Merge "Pecan: Add missing body validations"

4 files changed, 29 insertions, 10 deletions

diff --git a/neutron/pecan_wsgi/controllers/resource.py b/neutron/pecan_wsgi/controllers/resource.py
index 8737927229..2848a88f0b 100644
--- a/neutron/pecan_wsgi/controllers/resource.py
+++ b/neutron/pecan_wsgi/controllers/resource.py
@@ -15,7 +15,9 @@
 from oslo_log import log as logging
 import pecan
 from pecan import request
+import webob
 
+from neutron._i18n import _
 from neutron import manager
 from neutron.pecan_wsgi.controllers import utils
 
@@ -70,6 +72,9 @@ class ItemController(utils.NeutronPecanController):
 
     @utils.when_delete(index)
     def delete(self):
+        if request.body:
+            msg = _("Request body is not supported in DELETE.")
+            raise webob.exc.HTTPBadRequest(msg)
         neutron_context = request.context['neutron_context']
         deleter_args = [neutron_context, self.item]
         if 'parent_id' in request.context:
@@ -145,7 +150,11 @@ class CollectionsController(utils.NeutronPecanController):
 
     @utils.when(index, method='POST')
     def post(self, *args, **kwargs):
-        # TODO(kevinbenton): emulated bulk!
+        if 'resources' not in request.context:
+            # user didn't specify any body, which is invalid for collections
+            msg = (_("Unable to find '%s' in request body") %
+                   request.context['resource'])
+            raise webob.exc.HTTPBadRequest(msg)
         resources = request.context['resources']
         pecan.response.status = 201
         return self.create(resources)
diff --git a/neutron/pecan_wsgi/controllers/utils.py b/neutron/pecan_wsgi/controllers/utils.py
index 7cf6cd9f21..186ed7bda0 100644
--- a/neutron/pecan_wsgi/controllers/utils.py
+++ b/neutron/pecan_wsgi/controllers/utils.py
@@ -307,8 +307,8 @@ class ShimItemController(NeutronPecanController):
         shim_request = ShimRequest(request.context['neutron_context'])
         kwargs = request.context['uri_identifiers']
         try:
-            kwargs['body'] = request.json
-        except ValueError:
+            kwargs['body'] = request.context['request_data']
+        except KeyError:
             pass
         result = self.controller_update(shim_request, self.item,
                                         **kwargs)
@@ -359,7 +359,7 @@ class ShimCollectionsController(NeutronPecanController):
         uri_identifiers = request.context['uri_identifiers']
         args = [shim_request]
         if request.method == 'PUT':
-            args.append(request.json)
+            args.append(request.context.get('request_data'))
         result = controller_method(*args, **uri_identifiers)
         if not status:
             self._set_response_code(result, 'index')
@@ -373,7 +373,8 @@ class ShimCollectionsController(NeutronPecanController):
             pecan.abort(405)
         shim_request = ShimRequest(request.context['neutron_context'])
         uri_identifiers = request.context['uri_identifiers']
-        result = self.controller_create(shim_request, request.json,
+        result = self.controller_create(shim_request,
+                                        request.context.get('request_data'),
                                         **uri_identifiers)
         self._set_response_code(result, 'create')
         return result
diff --git a/neutron/pecan_wsgi/hooks/body_validation.py b/neutron/pecan_wsgi/hooks/body_validation.py
index 621d485a4a..2df06e56d8 100644
--- a/neutron/pecan_wsgi/hooks/body_validation.py
+++ b/neutron/pecan_wsgi/hooks/body_validation.py
@@ -16,7 +16,9 @@
 from oslo_log import log
 from oslo_serialization import jsonutils
 from pecan import hooks
+import webob.exc
 
+from neutron._i18n import _
 from neutron.api.v2 import base as v2_base
 from neutron.pecan_wsgi.hooks import utils
 
@@ -37,13 +39,15 @@ class BodyValidationHook(hooks.PecanHook):
         if not resource:
             return
 
+        if not state.request.body:
+            return
         try:
             json_data = jsonutils.loads(state.request.body)
+            if not isinstance(json_data, dict):
+                raise ValueError()
         except ValueError:
-            LOG.debug("No JSON Data in %(method)s request for %(collection)s",
-                      {'method': state.request.method,
-                       'collections': collection})
-            return
+            msg = _("Body contains invalid data")
+            raise webob.exc.HTTPBadRequest(msg)
         # Raw data are consumed by member actions such as add_router_interface
         state.request.context['request_data'] = json_data
         if not (resource in json_data or collection in json_data):
diff --git a/neutron/pecan_wsgi/hooks/notifier.py b/neutron/pecan_wsgi/hooks/notifier.py
index dfff55b43e..84a3ac5d4d 100644
--- a/neutron/pecan_wsgi/hooks/notifier.py
+++ b/neutron/pecan_wsgi/hooks/notifier.py
@@ -47,7 +47,12 @@ class NotifierHook(hooks.PecanHook):
         if action in ('create', 'update'):
             # notifier just gets plain old body without any treatment other
             # than the population of the object ID being operated on
-            payload = state.request.json.copy()
+            try:
+                payload = state.request.json.copy()
+                if not payload:
+                    return
+            except ValueError:
+                return
             if action == 'update':
                 payload['id'] = state.request.context.get('resource_id')
         elif action == 'delete':