Browse Source

Add TokenNotFound exception

* raise TokenNotFound from token backends on get/delete when token doesn't exist

Change-Id: Ic9aba7911088c30c20fe62501a05d75232f2d8b9
changes/69/3969/4
Brian Waldon 10 years ago
parent
commit
2c18314e7c
  1. 7
      keystone/common/wsgi.py
  2. 8
      keystone/contrib/ec2/core.py
  3. 4
      keystone/exception.py
  4. 20
      keystone/identity/core.py
  5. 23
      keystone/service.py
  6. 13
      keystone/token/backends/kvs.py
  7. 9
      keystone/token/backends/memcache.py
  8. 8
      keystone/token/backends/sql.py
  9. 4
      keystone/token/core.py
  10. 9
      tests/test_backend.py
  11. 12
      tests/test_backend_memcache.py

7
keystone/common/wsgi.py

@ -202,8 +202,11 @@ class Application(BaseApplication):
def assert_admin(self, context):
if not context['is_admin']:
user_token_ref = self.token_api.get_token(
context=context, token_id=context['token_id'])
try:
user_token_ref = self.token_api.get_token(
context=context, token_id=context['token_id'])
except exception.TokenNotFound:
raise exception.Unauthorized()
creds = user_token_ref['metadata'].copy()
creds['user_id'] = user_token_ref['user'].get('id')
creds['tenant_id'] = user_token_ref['tenant'].get('id')

8
keystone/contrib/ec2/core.py

@ -26,6 +26,7 @@ import webob.exc
from keystone import catalog
from keystone import config
from keystone import exception
from keystone import identity
from keystone import policy
from keystone import service
@ -252,8 +253,11 @@ class Ec2Controller(wsgi.Application):
:raises webob.exc.HTTPForbidden: when token is invalid
"""
token_ref = self.token_api.get_token(context=context,
token_id=context['token_id'])
try:
token_ref = self.token_api.get_token(context=context,
token_id=context['token_id'])
except exception.TokenNotFound:
raise exception.Unauthorized()
token_user_id = token_ref['user'].get('id')
if not token_user_id == user_id:
raise webob.exc.HTTPForbidden()

4
keystone/exception.py

@ -52,3 +52,7 @@ class NotFound(Error):
"""Could not find: %(target)s"""
code = 404
title = 'Not Found'
class TokenNotFound(NotFound):
"""Could not find token: %(token_id)s"""

20
keystone/identity/core.py

@ -232,10 +232,10 @@ class TenantController(wsgi.Application):
Doesn't care about token scopedness.
"""
token_ref = self.token_api.get_token(context=context,
token_id=context['token_id'])
if token_ref is None:
try:
token_ref = self.token_api.get_token(context=context,
token_id=context['token_id'])
except exception.NotFound:
raise exception.Unauthorized()
user_ref = token_ref['user']
@ -250,17 +250,7 @@ class TenantController(wsgi.Application):
def get_tenant(self, context, tenant_id):
# TODO(termie): this stuff should probably be moved to middleware
if not context['is_admin']:
user_token_ref = self.token_api.get_token(
context=context, token_id=context['token_id'])
creds = user_token_ref['metadata'].copy()
creds['user_id'] = user_token_ref['user'].get('id')
creds['tenant_id'] = user_token_ref['tenant'].get('id')
# Accept either is_admin or the admin role
assert self.policy_api.can_haz(context,
('is_admin:1', 'roles:admin'),
creds)
self.assert_admin(context)
tenant = self.identity_api.get_tenant(context, tenant_id)
if not tenant:
return webob.exc.HTTPNotFound()

23
keystone/service.py

@ -1,8 +1,5 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
import json
import urllib
import urlparse
import uuid
import routes
@ -15,7 +12,6 @@ from keystone import identity
from keystone import policy
from keystone import token
from keystone.common import logging
from keystone.common import utils
from keystone.common import wsgi
@ -195,10 +191,10 @@ class TokenController(wsgi.Application):
else:
tenant_id = auth.get('tenantId', None)
old_token_ref = self.token_api.get_token(context=context,
token_id=token)
if old_token_ref is None:
try:
old_token_ref = self.token_api.get_token(context=context,
token_id=token)
except exception.NotFound:
raise exception.Unauthorized()
user_ref = old_token_ref['user']
@ -253,9 +249,6 @@ class TokenController(wsgi.Application):
token_ref = self.token_api.get_token(context=context,
token_id=token_id)
if token_ref is None:
raise exception.NotFound(target='token')
if belongs_to:
assert token_ref['tenant']['id'] == belongs_to
@ -277,8 +270,12 @@ class TokenController(wsgi.Application):
def endpoints(self, context, token_id):
"""Return service catalog endpoints."""
token_ref = self.token_api.get_token(context=context,
token_id=token_id)
try:
token_ref = self.token_api.get_token(context=context,
token_id=token_id)
except exception.NotFound:
raise exception.Unauthorized()
catalog_ref = self.catalog_api.get_catalog(context,
token_ref['user']['id'],
token_ref['tenant']['id'])

13
keystone/token/backends/kvs.py

@ -1,17 +1,24 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
from keystone import token
from keystone.common import kvs
from keystone import exception
from keystone import token
class Token(kvs.Base, token.Driver):
# Public interface
def get_token(self, token_id):
return self.db.get('token-%s' % token_id)
try:
return self.db['token-%s' % token_id]
except KeyError:
raise exception.TokenNotFound(token_id=token_id)
def create_token(self, token_id, data):
self.db.set('token-%s' % token_id, data)
return data
def delete_token(self, token_id):
return self.db.delete('token-%s' % token_id)
try:
return self.db.delete('token-%s' % token_id)
except KeyError:
raise exception.TokenNotFound(token_id=token_id)

9
keystone/token/backends/memcache.py

@ -5,6 +5,7 @@ from __future__ import absolute_import
import memcache
from keystone import config
from keystone import exception
from keystone import token
@ -30,7 +31,11 @@ class Token(token.Driver):
def get_token(self, token_id):
ptk = self._prefix_token_id(token_id)
return self.client.get(ptk)
token = self.client.get(ptk)
if token is None:
raise exception.TokenNotFound(token_id=token_id)
return token
def create_token(self, token_id, data):
ptk = self._prefix_token_id(token_id)
@ -38,5 +43,7 @@ class Token(token.Driver):
return data
def delete_token(self, token_id):
# Test for existence
self.get_token(token_id)
ptk = self._prefix_token_id(token_id)
return self.client.delete(ptk)

8
keystone/token/backends/sql.py

@ -1,7 +1,8 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
from keystone import token
from keystone.common import sql
from keystone import exception
from keystone import token
class TokenModel(sql.ModelBase, sql.DictBase):
@ -30,7 +31,7 @@ class Token(sql.Base, token.Driver):
session = self.get_session()
token_ref = session.query(TokenModel).filter_by(id=token_id).first()
if not token_ref:
return
raise exception.TokenNotFound(token_id=token_id)
return token_ref.to_dict()
def create_token(self, token_id, data):
@ -47,6 +48,9 @@ class Token(sql.Base, token.Driver):
token_ref = session.query(TokenModel)\
.filter_by(id=token_id)\
.first()
if not token_ref:
raise exception.TokenNotFound(token_id=token_id)
with session.begin():
session.delete(token_ref)
session.flush()

4
keystone/token/core.py

@ -29,7 +29,8 @@ class Driver(object):
:param token_id: identity of the token
:type token_id: string
:returns: token_ref or None.
:returns: token_ref
:raises: keystone.exception.TokenNotFound
"""
raise NotImplementedError()
@ -63,6 +64,7 @@ class Driver(object):
:param token_id: identity of the token
:type token_id: string
:returns: None.
:raises: keystone.exception.TokenNotFound
"""
raise NotImplementedError()

9
tests/test_backend.py

@ -2,6 +2,9 @@
import uuid
from keystone import exception
class IdentityTests(object):
def test_authenticate_bad_user(self):
self.assertRaises(AssertionError,
@ -214,5 +217,7 @@ class TokenTests(object):
self.assertEquals(new_data_ref, data)
self.token_api.delete_token(token_id)
deleted_data_ref = self.token_api.get_token(token_id)
self.assertTrue(deleted_data_ref is None)
self.assertRaises(exception.TokenNotFound,
self.token_api.delete_token, token_id)
self.assertRaises(exception.TokenNotFound,
self.token_api.get_token, token_id)

12
tests/test_backend_memcache.py

@ -1,6 +1,11 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
from keystone import exception
from keystone import test
from keystone.token.backends import memcache as token_memcache
import test_backend
class MemcacheClient(object):
"""Replicates a tiny subset of memcached client interface."""
@ -11,7 +16,10 @@ class MemcacheClient(object):
def get(self, key):
"""Retrieves the value for a key or None."""
return self.cache.get(key)
try:
return self.cache[key]
except KeyError:
raise exception.TokenNotFound(token_id=key)
def set(self, key, value):
"""Sets the value for a key."""
@ -26,7 +34,7 @@ class MemcacheClient(object):
pass
class MemcacheToken(test.TestCase):
class MemcacheToken(test.TestCase, test_backend.TokenTests):
def setUp(self):
super(MemcacheToken, self).setUp()
fake_client = MemcacheClient()

Loading…
Cancel
Save