From e8ad01cb41bda25bf4f2d41cbdd686e5d7f48229 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <jschorr@gmail.com>
Date: Mon, 15 Sep 2014 11:27:33 -0400
Subject: [PATCH] Lots of small NPE and other exception fixes

---
 auth/auth.py        | 9 ++++++++-
 data/model/oauth.py | 2 +-
 endpoints/index.py  | 3 +++
 static/js/app.js    | 9 +++++++--
 storage/cloud.py    | 3 +++
 5 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/auth/auth.py b/auth/auth.py
index 3616792ad..a81876e54 100644
--- a/auth/auth.py
+++ b/auth/auth.py
@@ -135,8 +135,15 @@ def process_token(auth):
     logger.warning('Invalid token format: %s' % auth)
     abort(401, message='Invalid token format: %(auth)s', issue='invalid-auth-token', auth=auth)
 
-  token_vals = {val[0]: val[1] for val in
+  def safe_get(lst, index, default_value):
+    try:
+      return lst[index]
+    except IndexError:
+      return default_value
+
+  token_vals = {val[0]: safe_get(val, 1, '') for val in
                 (detail.split('=') for detail in token_details)}
+
   if 'signature' not in token_vals:
     logger.warning('Token does not contain signature: %s' % auth)
     abort(401, message='Token does not contain a valid signature: %(auth)s',
diff --git a/data/model/oauth.py b/data/model/oauth.py
index 309e2122a..51bfc053e 100644
--- a/data/model/oauth.py
+++ b/data/model/oauth.py
@@ -46,7 +46,7 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
   def validate_redirect_uri(self, client_id, redirect_uri):
     try:
       app = OAuthApplication.get(client_id=client_id)
-      if app.redirect_uri and redirect_uri.startswith(app.redirect_uri):
+      if app.redirect_uri and redirect_uri and redirect_uri.startswith(app.redirect_uri):
         return True
       return False
     except OAuthApplication.DoesNotExist:
diff --git a/endpoints/index.py b/endpoints/index.py
index 4017d47e9..5c8d7058a 100644
--- a/endpoints/index.py
+++ b/endpoints/index.py
@@ -66,6 +66,9 @@ def generate_headers(role='read'):
 @index.route('/users/', methods=['POST'])
 def create_user():
   user_data = request.get_json()
+  if not 'username' in user_data:
+    abort(400, 'Missing username')
+
   username = user_data['username']
   password = user_data.get('password', '')
 
diff --git a/static/js/app.js b/static/js/app.js
index 6a6bf27e3..9ebe2a3e1 100644
--- a/static/js/app.js
+++ b/static/js/app.js
@@ -556,7 +556,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
         // If an error occurred, report it and done.
         if (ping < 0) {
           cached['pings'] = [-1];
-          invokeCallback($scope, pings, callback);
+          invokeCallback($scope, [-1], callback);
           return;
         }
 
@@ -1518,7 +1518,12 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       };
 
       notificationService.getPage = function(notification) {
-        var page = notificationKinds[notification['kind']]['page'];
+        var kindInfo = notificationKinds[notification['kind']];
+        if (!kindInfo) {
+          return null;
+        }
+
+        var page = kindInfo['page'];
         if (typeof page != 'string') {
           page = page(notification['metadata']);
         }
diff --git a/storage/cloud.py b/storage/cloud.py
index 824c57534..06dd8a2a9 100644
--- a/storage/cloud.py
+++ b/storage/cloud.py
@@ -205,6 +205,9 @@ class _CloudStorage(BaseStorage):
     path = self._init_path(path)
     key = self._key_class(self._cloud_bucket, path)
     k = self._cloud_bucket.lookup(key)
+    if k is None:
+      raise IOError('No such key: \'{0}\''.format(path))
+
     return k.etag[1:-1][:7]