Fix the wrong check condition

Keystone has the code to prevent `None` value to be returned in the
revoke event, but there is wrong check condition that leads to
the `access_token_id` with None will be returned to end user.

Closes-Bug: #1603861
Change-Id: Ifc2908ffb6b8353d24a6416338d8fadb0e0b2a21
changes/34/342034/3
Dave Chen 6 years ago
parent e788bed7a3
commit 9df02bfb55
  1. 2
      keystone/models/revoke_model.py
  2. 15
      keystone/tests/unit/test_v3_os_revoke.py

@ -111,7 +111,7 @@ class RevokeEvent(object):
event['OS-TRUST:trust_id'] = self.trust_id
if self.consumer_id is not None:
event['OS-OAUTH1:consumer_id'] = self.consumer_id
if self.consumer_id is not None:
if self.access_token_id is not None:
event['OS-OAUTH1:access_token_id'] = self.access_token_id
if self.expires_at is not None:
event['expires_at'] = utils.isotime(self.expires_at)

@ -145,3 +145,18 @@ class OSRevokeTests(test_v3.RestfulTestCase, test_v3.JsonHomeTestMixin):
# Strip off the microseconds from `revoked_at`.
self.assertTimestampEqual(utils.isotime(revoked_at),
events[0]['revoked_at'])
def test_access_token_id_not_in_event(self):
ref = {'description': uuid.uuid4().hex}
resp = self.post('/OS-OAUTH1/consumers', body={'consumer': ref})
consumer_id = resp.result['consumer']['id']
self.oauth_api.delete_consumer(consumer_id)
resp = self.get('/OS-REVOKE/events')
events = resp.json_body['events']
self.assertThat(events, matchers.HasLength(1))
event = events[0]
self.assertEqual(consumer_id, event['OS-OAUTH1:consumer_id'])
# `OS-OAUTH1:access_token_id` is None and won't be returned to
# end user.
self.assertNotIn('OS-OAUTH1:access_token_id', event)

Loading…
Cancel
Save