avoid empty credentials (#423)

Enforce credentials are not empty when updating.
lyft · Apr 11, 2024 · 2a4e89e · 2a4e89e
1 parent cb10bb5
commit 2a4e89e
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-6.5.4
+6.5.5
diff --git a/confidant/routes/credentials.py b/confidant/routes/credentials.py
@@ -841,6 +841,11 @@ def update_credential(id):
             _cred.revision
         )
         if 'credential_pairs' in data:
+            # Ensure the credential is not empty
+            if data['credential_pairs'] == {}:
+                error = {'error': 'Credential Pairs cannot be empty.'}
+                return jsonify(error), 400
+
             # Ensure credential pair keys are lowercase
             credential_pairs = credentialmanager.lowercase_credential_pairs(
                 data['credential_pairs']

diff --git a/tests/unit/confidant/routes/credentials_test.py b/tests/unit/confidant/routes/credentials_test.py
@@ -549,6 +549,24 @@ def test_update_credential(mocker: MockerFixture, credential: Credential):
     assert ret.status_code == 400
     assert 'Conflicting key pairs in mapped service.' == json_data['error']
 
+    # Empty credential pairs
+    mocker.patch(
+        ('confidant.routes.credentials.servicemanager'
+         '.pair_key_conflicts_for_services'),
+        return_value={},
+    )
+    ret = app.test_client().put(
+        '/v1/credentials/123',
+        headers={"Content-Type": 'application/json'},
+        data=json.dumps({
+            'credential_pairs': {},
+            'enabled': True,
+        }),
+    )
+    json_data = json.loads(ret.data)
+    assert ret.status_code == 400
+    assert 'Credential Pairs cannot be empty.' == json_data['error']
+
     # All good
     mocker.patch(
         ('confidant.routes.credentials.servicemanager'