trusts raise validation error if expires_at is invalid

Raise an appropriate error when the evaluation of expires_at fails, otherwise invalid user input results in a 500 response Change-Id: Ibe5b2c5aaed5996e36a680dead85450e3eb9df31 Closes-Bug: #1246831
2013-11-08 14:15:47 +00:00 · 2013-11-08 14:15:47 +00:00 · d77be6714a
commit d77be6714a
parent 58ff2bc511
3 changed files with 25 additions and 2 deletions
--- a/keystone/exception.py
+++ b/keystone/exception.py
@ -69,6 +69,15 @@ class ValidationError(Error):
    title = 'Bad Request'


+class ValidationTimeStampError(Error):
+    message_format = _("Timestamp not in expected format."
+                       " The server could not comply with the request"
+                       " since it is either malformed or otherwise"
+                       " incorrect. The client is assumed to be in error.")
+    code = 400
+    title = 'Bad Request'
+
+
 class StringLengthExceeded(ValidationError):
    message_format = _("String length exceeded.The length of"
                       " string '%(string)s' exceeded the limit"
--- a/keystone/tests/test_auth.py
+++ b/keystone/tests/test_auth.py
@ -661,6 +661,17 @@ class AuthWithTrust(AuthTest):
        for role in self.new_trust['roles']:
            self.assertIn(role['id'], role_ids)

+    def test_create_trust_expires_bad(self):
+        self.assertRaises(exception.ValidationTimeStampError,
+                          self.create_trust,
+                          expires_at="bad")
+        self.assertRaises(exception.ValidationTimeStampError,
+                          self.create_trust,
+                          expires_at="")
+        self.assertRaises(exception.ValidationTimeStampError,
+                          self.create_trust,
+                          expires_at="Z")
+
    def test_get_trust(self):
        context = {'token_id': self.unscoped_token['access']['token']['id']}
        trust = self.trust_controller.get_trust(context,
--- a/keystone/trust/controllers.py
+++ b/keystone/trust/controllers.py
@ -171,8 +171,11 @@ class TrustV3(controller.V3Controller):
            if trust.get('expires_at') is not None:
                if not trust['expires_at'].endswith('Z'):
                    trust['expires_at'] += 'Z'
+                try:
                    trust['expires_at'] = (timeutils.parse_isotime
                                           (trust['expires_at']))
+                except ValueError:
+                    raise exception.ValidationTimeStampError()
            new_trust = self.trust_api.create_trust(
                trust_id=uuid.uuid4().hex,
                trust=trust,