Merge pull request #374 from Cornices/99-check-errors-location

Only accept known locations in request.errors.add() (fixes #99)
Cornices · Oct 19, 2016 · b99e186 · b99e186
2 parents ad28352 + 86b9813
commit b99e186
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 1 deletion.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -10,6 +10,8 @@ Breaking changes
 
 - Get rid of Buildout files (#369)
 - Errors list ``request.errors`` has no ``request`` anymore (fixes #328)
+- ``request.errors.add()`` now only accepts one of ``header``, ``body``, ``url``,
+  ``path``, ``querystring``, ``cookies`` or ``method`` as first argument (fixes #99)
 
 Bug fixes
 

diff --git a/cornice/errors.py b/cornice/errors.py
@@ -16,6 +16,11 @@ def __init__(self, status=400):
 
     def add(self, location, name=None, description=None, **kw):
         """Registers a new error."""
+        allowed = ('body', 'querystring', 'url', 'header', 'path',
+                   'cookies', 'method')
+        if location != '' and location not in allowed:
+            raise ValueError('%r not in %s' % (location, allowed))
+
         self.append(dict(
             location=location,
             name=name,

diff --git a/cornice/tests/test_errors.py b/cornice/tests/test_errors.py
@@ -0,0 +1,23 @@
+from cornice.tests.support import TestCase
+
+from cornice.errors import Errors
+
+
+class TestErrorsHelper(TestCase):
+    def setUp(self):
+        self.errors = Errors()
+
+    def test_add_to_supported_location(self):
+        self.errors.add('')
+        self.errors.add('body', description='!')
+        self.errors.add('querystring', name='field')
+        self.errors.add('url')
+        self.errors.add('header')
+        self.errors.add('path')
+        self.errors.add('cookies')
+        self.errors.add('method')
+        self.assertEqual(len(self.errors), 8)
+
+    def test_raises_an_exception_when_location_is_unsupported(self):
+        with self.assertRaises(ValueError):
+            self.errors.add('something')
diff --git a/docs/source/validation.rst b/docs/source/validation.rst
@@ -153,7 +153,7 @@ This means something like this::
         def validate_it(self, request, **kw):
             # pseudo-code validation logic
             if whatever is wrong:
-                request.errors.add('something')
+                request.errors.add('body', description="Something is wrong")
 
     @service.get(klass=MyClass, validators=('validate_it',))
     def view(request):