Fix 500 error when no fernet token is passed
Keystone returns internal server error if the user doesn't send any token. This happens only for fernet token. This review returns 401 if the token is not passed. Logic is moved from provider to controller layer. Since the logic has movoed to controller, some of code which directly checks for no token in the provider and their corresponding tests has been removed from the token providers as they are redundant. Closes-Bug: 1526976 Change-Id: I0b6b0c48d6c841f996d1b8711d6c343ddfd5d945
This commit is contained in:
parent
6aee4dde10
commit
171f0e2193
|
@ -4294,9 +4294,6 @@ class TokenTests(object):
|
|||
self.assertRaises(exception.TokenNotFound,
|
||||
self.token_provider_api._persistence.get_token,
|
||||
uuid.uuid4().hex)
|
||||
self.assertRaises(exception.TokenNotFound,
|
||||
self.token_provider_api._persistence.get_token,
|
||||
None)
|
||||
|
||||
def test_delete_token_returns_not_found(self):
|
||||
self.assertRaises(exception.TokenNotFound,
|
||||
|
|
|
@ -781,6 +781,12 @@ class TestTokenProvider(unit.TestCase):
|
|||
self.assertIsNone(
|
||||
self.token_provider_api._is_valid_token(create_v3_token()))
|
||||
|
||||
def test_no_token_raises_token_not_found(self):
|
||||
self.assertRaises(
|
||||
exception.TokenNotFound,
|
||||
self.token_provider_api.validate_token,
|
||||
None)
|
||||
|
||||
|
||||
# NOTE(ayoung): renamed to avoid automatic test detection
|
||||
class PKIProviderTests(object):
|
||||
|
|
|
@ -403,6 +403,17 @@ class TokenAPITests(object):
|
|||
r = self.get('/auth/tokens', headers=self.headers)
|
||||
self.assertValidUnscopedTokenResponse(r)
|
||||
|
||||
def test_validate_missing_subject_token(self):
|
||||
self.get('/auth/tokens',
|
||||
expected_status=http_client.NOT_FOUND)
|
||||
|
||||
def test_validate_missing_auth_token(self):
|
||||
self.admin_request(
|
||||
method='GET',
|
||||
path='/v3/projects',
|
||||
token=None,
|
||||
expected_status=http_client.UNAUTHORIZED)
|
||||
|
||||
def test_validate_token_nocatalog(self):
|
||||
v3_token = self.get_requested_token(self.build_authentication_request(
|
||||
user_id=self.user['id'],
|
||||
|
|
|
@ -60,11 +60,6 @@ class PersistenceManager(manager.Manager):
|
|||
raise exception.TokenNotFound(token_id=token_id)
|
||||
|
||||
def get_token(self, token_id):
|
||||
if not token_id:
|
||||
# NOTE(morganfainberg): There are cases when the
|
||||
# context['token_id'] will in-fact be None. This also saves
|
||||
# a round-trip to the backend if we don't have a token_id.
|
||||
raise exception.TokenNotFound(token_id='')
|
||||
unique_id = utils.generate_unique_id(token_id)
|
||||
token_ref = self._get_token(unique_id)
|
||||
# NOTE(morganfainberg): Lift expired checking to the manager, there is
|
||||
|
|
|
@ -250,6 +250,9 @@ class Manager(manager.Manager):
|
|||
return self.check_revocation_v3(token)
|
||||
|
||||
def validate_v3_token(self, token_id):
|
||||
if not token_id:
|
||||
raise exception.TokenNotFound(_('No token in the request'))
|
||||
|
||||
unique_id = utils.generate_unique_id(token_id)
|
||||
# NOTE(lbragstad): Only go to persistent storage if we have a token to
|
||||
# fetch from the backend (the driver persists the token). Otherwise
|
||||
|
@ -266,6 +269,9 @@ class Manager(manager.Manager):
|
|||
|
||||
@MEMOIZE
|
||||
def _validate_token(self, token_id):
|
||||
if not token_id:
|
||||
raise exception.TokenNotFound(_('No token in the request'))
|
||||
|
||||
if not self._needs_persistence:
|
||||
return self.driver.validate_v3_token(token_id)
|
||||
token_ref = self._persistence.get_token(token_id)
|
||||
|
|
Loading…
Reference in New Issue