From e343c9386da565371dbfb7767e1cf8a192ce04c4 Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Mon, 26 Aug 2013 11:26:03 -0400
Subject: [PATCH] Fix for 500 error when POST data is not a dict.

---
 awx/main/base_views.py          |  3 +++
 awx/main/tests/base.py          |  4 ++--
 awx/main/tests/organizations.py | 17 +++++++++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/awx/main/base_views.py b/awx/main/base_views.py
index 5d0b75d66a..7cfe920013 100644
--- a/awx/main/base_views.py
+++ b/awx/main/base_views.py
@@ -257,6 +257,9 @@ class SubListCreateAPIView(SubListAPIView, ListCreateAPIView):
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def post(self, request, *args, **kwargs):
+        if not isinstance(request.DATA, dict):
+            return Response('invalid type for post data',
+                            status=status.HTTP_400_BAD_REQUEST)
         if 'disassociate' in request.DATA:
             return self.unattach(request, *args, **kwargs)
         else:
diff --git a/awx/main/tests/base.py b/awx/main/tests/base.py
index 763ceeb720..9e8fc91ca9 100644
--- a/awx/main/tests/base.py
+++ b/awx/main/tests/base.py
@@ -154,8 +154,8 @@ class BaseTestMixin(object):
                       data_type=None, accept=None, remote_addr=None):
         assert method is not None
         method_name = method.lower()
-        if method_name not in ('options', 'head', 'get', 'delete'):
-            assert data is not None
+        #if method_name not in ('options', 'head', 'get', 'delete'):
+        #    assert data is not None
         client_kwargs = {}
         if accept:
             client_kwargs['HTTP_ACCEPT'] = accept
diff --git a/awx/main/tests/organizations.py b/awx/main/tests/organizations.py
index 6359ab1bb7..c90763c717 100644
--- a/awx/main/tests/organizations.py
+++ b/awx/main/tests/organizations.py
@@ -394,4 +394,21 @@ class OrganizationsTest(BaseTest):
         # also check that DELETE on the collection doesn't work
         self.delete(self.collection(), expect=405, auth=self.get_super_credentials())
 
+    def test_invalid_post_data(self):
+        url = reverse('main:organization_list')
+        # API should gracefully handle data of an invalid type.
+        self.post(url, expect=400, data=None, auth=self.get_super_credentials())
+        self.post(url, expect=400, data=99, auth=self.get_super_credentials())
+        self.post(url, expect=400, data='abcd', auth=self.get_super_credentials())
+        self.post(url, expect=400, data=3.14, auth=self.get_super_credentials())
+        self.post(url, expect=400, data=True, auth=self.get_super_credentials())
+        self.post(url, expect=400, data=[1,2,3], auth=self.get_super_credentials())
+        url = reverse('main:organization_users_list', args=(self.organizations[0].pk,))
+        self.post(url, expect=400, data=None, auth=self.get_super_credentials())
+        self.post(url, expect=400, data=99, auth=self.get_super_credentials())
+        self.post(url, expect=400, data='abcd', auth=self.get_super_credentials())
+        self.post(url, expect=400, data=3.14, auth=self.get_super_credentials())
+        self.post(url, expect=400, data=True, auth=self.get_super_credentials())
+        self.post(url, expect=400, data=[1,2,3], auth=self.get_super_credentials())
+
 # TODO: tests for tag disassociation