From fe3b4c0f653318b7262423386c169a5d650ce08d Mon Sep 17 00:00:00 2001
From: Ryosuke Mizuno <r-mizuno@rs.jp.nec.com>
Date: Fri, 13 May 2016 14:46:45 +0900
Subject: [PATCH] Add the validation rules when create token

HTTP 500 being returned when the request body attibute for
POST /v3/auth/tokens has an empty string instead of dict.
This patch fix when the domain and the project in the scope has
an empty string.

Change-Id: I11031a5a19acb9e336721d69b59e7e6f691eb2a4
Partial-Bug: #1580338
---
 keystone/auth/controllers.py        |  6 ++++++
 keystone/tests/unit/test_v3_auth.py | 22 ++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py
index f3da5f6845..ffe6313e6a 100644
--- a/keystone/auth/controllers.py
+++ b/keystone/auth/controllers.py
@@ -170,6 +170,9 @@ class AuthInfo(object):
                         sys.exc_info()[2])
 
     def _lookup_domain(self, domain_info):
+        if isinstance(domain_info, dict) is False:
+            raise exception.ValidationError(attribute='dict',
+                                            target='domain')
         domain_id = domain_info.get('id')
         domain_name = domain_info.get('name')
         domain_ref = None
@@ -193,6 +196,9 @@ class AuthInfo(object):
         return domain_ref
 
     def _lookup_project(self, project_info):
+        if isinstance(project_info, dict) is False:
+            raise exception.ValidationError(attribute='dict',
+                                            target='project')
         project_id = project_info.get('id')
         project_name = project_info.get('name')
         project_ref = None
diff --git a/keystone/tests/unit/test_v3_auth.py b/keystone/tests/unit/test_v3_auth.py
index e6f1a59a5e..110942198a 100644
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@@ -119,6 +119,28 @@ class TestAuthInfo(common_auth.AuthTestMixin, testcase.TestCase):
                           auth_info.get_method_data,
                           method_name)
 
+    def test_empty_domain_in_scope(self):
+        auth_data = self.build_authentication_request(
+            user_id='test',
+            password='test',
+            domain_name='')['auth']
+        auth_data['scope']['domain'] = []
+        self.assertRaises(exception.ValidationError,
+                          auth.controllers.AuthInfo.create,
+                          None,
+                          auth_data)
+
+    def test_empty_project_in_scope(self):
+        auth_data = self.build_authentication_request(
+            user_id='test',
+            password='test',
+            project_name='')['auth']
+        auth_data['scope']['project'] = []
+        self.assertRaises(exception.ValidationError,
+                          auth.controllers.AuthInfo.create,
+                          None,
+                          auth_data)
+
 
 class TokenAPITests(object):
     # Why is this not just setUp? Because TokenAPITests is not a test class