Browse Source

Return 404 when a secret does not have a payload

Currently when a Secret payload GET is performed, a 500 Error will
be thrown if there is no payload present. The correct behavior
would be to throw a 404.

Change-Id: Ibbe8a592c853fc0196ae7c2daf365754c800fc87
Partial-Bug: #1561701
tags/3.0.0.0b2
Fernando Diaz 3 years ago
parent
commit
d9b5ac8295

+ 14
- 5
barbican/api/controllers/secrets.py View File

@@ -39,6 +39,11 @@ def _secret_not_found():
39 39
                          'another castle.'))
40 40
 
41 41
 
42
+def _secret_payload_not_found():
43
+    """Throw exception indicating secret's payload is not found."""
44
+    pecan.abort(404, u._('Not Found. Sorry but your secret has no payload.'))
45
+
46
+
42 47
 def _secret_already_has_data():
43 48
     """Throw exception that the secret already has data."""
44 49
     pecan.abort(409, u._("Secret already has data, cannot modify it."))
@@ -148,6 +153,11 @@ class SecretController(controllers.ACLMixin):
148 153
                                 'application/octet-stream')
149 154
         pecan.override_template('', accept_header)
150 155
 
156
+        # check if payload exists before proceeding
157
+        encrypted = getattr(secret, 'encrypted_data')
158
+        if not encrypted:
159
+            _secret_payload_not_found()
160
+
151 161
         twsk = kwargs.get('trans_wrapped_session_key', None)
152 162
         transport_key = None
153 163
 
@@ -178,11 +188,10 @@ class SecretController(controllers.ACLMixin):
178 188
     def payload(self, external_project_id, **kwargs):
179 189
         if pecan.request.method != 'GET':
180 190
             pecan.abort(405)
181
-        resp = self._on_get_secret_payload(
182
-            self.secret,
183
-            external_project_id,
184
-            **kwargs
185
-        )
191
+
192
+        resp = self._on_get_secret_payload(self.secret,
193
+                                           external_project_id,
194
+                                           **kwargs)
186 195
 
187 196
         LOG.info(u._LI('Retrieved secret payload for project: %s'),
188 197
                  external_project_id)

+ 12
- 0
barbican/tests/api/controllers/test_secrets.py View File

@@ -368,6 +368,18 @@ class WhenGettingPuttingOrDeletingSecret(utils.BarbicanAPIBaseTestCase):
368 368
         )
369 369
         self.assertEqual(404, get_resp.status_int)
370 370
 
371
+    def test_returns_404_on_get_payload_when_no_payload(self):
372
+        resp, secret_uuid = create_secret(self.app)
373
+        headers = {
374
+            'Accept': 'text/plain',
375
+        }
376
+        get_resp = self.app.get(
377
+            '/secrets/{0}/payload'.format(secret_uuid),
378
+            headers=headers,
379
+            expect_errors=True
380
+        )
381
+        self.assertEqual(404, get_resp.status_int)
382
+
371 383
     def test_returns_404_on_get_with_bad_uuid(self):
372 384
         get_resp = self.app.get(
373 385
             '/secrets/98c876d9-aaac-44e4-8ea8-441932962b05X',

+ 15
- 0
functionaltests/api/v1/functional/test_secrets.py View File

@@ -185,6 +185,21 @@ class SecretsTestCase(base.TestCase):
185 185
         resp = self.behaviors.get_secret_metadata('not_a_uuid')
186 186
         self.assertEqual(resp.status_code, 404)
187 187
 
188
+    @testcase.attr('negative')
189
+    def test_secret_get_secret_payload_doesnt_exist(self):
190
+        """GET a non-existent payload.
191
+
192
+        Should return a 404.
193
+        """
194
+        test_model = secret_models.SecretModel(
195
+            **self.default_secret_create_all_none_data)
196
+
197
+        resp, secret_ref = self.behaviors.create_secret(test_model)
198
+        self.assertEqual(resp.status_code, 201)
199
+
200
+        resp = self.behaviors.get_secret(secret_ref, 'text/plain')
201
+        self.assertEqual(resp.status_code, 404)
202
+
188 203
     @testcase.attr('positive')
189 204
     def test_secret_get_payload_no_accept_header(self):
190 205
         """GET a secret payload, do not pass in accept header.

Loading…
Cancel
Save