diff --git a/barbican/api/controllers/__init__.py b/barbican/api/controllers/__init__.py index 409140104..967f6517e 100644 --- a/barbican/api/controllers/__init__.py +++ b/barbican/api/controllers/__init__.py @@ -10,13 +10,11 @@ # License for the specific language governing permissions and limitations # under the License. import collections -import uuid import pecan from webob import exc from barbican import api -from barbican.common import exception from barbican.common import utils from barbican import i18n as u @@ -150,18 +148,6 @@ def enforce_content_types(valid_content_types=[]): return content_types_decorator -def assert_is_valid_uuid_from_uri(doubtful_uuid): - """Checks if the given string is actually a valid UUID - - This assumes that the uuid comes from a URI. - :raises: exception.InvalidUUIDInURI - """ - try: - uuid.UUID(doubtful_uuid) - except ValueError: - raise exception.InvalidUUIDInURI(uuid_string=doubtful_uuid) - - def flatten(d, parent_key=''): """Flatten a nested dictionary diff --git a/barbican/api/controllers/orders.py b/barbican/api/controllers/orders.py index 3e62180a9..716ccc4ab 100644 --- a/barbican/api/controllers/orders.py +++ b/barbican/api/controllers/orders.py @@ -142,7 +142,7 @@ class OrdersController(controllers.ACLMixin): # actually does a lookup in the database regardless of the RBAC policy # check, the execution only gets here if authentication of the user was # previously successful. - controllers.assert_is_valid_uuid_from_uri(order_id) + ctx = controllers._get_barbican_context(pecan.request) order = self.order_repo.get(entity_id=order_id, diff --git a/barbican/api/controllers/secrets.py b/barbican/api/controllers/secrets.py index f0530adcc..759087df8 100644 --- a/barbican/api/controllers/secrets.py +++ b/barbican/api/controllers/secrets.py @@ -251,7 +251,6 @@ class SecretsController(controllers.ACLMixin): # actually does a lookup in the database regardless of the RBAC policy # check, the execution only gets here if authentication of the user was # previously successful. - controllers.assert_is_valid_uuid_from_uri(secret_id) secret = self.secret_repo.get_secret_by_id( entity_id=secret_id, suppress_exception=True) diff --git a/barbican/common/exception.py b/barbican/common/exception.py index f8e0bada6..699b08f5b 100644 --- a/barbican/common/exception.py +++ b/barbican/common/exception.py @@ -431,13 +431,6 @@ class ProvidedTransportKeyNotFound(BarbicanHTTPException): status_code = 400 -class InvalidUUIDInURI(BarbicanHTTPException): - message = u._("The provided UUID in the URI (%(uuid_string)s) is " - "malformed.") - client_message = u._("The provided UUID in the URI is malformed.") - status_code = 404 - - class InvalidCAID(BarbicanHTTPException): message = u._("Invalid CA_ID: %(ca_id)s") client_message = u._("The ca_id provided in the request is invalid") diff --git a/barbican/tests/api/controllers/test_orders.py b/barbican/tests/api/controllers/test_orders.py index b27c8e09b..e1f1ffd03 100644 --- a/barbican/tests/api/controllers/test_orders.py +++ b/barbican/tests/api/controllers/test_orders.py @@ -196,6 +196,13 @@ class WhenGettingOrDeletingOrders(utils.BarbicanAPIBaseTestCase): ) self.assertEqual(404, resp.status_int) + def test_returns_404_on_get_with_bad_uuid(self): + resp = self.app.get( + '/orders/98c876d9-aaac-44e4-8ea8-441932962b05X', + expect_errors=True + ) + self.assertEqual(404, resp.status_int) + def test_delete_call_on_non_existant_order_should_give_404(self): bogus_uuid = uuid.uuid4() resp = self.app.delete( diff --git a/barbican/tests/api/controllers/test_secrets.py b/barbican/tests/api/controllers/test_secrets.py index b8bb0d12f..b173ccaf9 100644 --- a/barbican/tests/api/controllers/test_secrets.py +++ b/barbican/tests/api/controllers/test_secrets.py @@ -366,7 +366,14 @@ class WhenGettingPuttingOrDeletingSecret(utils.BarbicanAPIBaseTestCase): headers={'Accept': 'application/json'}, expect_errors=True ) + self.assertEqual(404, get_resp.status_int) + def test_returns_404_on_get_with_bad_uuid(self): + get_resp = self.app.get( + '/secrets/98c876d9-aaac-44e4-8ea8-441932962b05X', + headers={'Accept': 'application/json'}, + expect_errors=True + ) self.assertEqual(404, get_resp.status_int) def test_returns_406_with_get_bad_accept_header(self):