Add schema check for OS-TRUST:trust authentication

If the OS-TRUST:trust is not a dict when authenticating,
Keystone will raise 500 error. This patch add the
related schema check to avoid the error.

Change-Id: I575440fa507c5274e0c3bc09f4cfcb9b3d91a28c
Closes-bug: #1733754
This commit is contained in:
wangxiyuan 2017-11-22 11:41:35 +08:00
parent cf43e3a756
commit 4c824c8088
4 changed files with 22 additions and 3 deletions

View File

@ -82,6 +82,12 @@ token_issue = {
'name': {'type': 'string', },
},
},
'OS-TRUST:trust': {
'type': 'object',
'properties': {
'id': {'type': 'string', },
},
},
},
},
},

View File

@ -367,6 +367,15 @@ class TestValidateIssueTokenAuth(unit.BaseTestCase):
}
self._expect_failure(p)
def test_trust_not_object_ex(self):
p = {
'identity': {'methods': [], },
'scope': {
'OS-TRUST:trust': 'something',
},
}
self._expect_failure(p)
def test_unscoped(self):
post_data = {
'identity': {

View File

@ -43,7 +43,6 @@ from keystone.tests.common import auth as common_auth
from keystone.tests import unit
from keystone.tests.unit import ksfixtures
from keystone.tests.unit import test_v3
from keystone.tests.unit import utils as test_utils
CONF = keystone.conf.CONF
@ -3966,8 +3965,6 @@ class TrustAPIBehavior(test_v3.RestfulTestCase):
r = self.v3_create_token(auth_data)
return trust
@test_utils.wip('Waiting on validation to be added from fixing bug '
'1733754')
def test_authenticate_without_trust_dict_returns_bad_request(self):
# Authenticate for a token to use in the request
token = self.v3_create_token(

View File

@ -0,0 +1,7 @@
---
fixes:
- |
[`bug 1733754 <https://bugs.launchpad.net/keystone/+bug/1733754>`_]
Keystone didn't validate the OS-TRUST:trust key of the authentication
request is actually a dictionary. This results in a 500 Internal Server
Error when it should really be a 400 Bad Request.