From b67405d486a0d09abde6423818734bbb5a978bc4 Mon Sep 17 00:00:00 2001
From: Julien Danjou <julien@danjou.info>
Date: Wed, 9 Oct 2013 17:07:40 +0200
Subject: [PATCH] Validate body when using Pecan

This makes sure that when the body is decoded we run the validation
process on it.

Fixes-Bug: #1220678

Change-Id: I765a6ce8c8097ef0e0a734804242e9fcee4ffbcf
---
 tests/pecantest/test/controllers/ws.py |  6 ++++++
 tests/pecantest/test/tests/test_ws.py  | 11 +++++++++++
 wsme/rest/json.py                      |  2 +-
 wsme/rest/xml.py                       |  2 +-
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/tests/pecantest/test/controllers/ws.py b/tests/pecantest/test/controllers/ws.py
index 1dcb0cb..f2c0d96 100644
--- a/tests/pecantest/test/controllers/ws.py
+++ b/tests/pecantest/test/controllers/ws.py
@@ -14,6 +14,12 @@ class Author(Base):
     firstname = text
     books = wsattr(['Book'])
 
+    @staticmethod
+    def validate(author):
+        if author.firstname == 'Robert':
+            raise wsme.exc.ClientSideError("I don't like this author!")
+        return author
+
 
 class Book(Base):
     id = int
diff --git a/tests/pecantest/test/tests/test_ws.py b/tests/pecantest/test/tests/test_ws.py
index 4eb9607..3b21494 100644
--- a/tests/pecantest/test/tests/test_ws.py
+++ b/tests/pecantest/test/tests/test_ws.py
@@ -59,6 +59,17 @@ class TestWS(FunctionalTest):
         assert '<id>1</id>' in body
         assert '<firstname>aname</firstname>' in body
 
+    def test_post_body_parameter_validation(self):
+        res = self.app.post(
+            '/authors', '{"firstname": "Robert"}',
+            headers={"Content-Type": "application/json"},
+            expect_errors=True
+        )
+        self.assertEqual(res.status_int, 400)
+        a = json.loads(res.body.decode('utf-8'))
+        self.assertEqual(a['faultcode'], 'Client')
+        self.assertEqual(a['faultstring'], "I don't like this author!")
+
     def test_post_body_parameter(self):
         res = self.app.post(
             '/authors', '{"firstname": "test"}',
diff --git a/wsme/rest/json.py b/wsme/rest/json.py
index 180ee2c..77277ce 100644
--- a/wsme/rest/json.py
+++ b/wsme/rest/json.py
@@ -140,7 +140,7 @@ def fromjson(datatype, value):
             elif attrdef.mandatory:
                 raise InvalidInput(attrdef.name, None,
                                    "Mandatory field missing.")
-        return obj
+        return wsme.types.validate_value(datatype, obj)
     elif wsme.types.isusertype(datatype):
         value = datatype.frombasetype(
             fromjson(datatype.basetype, value))
diff --git a/wsme/rest/xml.py b/wsme/rest/xml.py
index 1ebc3d5..9a836c3 100644
--- a/wsme/rest/xml.py
+++ b/wsme/rest/xml.py
@@ -105,7 +105,7 @@ def fromxml(datatype, element):
             elif attrdef.mandatory:
                 raise InvalidInput(attrdef.name, None,
                                    "Mandatory field missing.")
-        return obj
+        return wsme.types.validate_value(datatype, obj)
     if datatype is wsme.types.bytes:
         return element.text.encode('ascii')
     return datatype(element.text)