Return 404 Not Found when UUID is invalid

The exception being thrown in the UUID verification function causes
a 500 response.  Remove the exception and instead make the verification
return true or false.

Change-Id: I0a0f417bdf17a10b8060978df9b6c87e9e92ef94
Closes-Bug: #1555328

barbican/api/controllers/__init__.py

@@ -10,13 +10,11 @@
 #  License for the specific language governing permissions and limitations
 #  under the License.
 import collections
-import uuid
 
 import pecan
 from webob import exc
 
 from barbican import api
-from barbican.common import exception
 from barbican.common import utils
 from barbican import i18n as u
 
@@ -150,18 +148,6 @@ def enforce_content_types(valid_content_types=[]):
     return content_types_decorator
 
 
-def assert_is_valid_uuid_from_uri(doubtful_uuid):
-    """Checks if the given string is actually a valid UUID
-
-    This assumes that the uuid comes from a URI.
-    :raises: exception.InvalidUUIDInURI
-    """
-    try:
-        uuid.UUID(doubtful_uuid)
-    except ValueError:
-        raise exception.InvalidUUIDInURI(uuid_string=doubtful_uuid)
-
-
 def flatten(d, parent_key=''):
     """Flatten a nested dictionary
 

barbican/api/controllers/orders.py

@@ -142,7 +142,7 @@ class OrdersController(controllers.ACLMixin):
         # actually does a lookup in the database regardless of the RBAC policy
         # check, the execution only gets here if authentication of the user was
         # previously successful.
-        controllers.assert_is_valid_uuid_from_uri(order_id)
+
         ctx = controllers._get_barbican_context(pecan.request)
 
         order = self.order_repo.get(entity_id=order_id,

barbican/api/controllers/secrets.py

@@ -251,7 +251,6 @@ class SecretsController(controllers.ACLMixin):
         # actually does a lookup in the database regardless of the RBAC policy
         # check, the execution only gets here if authentication of the user was
         # previously successful.
-        controllers.assert_is_valid_uuid_from_uri(secret_id)
 
         secret = self.secret_repo.get_secret_by_id(
             entity_id=secret_id, suppress_exception=True)

barbican/common/exception.py

@@ -431,13 +431,6 @@ class ProvidedTransportKeyNotFound(BarbicanHTTPException):
     status_code = 400
 
 
-class InvalidUUIDInURI(BarbicanHTTPException):
-    message = u._("The provided UUID in the URI (%(uuid_string)s) is "
-                  "malformed.")
-    client_message = u._("The provided UUID in the URI is malformed.")
-    status_code = 404
-
-
 class InvalidCAID(BarbicanHTTPException):
     message = u._("Invalid CA_ID: %(ca_id)s")
     client_message = u._("The ca_id provided in the request is invalid")

barbican/tests/api/controllers/test_orders.py

@@ -196,6 +196,13 @@ class WhenGettingOrDeletingOrders(utils.BarbicanAPIBaseTestCase):
         )
         self.assertEqual(404, resp.status_int)
 
+    def test_returns_404_on_get_with_bad_uuid(self):
+        resp = self.app.get(
+            '/orders/98c876d9-aaac-44e4-8ea8-441932962b05X',
+            expect_errors=True
+        )
+        self.assertEqual(404, resp.status_int)
+
     def test_delete_call_on_non_existant_order_should_give_404(self):
         bogus_uuid = uuid.uuid4()
         resp = self.app.delete(

barbican/tests/api/controllers/test_secrets.py

@@ -366,7 +366,14 @@ class WhenGettingPuttingOrDeletingSecret(utils.BarbicanAPIBaseTestCase):
             headers={'Accept': 'application/json'},
             expect_errors=True
         )
+        self.assertEqual(404, get_resp.status_int)
 
+    def test_returns_404_on_get_with_bad_uuid(self):
+        get_resp = self.app.get(
+            '/secrets/98c876d9-aaac-44e4-8ea8-441932962b05X',
+            headers={'Accept': 'application/json'},
+            expect_errors=True
+        )
         self.assertEqual(404, get_resp.status_int)
 
     def test_returns_406_with_get_bad_accept_header(self):