trusts raise validation error if expires_at is invalid

Raise an appropriate error when the evaluation of expires_at fails, otherwise invalid user input results in a 500 response Change-Id: Ibe5b2c5aaed5996e36a680dead85450e3eb9df31 Closes-Bug: #1246831
openstack · Nov 12, 2013 · d77be67 · d77be67
1 parent 58ff2bc
commit d77be67
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/keystone/exception.py b/keystone/exception.py
@@ -69,6 +69,15 @@ class ValidationError(Error):
     title = 'Bad Request'
 
 
+class ValidationTimeStampError(Error):
+    message_format = _("Timestamp not in expected format."
+                       " The server could not comply with the request"
+                       " since it is either malformed or otherwise"
+                       " incorrect. The client is assumed to be in error.")
+    code = 400
+    title = 'Bad Request'
+
+
 class StringLengthExceeded(ValidationError):
     message_format = _("String length exceeded.The length of"
                        " string '%(string)s' exceeded the limit"

diff --git a/keystone/tests/test_auth.py b/keystone/tests/test_auth.py
@@ -661,6 +661,17 @@ def test_create_trust(self):
         for role in self.new_trust['roles']:
             self.assertIn(role['id'], role_ids)
 
+    def test_create_trust_expires_bad(self):
+        self.assertRaises(exception.ValidationTimeStampError,
+                          self.create_trust,
+                          expires_at="bad")
+        self.assertRaises(exception.ValidationTimeStampError,
+                          self.create_trust,
+                          expires_at="")
+        self.assertRaises(exception.ValidationTimeStampError,
+                          self.create_trust,
+                          expires_at="Z")
+
     def test_get_trust(self):
         context = {'token_id': self.unscoped_token['access']['token']['id']}
         trust = self.trust_controller.get_trust(context,

diff --git a/keystone/trust/controllers.py b/keystone/trust/controllers.py
@@ -171,8 +171,11 @@ def create_trust(self, context, trust=None):
             if trust.get('expires_at') is not None:
                 if not trust['expires_at'].endswith('Z'):
                     trust['expires_at'] += 'Z'
-                trust['expires_at'] = (timeutils.parse_isotime
-                                       (trust['expires_at']))
+                try:
+                    trust['expires_at'] = (timeutils.parse_isotime
+                                           (trust['expires_at']))
+                except ValueError:
+                    raise exception.ValidationTimeStampError()
             new_trust = self.trust_api.create_trust(
                 trust_id=uuid.uuid4().hex,
                 trust=trust,