diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py index e6f6cb8da6..ca01afd47c 100644 --- a/keystone/auth/controllers.py +++ b/keystone/auth/controllers.py @@ -170,6 +170,9 @@ class AuthInfo(object): sys.exc_info()[2]) def _lookup_domain(self, domain_info): + if isinstance(domain_info, dict) is False: + raise exception.ValidationError(attribute='dict', + target='domain') domain_id = domain_info.get('id') domain_name = domain_info.get('name') domain_ref = None @@ -193,6 +196,9 @@ class AuthInfo(object): return domain_ref def _lookup_project(self, project_info): + if isinstance(project_info, dict) is False: + raise exception.ValidationError(attribute='dict', + target='project') project_id = project_info.get('id') project_name = project_info.get('name') project_ref = None diff --git a/keystone/tests/unit/test_v3_auth.py b/keystone/tests/unit/test_v3_auth.py index b498b6c94a..eb8a10c641 100644 --- a/keystone/tests/unit/test_v3_auth.py +++ b/keystone/tests/unit/test_v3_auth.py @@ -120,6 +120,28 @@ class TestAuthInfo(common_auth.AuthTestMixin, testcase.TestCase): auth_info.get_method_data, method_name) + def test_empty_domain_in_scope(self): + auth_data = self.build_authentication_request( + user_id='test', + password='test', + domain_name='')['auth'] + auth_data['scope']['domain'] = [] + self.assertRaises(exception.ValidationError, + auth.controllers.AuthInfo.create, + None, + auth_data) + + def test_empty_project_in_scope(self): + auth_data = self.build_authentication_request( + user_id='test', + password='test', + project_name='')['auth'] + auth_data['scope']['project'] = [] + self.assertRaises(exception.ValidationError, + auth.controllers.AuthInfo.create, + None, + auth_data) + class TokenAPITests(object): # Why is this not just setUp? Because TokenAPITests is not a test class