6 files changed, 67 insertions, 2 deletions

diff --git a/keystoneclient/auth/identity/base.py b/keystoneclient/auth/identity/base.py
index d0b155e..9554c53 100644
--- a/keystoneclient/auth/identity/base.py
+++ b/keystoneclient/auth/identity/base.py
@@ -58,6 +58,7 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
         when invoked. If you are looking to just retrieve the current auth
         data then you should use get_access.
 
+        :raises InvalidResponse: The response returned wasn't appropriate.
         :raises HttpError: An error from an invalid HTTP response.
 
         :returns AccessInfo: Token access information.
diff --git a/keystoneclient/auth/identity/v2.py b/keystoneclient/auth/identity/v2.py
index 1a6564f..bd3bade 100644
--- a/keystoneclient/auth/identity/v2.py
+++ b/keystoneclient/auth/identity/v2.py
@@ -84,7 +84,13 @@ class Auth(base.BaseIdentityPlugin):
 
         resp = session.post(url, json=params, headers=headers,
                             authenticated=False)
-        return access.AccessInfoV2(**resp.json()['access'])
+
+        try:
+            resp_data = resp.json()['access']
+        except (KeyError, ValueError):
+            raise exceptions.InvalidResponse(response=resp)
+
+        return access.AccessInfoV2(**resp_data)
 
     @abc.abstractmethod
     def get_auth_data(self, headers=None):
diff --git a/keystoneclient/auth/identity/v3.py b/keystoneclient/auth/identity/v3.py
index 9329925..747bbda 100644
--- a/keystoneclient/auth/identity/v3.py
+++ b/keystoneclient/auth/identity/v3.py
@@ -108,8 +108,14 @@ class Auth(base.BaseIdentityPlugin):
 
         resp = session.post(self.token_url, json=body, headers=headers,
                             authenticated=False)
+
+        try:
+            resp_data = resp.json()['token']
+        except (KeyError, ValueError):
+            raise exceptions.InvalidResponse(response=resp)
+
         return access.AccessInfoV3(resp.headers['X-Subject-Token'],
-                                   **resp.json()['token'])
+                                   **resp_data)
 
     @staticmethod
     def _factory(auth_url, **kwargs):
diff --git a/keystoneclient/exceptions.py b/keystoneclient/exceptions.py
index d9d3f38..4572af9 100644
--- a/keystoneclient/exceptions.py
+++ b/keystoneclient/exceptions.py
@@ -61,3 +61,11 @@ class MissingAuthPlugin(ClientException):
 class NoMatchingPlugin(ClientException):
     """There were no auth plugins that could be created from the parameters
     provided."""
+
+
+class InvalidResponse(ClientException):
+    """The response from the server is not valid for this request."""
+
+    def __init__(self, response):
+        super(InvalidResponse, self).__init__()
+        self.response = response
diff --git a/keystoneclient/tests/auth/test_identity_v2.py b/keystoneclient/tests/auth/test_identity_v2.py
index 2372911..3f1c45e 100644
--- a/keystoneclient/tests/auth/test_identity_v2.py
+++ b/keystoneclient/tests/auth/test_identity_v2.py
@@ -211,3 +211,25 @@ class V2IdentityPlugin(utils.TestCase):
                      endpoint_filter={'service_type': 'compute'})
         self.assertEqual(resp.status_code, 200)
         self.assertEqual(resp.text, 'SUCCESS')
+
+    @httpretty.activate
+    def test_invalid_auth_response_dict(self):
+        self.stub_auth(json={'hello': 'world'})
+
+        a = v2.Password(self.TEST_URL, username=self.TEST_USER,
+                        password=self.TEST_PASS)
+        s = session.Session(auth=a)
+
+        self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any',
+                          authenticated=True)
+
+    @httpretty.activate
+    def test_invalid_auth_response_type(self):
+        self.stub_url(httpretty.POST, ['tokens'], body='testdata')
+
+        a = v2.Password(self.TEST_URL, username=self.TEST_USER,
+                        password=self.TEST_PASS)
+        s = session.Session(auth=a)
+
+        self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any',
+                          authenticated=True)
diff --git a/keystoneclient/tests/auth/test_identity_v3.py b/keystoneclient/tests/auth/test_identity_v3.py
index ca51ef7..e29c353 100644
--- a/keystoneclient/tests/auth/test_identity_v3.py
+++ b/keystoneclient/tests/auth/test_identity_v3.py
@@ -366,3 +366,25 @@ class V3IdentityPlugin(utils.TestCase):
                      endpoint_filter={'service_type': 'compute'})
         self.assertEqual(resp.status_code, 200)
         self.assertEqual(resp.text, 'SUCCESS')
+
+    @httpretty.activate
+    def test_invalid_auth_response_dict(self):
+        self.stub_auth(json={'hello': 'world'})
+
+        a = v3.Password(self.TEST_URL, username=self.TEST_USER,
+                        password=self.TEST_PASS)
+        s = session.Session(auth=a)
+
+        self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any',
+                          authenticated=True)
+
+    @httpretty.activate
+    def test_invalid_auth_response_type(self):
+        self.stub_url(httpretty.POST, ['auth', 'tokens'], body='testdata')
+
+        a = v3.Password(self.TEST_URL, username=self.TEST_USER,
+                        password=self.TEST_PASS)
+        s = session.Session(auth=a)
+
+        self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any',
+                          authenticated=True)