Fix 500 error when no fernet token is passed
Keystone returns internal server error if the
user doesn't send any token. This happens only for
fernet token. This review returns 401 if the token
is not passed. Logic is moved from provider to
controller layer.
Since the logic has movoed to controller, some
of code which directly checks for no token in
the provider and their corresponding tests
has been removed from the token providers
as they are redundant.
Closes-Bug: 1526976
Change-Id: I0b6b0c48d6c841f996d1b8711d6c343ddfd5d945
(cherry picked from commit 171f0e2193)
This commit is contained in:
Haneef Ali
Guang Yee
parent
16fb928521
commit
7ce8ce92e7
|
|
@ -4596,9 +4596,6 @@ class TokenTests(object):
|
|||
self.assertRaises(exception.TokenNotFound,
|
||||
self.token_provider_api._persistence.get_token,
|
||||
uuid.uuid4().hex)
|
||||
self.assertRaises(exception.TokenNotFound,
|
||||
self.token_provider_api._persistence.get_token,
|
||||
None)
|
||||
|
||||
def test_delete_token_404(self):
|
||||
self.assertRaises(exception.TokenNotFound,
|
||||
|
|
|
|||
|
|
@ -781,6 +781,12 @@ class TestTokenProvider(unit.TestCase):
|
|||
self.assertIsNone(
|
||||
self.token_provider_api._is_valid_token(create_v3_token()))
|
||||
|
||||
def test_no_token_raises_token_not_found(self):
|
||||
self.assertRaises(
|
||||
exception.TokenNotFound,
|
||||
self.token_provider_api.validate_token,
|
||||
None)
|
||||
|
||||
|
||||
# NOTE(ayoung): renamed to avoid automatic test detection
|
||||
class PKIProviderTests(object):
|
||||
|
|
|
|||
|
|
@ -412,6 +412,17 @@ class TokenAPITests(object):
|
|||
r = self.get('/auth/tokens', headers=self.headers)
|
||||
self.assertValidUnscopedTokenResponse(r)
|
||||
|
||||
def test_validate_missing_subject_token(self):
|
||||
self.get('/auth/tokens',
|
||||
expected_status=http_client.NOT_FOUND)
|
||||
|
||||
def test_validate_missing_auth_token(self):
|
||||
self.admin_request(
|
||||
method='GET',
|
||||
path='/v3/projects',
|
||||
token=None,
|
||||
expected_status=http_client.UNAUTHORIZED)
|
||||
|
||||
def test_validate_token_nocatalog(self):
|
||||
v3_token = self.get_requested_token(self.build_authentication_request(
|
||||
user_id=self.user['id'],
|
||||
|
|
|
|||
|
|
@ -60,11 +60,6 @@ class PersistenceManager(manager.Manager):
|
|||
raise exception.TokenNotFound(token_id=token_id)
|
||||
|
||||
def get_token(self, token_id):
|
||||
if not token_id:
|
||||
# NOTE(morganfainberg): There are cases when the
|
||||
# context['token_id'] will in-fact be None. This also saves
|
||||
# a round-trip to the backend if we don't have a token_id.
|
||||
raise exception.TokenNotFound(token_id='')
|
||||
unique_id = utils.generate_unique_id(token_id)
|
||||
token_ref = self._get_token(unique_id)
|
||||
# NOTE(morganfainberg): Lift expired checking to the manager, there is
|
||||
|
|
|
|||
|
|
@ -230,6 +230,9 @@ class Manager(manager.Manager):
|
|||
return self.check_revocation_v3(token)
|
||||
|
||||
def validate_v3_token(self, token_id):
|
||||
if not token_id:
|
||||
raise exception.TokenNotFound(_('No token in the request'))
|
||||
|
||||
unique_id = utils.generate_unique_id(token_id)
|
||||
# NOTE(lbragstad): Only go to persistent storage if we have a token to
|
||||
# fetch from the backend. If the Fernet token provider is being used
|
||||
|
|
@ -248,6 +251,9 @@ class Manager(manager.Manager):
|
|||
|
||||
@MEMOIZE
|
||||
def _validate_token(self, token_id):
|
||||
if not token_id:
|
||||
raise exception.TokenNotFound(_('No token in the request'))
|
||||
|
||||
if not self._needs_persistence:
|
||||
return self.driver.validate_v3_token(token_id)
|
||||
token_ref = self._persistence.get_token(token_id)
|
||||
|
|
|
|||
Loading…
Reference in New Issue