From a676abf995285167782f4d2fe2010152d4ffb7b7 Mon Sep 17 00:00:00 2001
From: Serg Melikyan <smelikyan@mirantis.com>
Date: Wed, 7 Aug 2013 11:34:31 +0400
Subject: [PATCH] Resolved MRN-704

Return 403 Error Code when no session is provided for calls
that require session.

Change-Id: I0569c3a476656414e8e95400de5f2ea624d0f31f
---
 muranoapi/utils.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/muranoapi/utils.py b/muranoapi/utils.py
index 2b5c8548d..334909540 100644
--- a/muranoapi/utils.py
+++ b/muranoapi/utils.py
@@ -25,7 +25,7 @@ log = logging.getLogger(__name__)
 def verify_session(func):
     @functools.wraps(func)
     def __inner(self, request, *args, **kwargs):
-        if not hasattr(request, 'context') and not request.context.session:
+        if hasattr(request, 'context') and not request.context.session:
             log.info('Session is required for this call')
             raise exc.HTTPForbidden()
 
@@ -34,6 +34,10 @@ def verify_session(func):
         unit = get_session()
         session = unit.query(Session).get(session_id)
 
+        if session is None:
+            log.info('Session <SessionId {0}> is not found'.format(session_id))
+            raise exc.HTTPForbidden()
+
         if not SessionServices.validate(session):
             log.info('Session <SessionId {0}> is invalid'.format(session_id))
             raise exc.HTTPForbidden()