Use validate_v3_token instead of validate_token

The token provider has about 3 different ways to validate a token. This since all 3 methods validate tokens in a very similar way we should consolidate the behavior by collapsing the calls. This is an effort to simplify the token provider API. Change-Id: I32b94ce6fad29774d32639459fd17691ba427520
2016-09-30 14:37:18 +00:00 · 2016-09-30 14:37:18 +00:00 · 9aec18b0f2
parent d3054b5e9d
commit 9aec18b0f2
11 changed files with 21 additions and 46 deletions
--- a/keystone/auth/plugins/mapped.py
+++ b/keystone/auth/plugins/mapped.py
@ -35,7 +35,7 @@ class Mapped(base.AuthMethodHandler):

    def _get_token_ref(self, auth_payload):
        token_id = auth_payload['id']
-        response = self.token_provider_api.validate_token(token_id)
+        response = self.token_provider_api.validate_v3_token(token_id)
        return token_model.KeystoneToken(token_id=token_id,
                                         token_data=response)

--- a/keystone/auth/plugins/token.py
+++ b/keystone/auth/plugins/token.py
@ -35,7 +35,7 @@ class Token(base.AuthMethodHandler):

    def _get_token_ref(self, auth_payload):
        token_id = auth_payload['id']
-        response = self.token_provider_api.validate_token(token_id)
+        response = self.token_provider_api.validate_v3_token(token_id)
        return token_model.KeystoneToken(token_id=token_id,
                                         token_data=response)

--- a/keystone/common/controller.py
+++ b/keystone/common/controller.py
@ -133,7 +133,7 @@ def protected(callback=None):
                if request.context_dict.get('subject_token_id') is not None:
                    token_ref = token_model.KeystoneToken(
                        token_id=request.context_dict['subject_token_id'],
-                        token_data=self.token_provider_api.validate_token(
+                        token_data=self.token_provider_api.validate_v3_token(
                            request.context_dict['subject_token_id']))
                    policy_dict.setdefault('target', {})
                    policy_dict['target'].setdefault(self.member_name, {})
--- a/keystone/federation/controllers.py
+++ b/keystone/federation/controllers.py
@ -364,7 +364,7 @@ class Auth(auth_controllers.Auth):
        sp_url = service_provider['sp_url']

        token_id = auth['identity']['token']['id']
-        token_data = self.token_provider_api.validate_token(token_id)
+        token_data = self.token_provider_api.validate_v3_token(token_id)
        token_ref = token_model.KeystoneToken(token_id, token_data)

        if not token_ref.project_scoped:
--- a/keystone/middleware/auth.py
+++ b/keystone/middleware/auth.py
@ -46,7 +46,7 @@ class AuthContextMiddleware(auth_token.BaseAuthProtocol):

    def fetch_token(self, token):
        try:
-            return self.token_provider_api.validate_token(token)
+            return self.token_provider_api.validate_v3_token(token)
        except exception.TokenNotFound:
            raise auth_token.InvalidToken(_('Could not find token'))

--- a/keystone/tests/unit/test_auth.py
+++ b/keystone/tests/unit/test_auth.py
@ -922,7 +922,7 @@ class AuthWithTrust(object):
    def _create_auth_request(self, token_id):
        token_ref = token_model.KeystoneToken(
            token_id=token_id,
-            token_data=self.token_provider_api.validate_token(token_id))
+            token_data=self.token_provider_api.validate_v3_token(token_id))
        auth_context = authorization.token_to_auth_context(token_ref)
        # NOTE(gyee): if public_endpoint and admin_endpoint are not set, which
        # is the default, the base url will be constructed from the environment
--- a/keystone/tests/unit/test_token_provider.py
+++ b/keystone/tests/unit/test_token_provider.py
@ -791,10 +791,16 @@ class TestTokenProvider(unit.TestCase):
        self.assertIsNone(
            self.token_provider_api._is_valid_token(create_v3_token()))

-    def test_no_token_raises_token_not_found(self):
+    def test_validate_v3_token_with_no_token_raises_token_not_found(self):
        self.assertRaises(
            exception.TokenNotFound,
-            self.token_provider_api.validate_token,
+            self.token_provider_api.validate_v3_token,
+            None)
+
+    def test_validate_v2_token_with_no_token_raises_token_not_found(self):
+        self.assertRaises(
+            exception.TokenNotFound,
+            self.token_provider_api.validate_v2_token,
            None)


--- a/keystone/tests/unit/token/test_backends.py
+++ b/keystone/tests/unit/token/test_backends.py
@ -489,7 +489,7 @@ class TokenCacheInvalidation(object):
    def _check_unscoped_tokens_are_invalid(self):
        self.assertRaises(
            exception.TokenNotFound,
-            self.token_provider_api.validate_token,
+            self.token_provider_api.validate_v3_token,
            self.unscoped_token_id)
        self.assertRaises(
            exception.TokenNotFound,
@ -499,7 +499,7 @@ class TokenCacheInvalidation(object):
    def _check_scoped_tokens_are_invalid(self):
        self.assertRaises(
            exception.TokenNotFound,
-            self.token_provider_api.validate_token,
+            self.token_provider_api.validate_v3_token,
            self.scoped_token_id)
        self.assertRaises(
            exception.TokenNotFound,
@ -507,11 +507,11 @@ class TokenCacheInvalidation(object):
            self.scoped_token_id)

    def _check_scoped_tokens_are_valid(self):
-        self.token_provider_api.validate_token(self.scoped_token_id)
+        self.token_provider_api.validate_v3_token(self.scoped_token_id)
        self.token_provider_api.validate_v2_token(self.scoped_token_id)

    def _check_unscoped_tokens_are_valid(self):
-        self.token_provider_api.validate_token(self.unscoped_token_id)
+        self.token_provider_api.validate_v3_token(self.unscoped_token_id)
        self.token_provider_api.validate_v2_token(self.unscoped_token_id)

    def test_delete_unscoped_token(self):
--- a/keystone/token/controllers.py
+++ b/keystone/token/controllers.py
@ -477,7 +477,7 @@ class Auth(controller.V2Controller):
        """Return a list of endpoints available to the token."""
        self.assert_admin(request)

-        token_data = self.token_provider_api.validate_token(token_id)
+        token_data = self.token_provider_api.validate_v3_token(token_id)
        token_ref = token_model.KeystoneToken(token_id, token_data)

        catalog_ref = None
--- a/keystone/token/provider.py
+++ b/keystone/token/provider.py
@ -207,14 +207,6 @@ class Manager(manager.Manager):
            except exception.TokenNotFound:
                six.reraise(*exc_info)

-    def validate_token(self, token_id):
-        unique_id = utils.generate_unique_id(token_id)
-        # NOTE(morganfainberg): Ensure we never use the long-form token_id
-        # (PKI) as part of the cache_key.
-        token = self._validate_token(unique_id)
-        self._is_valid_token(token)
-        return token
-
    def check_revocation_v2(self, token):
        try:
            token_data = token['access']
@ -293,27 +285,6 @@ class Manager(manager.Manager):
    def validate_non_persistent_token(self, token_id):
        return self.driver.validate_non_persistent_token(token_id)

-    @MEMOIZE_TOKENS
-    def _validate_token(self, token_id):
-        if not token_id:
-            raise exception.TokenNotFound(_('No token in the request'))
-
-        try:
-            if not self._needs_persistence:
-                # NOTE(lbragstad): This will validate v2 and v3 non-persistent
-                # tokens.
-                return self.driver.validate_non_persistent_token(token_id)
-            token_ref = self._persistence.get_token(token_id)
-            version = self.get_token_version(token_ref)
-            if version == self.V3:
-                return self.driver.validate_v3_token(token_ref)
-        except exception.Unauthorized as e:
-            LOG.debug('Unable to validate token: %s', e)
-            raise exception.TokenNotFound(token_id=token_id)
-        if version == self.V2:
-            return self.driver.validate_v2_token(token_ref)
-        raise exception.UnsupportedTokenVersionException()
-
    @MEMOIZE_TOKENS
    def _validate_v2_token(self, token_id):
        return self.driver.validate_v2_token(token_id)
@ -421,7 +392,6 @@ class Manager(manager.Manager):
            # to serve as required positional "self" argument. It's ignored,
            # so I've put it here for convenience - any placeholder is fine.
            self._validate_v3_token.set(token_data, TOKENS_REGION, token_id)
-            self._validate_token.set(token_data, TOKENS_REGION, token_id)
            self.validate_non_persistent_token.set(
                token_data, TOKENS_REGION, token_id)

@ -448,7 +418,6 @@ class Manager(manager.Manager):
        # consulted before accepting a token as valid.  For now we will
        # do the explicit individual token invalidation.

-        self._validate_token.invalidate(self, token_id)
        self._validate_v2_token.invalidate(self, token_id)
        self._validate_v3_token.invalidate(self, token_id)
        # This method isn't actually called in the case of non-persistent
@ -459,7 +428,7 @@ class Manager(manager.Manager):
    def revoke_token(self, token_id, revoke_chain=False):
        token_ref = token_model.KeystoneToken(
            token_id=token_id,
-            token_data=self.validate_token(token_id))
+            token_data=self.validate_v3_token(token_id))

        project_id = token_ref.project_id if token_ref.project_scoped else None
        domain_id = token_ref.domain_id if token_ref.domain_scoped else None
--- a/keystone/v2_crud/user_crud.py
+++ b/keystone/v2_crud/user_crud.py
@ -53,7 +53,7 @@ class UserController(identity.controllers.User):
        token_id = request.context_dict.get('token_id')
        original_password = user.get('original_password')

-        token_data = self.token_provider_api.validate_token(token_id)
+        token_data = self.token_provider_api.validate_v3_token(token_id)
        token_ref = token_model.KeystoneToken(token_id=token_id,
                                              token_data=token_data)