Return JSON for Unauthorized message

To be consistent with how keystone formats 401 responses, keystonemiddleware should also return JSON when auth_token fails to authenticate. This patch modifies the response to use the application/json Content-Type and formats the body in the same way that keystone does[1] [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/wsgi.py?h=9.0.0&id=3e5fca06c6b7dd6060721faa39428b133edd10f0#n812 Change-Id: I6601862ef948b50dedba033c03a42acedbfc8d90 Closes-bug: #1367062
2016-04-22 14:46:19 -07:00 · 2016-04-22 14:46:19 -07:00 · 8d52a83a08
parent 57fbb72c56
commit 8d52a83a08
2 changed files with 15 additions and 5 deletions
--- a/keystonemiddleware/auth_token/init.py
+++ b/keystonemiddleware/auth_token/init.py
@ -751,9 +751,16 @@ class AuthProtocol(BaseAuthProtocol):
                self.log.info(_LI('Deferring reject downstream'))
            else:
                self.log.info(_LI('Rejecting request'))
+                message = 'The request you have made requires authentication.'
+                body = {'error': {
+                    'code': 401,
+                    'title': 'Unauthorized',
+                    'message': message,
+                }}
                raise webob.exc.HTTPUnauthorized(
-                    body='Authentication required',
-                    headers=self._reject_auth_headers)
+                    body=jsonutils.dumps(body),
+                    headers=self._reject_auth_headers,
+                    content_type='application/json')

        if request.user_token_valid:
            user_auth_ref = request.token_auth._user_auth_ref
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@ -1925,7 +1925,8 @@ class CommonCompositeAuthTests(object):
        resp = self.call_middleware(headers={'X-Auth-Token': token,
                                             'X-Service-Token': service_token},
                                    expected_status=401)
-        self.assertEqual(b'Authentication required', resp.body)
+        expected_body = b'The request you have made requires authentication.'
+        self.assertThat(resp.body, matchers.Contains(expected_body))

    def test_composite_auth_no_service_token(self):
        self.purge_service_token_expected_env()
@ -1952,13 +1953,15 @@ class CommonCompositeAuthTests(object):
        resp = self.call_middleware(headers={'X-Auth-Token': token,
                                             'X-Service-Token': service_token},
                                    expected_status=401)
-        self.assertEqual(b'Authentication required', resp.body)
+        expected_body = b'The request you have made requires authentication.'
+        self.assertThat(resp.body, matchers.Contains(expected_body))

    def test_composite_auth_no_user_token(self):
        service_token = self.token_dict['uuid_service_token_default']
        resp = self.call_middleware(headers={'X-Service-Token': service_token},
                                    expected_status=401)
-        self.assertEqual(b'Authentication required', resp.body)
+        expected_body = b'The request you have made requires authentication.'
+        self.assertThat(resp.body, matchers.Contains(expected_body))

    def test_composite_auth_delay_ok(self):
        self.middleware._delay_auth_decision = True