ensure these fields were passed, but no check was done to make sure these fields were not empty. This patches adds a minLength validation and add corresponding unit and functional test cases. Change-Id: Ib33ab9b311c03ff7ba7f766e857496eb5b1602d4 Closes-bug: #1536748 --- barbican/common/validators.py | 4 +- .../tests/api/controllers/test_consumers.py | 66 +++++++++++++++ .../api/v1/functional/test_consumers.py | 82 ++++++++++++++++++- 3 files changed, 149 insertions(+), 3 deletions(-) diff --git a/barbican/common/validators.py b/barbican/common/validators.py index e46cbd602..d95a568d8 100644 --- a/barbican/common/validators.py +++ b/barbican/common/validators.py @@ -762,8 +762,8 @@ class ContainerConsumerValidator(ValidatorBase): self.schema = { "type": "object", "properties": { - "URL": {"type": "string"}, - "name": {"type": "string", "maxLength": 255} + "URL": {"type": "string", "minLength": 1}, + "name": {"type": "string", "maxLength": 255, "minLength": 1} }, "required": ["name", "URL"] } diff --git a/barbican/tests/api/controllers/test_consumers.py b/barbican/tests/api/controllers/test_consumers.py index 94b5612b0..1485afd07 100644 --- a/barbican/tests/api/controllers/test_consumers.py +++ b/barbican/tests/api/controllers/test_consumers.py @@ -263,6 +263,72 @@ class WhenTestingConsumersResource(utils.BarbicanAPIBaseTestCase): self.assertEqual(404, consumer_del_resp.status_int) + def test_fail_create_no_name(self): + resp, container_uuid = create_container( + self.app, + name=self.container_name, + container_type=self.container_type + ) + self.assertEqual(201, resp.status_int) + + consumer_resp, consumer = create_consumer( + self.app, + container_id=container_uuid, + url="http://theurl", + expect_errors=True + ) + self.assertEqual(400, consumer_resp.status_int) + + def test_fail_create_no_url(self): + resp, container_uuid = create_container( + self.app, + name=self.container_name, + container_type=self.container_type + ) + self.assertEqual(201, resp.status_int) + + consumer_resp, consumer = create_consumer( + self.app, + container_id=container_uuid, + name="thename", + expect_errors=True + ) + self.assertEqual(400, consumer_resp.status_int) + + def test_fail_create_empty_name(self): + resp, container_uuid = create_container( + self.app, + name=self.container_name, + container_type=self.container_type + ) + self.assertEqual(201, resp.status_int) + + consumer_resp, consumer = create_consumer( + self.app, + container_id=container_uuid, + name="", + url="http://theurl", + expect_errors=True + ) + self.assertEqual(400, consumer_resp.status_int) + + def test_fail_create_empty_url(self): + resp, container_uuid = create_container( + self.app, + name=self.container_name, + container_type=self.container_type + ) + self.assertEqual(201, resp.status_int) + + consumer_resp, consumer = create_consumer( + self.app, + container_id=container_uuid, + name="thename", + url="", + expect_errors=True + ) + self.assertEqual(400, consumer_resp.status_int) + # ----------------------- Helper Functions --------------------------- def create_container(app, name=None, container_type=None, expect_errors=False, diff --git a/functionaltests/api/v1/functional/test_consumers.py b/functionaltests/api/v1/functional/test_consumers.py index 14aafe0a2..17d8667ae 100644 --- a/functionaltests/api/v1/functional/test_consumers.py +++ b/functionaltests/api/v1/functional/test_consumers.py @@ -239,7 +239,7 @@ class ConsumersCertContainerTestCase(ConsumersBaseTestCase): class ConsumersAuthedTestCase(ConsumersBaseTestCase): - @testcase.attr('negative', 'security') + @testcase.attr('security') def test_consumer_create_authed(self): """Create a consumer as an authenticated user @@ -343,3 +343,83 @@ class ConsumersUnauthedTestCase(ConsumersBaseTestCase): ) self.assertEqual(401, resp.status_code) + + +class ConsumersValidationTestCase(ConsumersBaseTestCase): + + def test_consumer_create_pass(self): + """Create a valid consumer + + Should return 200 + """ + data = { + "name": "consumername", + "URL": "consumerURL" + } + model = consumer_model.ConsumerModel(**data) + resp, consumer_dat = self.consumer_behaviors.create_consumer( + model, self.generic_container_ref, use_auth=True + ) + self.assertEqual(200, resp.status_code) + + @testcase.attr('negative') + def test_consumer_create_fail_no_name(self): + """Attempt to create invalid consumer (Missing name) + + Should return 400 + """ + data = { + "URL": "consumerURL" + } + model = consumer_model.ConsumerModel(**data) + resp, consumer_dat = self.consumer_behaviors.create_consumer( + model, self.generic_container_ref, use_auth=True + ) + self.assertEqual(400, resp.status_code) + + @testcase.attr('negative') + def test_consumer_create_fail_no_url(self): + """Attempt to create invalid consumer (Missing URL) + + Should return 400 + """ + data = { + "name": "consumername" + } + model = consumer_model.ConsumerModel(**data) + resp, consumer_dat = self.consumer_behaviors.create_consumer( + model, self.generic_container_ref, use_auth=True + ) + self.assertEqual(400, resp.status_code) + + @testcase.attr('negative') + def test_consumer_create_fail_empty_name(self): + """Attempt to create invalid consumer (Empty name) + + Should return 400 + """ + data = { + "name": "", + "URL": "consumerURL" + } + model = consumer_model.ConsumerModel(**data) + resp, consumer_dat = self.consumer_behaviors.create_consumer( + model, self.generic_container_ref, use_auth=True + ) + self.assertEqual(400, resp.status_code) + + @testcase.attr('negative') + def test_consumer_create_fail_empty_url(self): + """Attempt to create invalid consumer (Empty URL) + + Should return 400 + """ + data = { + "name": "consumername", + "URL": "" + } + model = consumer_model.ConsumerModel(**data) + resp, consumer_dat = self.consumer_behaviors.create_consumer( + model, self.generic_container_ref, use_auth=True + ) + self.assertEqual(400, resp.status_code)