From be35a705b074a381e0b222531fb21f8981c235e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= Date: Wed, 9 Mar 2016 16:41:57 -0600 Subject: [PATCH] Return 404 Not Found when UUID is invalid The exception being thrown in the UUID verification function causes a 500 response. Remove the exception and instead make the verification return true or false. Change-Id: I0a0f417bdf17a10b8060978df9b6c87e9e92ef94 Closes-Bug: #1555328 --- barbican/api/controllers/__init__.py | 14 -------------- barbican/api/controllers/orders.py | 2 +- barbican/api/controllers/secrets.py | 1 - barbican/common/exception.py | 7 ------- barbican/tests/api/controllers/test_orders.py | 7 +++++++ barbican/tests/api/controllers/test_secrets.py | 7 +++++++ 6 files changed, 15 insertions(+), 23 deletions(-) diff --git a/barbican/api/controllers/__init__.py b/barbican/api/controllers/__init__.py index 409140104..967f6517e 100644 --- a/barbican/api/controllers/__init__.py +++ b/barbican/api/controllers/__init__.py @@ -10,13 +10,11 @@ # License for the specific language governing permissions and limitations # under the License. import collections -import uuid import pecan from webob import exc from barbican import api -from barbican.common import exception from barbican.common import utils from barbican import i18n as u @@ -150,18 +148,6 @@ def enforce_content_types(valid_content_types=[]): return content_types_decorator -def assert_is_valid_uuid_from_uri(doubtful_uuid): - """Checks if the given string is actually a valid UUID - - This assumes that the uuid comes from a URI. - :raises: exception.InvalidUUIDInURI - """ - try: - uuid.UUID(doubtful_uuid) - except ValueError: - raise exception.InvalidUUIDInURI(uuid_string=doubtful_uuid) - - def flatten(d, parent_key=''): """Flatten a nested dictionary diff --git a/barbican/api/controllers/orders.py b/barbican/api/controllers/orders.py index 3e62180a9..716ccc4ab 100644 --- a/barbican/api/controllers/orders.py +++ b/barbican/api/controllers/orders.py @@ -142,7 +142,7 @@ class OrdersController(controllers.ACLMixin): # actually does a lookup in the database regardless of the RBAC policy # check, the execution only gets here if authentication of the user was # previously successful. - controllers.assert_is_valid_uuid_from_uri(order_id) + ctx = controllers._get_barbican_context(pecan.request) order = self.order_repo.get(entity_id=order_id, diff --git a/barbican/api/controllers/secrets.py b/barbican/api/controllers/secrets.py index f0530adcc..759087df8 100644 --- a/barbican/api/controllers/secrets.py +++ b/barbican/api/controllers/secrets.py @@ -251,7 +251,6 @@ class SecretsController(controllers.ACLMixin): # actually does a lookup in the database regardless of the RBAC policy # check, the execution only gets here if authentication of the user was # previously successful. - controllers.assert_is_valid_uuid_from_uri(secret_id) secret = self.secret_repo.get_secret_by_id( entity_id=secret_id, suppress_exception=True) diff --git a/barbican/common/exception.py b/barbican/common/exception.py index f8e0bada6..699b08f5b 100644 --- a/barbican/common/exception.py +++ b/barbican/common/exception.py @@ -431,13 +431,6 @@ class ProvidedTransportKeyNotFound(BarbicanHTTPException): status_code = 400 -class InvalidUUIDInURI(BarbicanHTTPException): - message = u._("The provided UUID in the URI (%(uuid_string)s) is " - "malformed.") - client_message = u._("The provided UUID in the URI is malformed.") - status_code = 404 - - class InvalidCAID(BarbicanHTTPException): message = u._("Invalid CA_ID: %(ca_id)s") client_message = u._("The ca_id provided in the request is invalid") diff --git a/barbican/tests/api/controllers/test_orders.py b/barbican/tests/api/controllers/test_orders.py index b27c8e09b..e1f1ffd03 100644 --- a/barbican/tests/api/controllers/test_orders.py +++ b/barbican/tests/api/controllers/test_orders.py @@ -196,6 +196,13 @@ class WhenGettingOrDeletingOrders(utils.BarbicanAPIBaseTestCase): ) self.assertEqual(404, resp.status_int) + def test_returns_404_on_get_with_bad_uuid(self): + resp = self.app.get( + '/orders/98c876d9-aaac-44e4-8ea8-441932962b05X', + expect_errors=True + ) + self.assertEqual(404, resp.status_int) + def test_delete_call_on_non_existant_order_should_give_404(self): bogus_uuid = uuid.uuid4() resp = self.app.delete( diff --git a/barbican/tests/api/controllers/test_secrets.py b/barbican/tests/api/controllers/test_secrets.py index b8bb0d12f..b173ccaf9 100644 --- a/barbican/tests/api/controllers/test_secrets.py +++ b/barbican/tests/api/controllers/test_secrets.py @@ -366,7 +366,14 @@ class WhenGettingPuttingOrDeletingSecret(utils.BarbicanAPIBaseTestCase): headers={'Accept': 'application/json'}, expect_errors=True ) + self.assertEqual(404, get_resp.status_int) + def test_returns_404_on_get_with_bad_uuid(self): + get_resp = self.app.get( + '/secrets/98c876d9-aaac-44e4-8ea8-441932962b05X', + headers={'Accept': 'application/json'}, + expect_errors=True + ) self.assertEqual(404, get_resp.status_int) def test_returns_406_with_get_bad_accept_header(self):