From f8afb29a9daecce5ab1738d1a8a6e543159de502 Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Thu, 28 May 2015 13:35:30 +0000
Subject: [PATCH] Don't assume group IDs are UUID format

When using the Fernet token provider to build a federated payload, we can't
assume that the group ID will always be a UUID format that we can convert to
bytes. This change makes the Fernet code smart enough to pass the original
group ID in the payload if it can't convert it to bytes.

Change-Id: I6d00902eb461c22aafd9cb5ca706b05bedefd37d
Related-Bug: 1459382
(cherry picked from commit 5b650ff3f9b86c3aa6889fca479be8be57fc08e0)
---
 .../tests/unit/token/test_fernet_provider.py  | 27 +++++++++++++++++++
 .../providers/fernet/token_formatters.py      |  4 +--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/keystone/tests/unit/token/test_fernet_provider.py b/keystone/tests/unit/token/test_fernet_provider.py
index e2c5ca6d83..e23164d58a 100644
--- a/keystone/tests/unit/token/test_fernet_provider.py
+++ b/keystone/tests/unit/token/test_fernet_provider.py
@@ -260,3 +260,30 @@ class TestPayloads(tests.TestCase):
         self.assertEqual(exp_expires_at, expires_at)
         self.assertEqual(exp_audit_ids, audit_ids)
         self.assertEqual(exp_trust_id, trust_id)
+
+    def test_federated_payload_with_non_uuid_ids(self):
+        exp_user_id = 'someNonUuidUserId'
+        exp_methods = ['password']
+        exp_expires_at = timeutils.isotime(timeutils.utcnow())
+        exp_audit_ids = [provider.random_urlsafe_str()]
+        exp_federated_info = {'group_ids': [{'id': 'someNonUuidGroupId'}],
+                              'idp_id': uuid.uuid4().hex,
+                              'protocol_id': uuid.uuid4().hex}
+
+        payload = token_formatters.FederatedPayload.assemble(
+            exp_user_id, exp_methods, exp_expires_at, exp_audit_ids,
+            exp_federated_info)
+
+        (user_id, methods, expires_at, audit_ids, federated_info) = (
+            token_formatters.FederatedPayload.disassemble(payload))
+
+        self.assertEqual(exp_user_id, user_id)
+        self.assertEqual(exp_methods, methods)
+        self.assertEqual(exp_expires_at, expires_at)
+        self.assertEqual(exp_audit_ids, audit_ids)
+        self.assertEqual(exp_federated_info['group_ids'][0]['id'],
+                         federated_info['group_ids'][0]['id'])
+        self.assertEqual(exp_federated_info['idp_id'],
+                         federated_info['idp_id'])
+        self.assertEqual(exp_federated_info['protocol_id'],
+                         federated_info['protocol_id'])
diff --git a/keystone/token/providers/fernet/token_formatters.py b/keystone/token/providers/fernet/token_formatters.py
index bc12cabf64..331012ec32 100644
--- a/keystone/token/providers/fernet/token_formatters.py
+++ b/keystone/token/providers/fernet/token_formatters.py
@@ -504,7 +504,7 @@ class FederatedPayload(BasePayload):
 
         """
         def pack_group_ids(group_dict):
-            return cls.convert_uuid_hex_to_bytes(group_dict['id'])
+            return cls.attempt_convert_uuid_hex_to_bytes(group_dict['id'])
 
         b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
         methods = auth_plugins.convert_method_list_to_integer(methods)
@@ -530,7 +530,7 @@ class FederatedPayload(BasePayload):
 
         """
         def unpack_group_ids(group_id_in_bytes):
-            group_id = cls.convert_uuid_bytes_to_hex(group_id_in_bytes)
+            group_id = cls.attempt_convert_uuid_bytes_to_hex(group_id_in_bytes)
             return {'id': group_id}
 
         user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])