From ece924a79d27ede1a8475d7f98e6d66bc3cffd6c Mon Sep 17 00:00:00 2001
From: lin-hua-cheng <os.lcheng@gmail.com>
Date: Mon, 13 Jul 2015 15:51:58 -0700
Subject: [PATCH] Configurable token hashing

Provide an option for operator to turn off token
hashing to be performed by horizon.

In some deployment where PKI token format is used
for keystone, token hashing causes issue and results
to 401 error in horizon.

Change-Id: I187b1486db2e453fd49298e1478e30abe97e54fe
Closes-Bug: #1473588
---
 openstack_auth/user.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/openstack_auth/user.py b/openstack_auth/user.py
index 132e37be..77325de1 100644
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@@ -23,6 +23,7 @@ from openstack_auth import utils
 
 
 LOG = logging.getLogger(__name__)
+_TOKEN_HASH_ENABLED = getattr(settings, 'OPENSTACK_TOKEN_HASH_ENABLED', True)
 
 
 def set_session_from_user(request, user):
@@ -81,8 +82,9 @@ class Token(object):
         # Token-related attributes
         self.id = auth_ref.auth_token
         self.unscoped_token = unscoped_token
-        if (keystone_cms.is_asn1_token(self.id)
-                or keystone_cms.is_pkiz(self.id)):
+        if (_TOKEN_HASH_ENABLED and
+                (keystone_cms.is_asn1_token(self.id)
+                    or keystone_cms.is_pkiz(self.id))):
             algorithm = getattr(settings, 'OPENSTACK_TOKEN_HASH_ALGORITHM',
                                 'md5')
             hasher = hashlib.new(algorithm)