From a32edb646dfb3a7318b6eac6967b8189f484ef10 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Fri, 12 Jan 2018 17:14:05 -0500
Subject: [PATCH] Fix 500 exception when sending a non-string release name to
 appr

Fixes https://jira.coreos.com/browse/QS-120
---
 endpoints/appr/registry.py           |  8 +++++++-
 endpoints/appr/test/test_registry.py | 25 +++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/endpoints/appr/registry.py b/endpoints/appr/registry.py
index 1ed3c928e..d98996a46 100644
--- a/endpoints/appr/registry.py
+++ b/endpoints/appr/registry.py
@@ -195,7 +195,13 @@ def push(namespace, package_name):
   if not 'release' in values:
     raise InvalidUsage('Missing release')
 
-  release_version = values['release']
+  if not 'media_type' in values:
+    raise InvalidUsage('Missing media_type')
+
+  if not 'blob' in values:
+    raise InvalidUsage('Missing blob')
+
+  release_version = str(values['release'])
   media_type = values['media_type']
   force = request.args.get('force', 'false') == 'true'
 
diff --git a/endpoints/appr/test/test_registry.py b/endpoints/appr/test/test_registry.py
index 86cd6e007..6d9c92361 100644
--- a/endpoints/appr/test/test_registry.py
+++ b/endpoints/appr/test/test_registry.py
@@ -1,3 +1,4 @@
+import base64
 import json
 
 from flask import url_for
@@ -37,3 +38,27 @@ def test_login(login_data, expected_code, app, client):
 
   rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
   assert rv.status_code == expected_code
+
+
+@pytest.mark.parametrize('release_name', [
+  '1.0',
+  '1',
+  1,
+])
+def test_invalid_release_name(release_name, app, client):
+  params = {
+    'namespace': 'devtable',
+    'package_name': 'someapprepo',
+  }
+
+  url = url_for('appr.push', **params)
+  auth = base64.b64encode('devtable:password')
+  headers = {'Content-Type': 'application/json', 'Authorization': 'Basic ' + auth}
+  data = {
+    'release': release_name,
+    'media_type': 'application/vnd.cnr.manifest.v1+json',
+    'blob': 'H4sIAFQwWVoAA+3PMQrCQBAF0Bxlb+Bk143nETGIIEoSC29vMMFOu3TvNb/5DH/Ot8f02jWbiohDremT3ZKR90uuUlty7nKJNmqKtkQuTarbzlo8x+k4zFOu4+lyH4afvbnW93/urH98EwAAAAAAAAAAADb0BsdwExIAKAAA',
+  }
+
+  rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
+  assert rv.status_code == 422