Merge "Fix 500 error when no fernet token is passed"

2015-12-23 17:26:09 +00:00 · 2015-12-23 17:26:09 +00:00 · b711ce8fe0
parent 8ebddfa549 171f0e2193
commit b711ce8fe0
5 changed files with 23 additions and 8 deletions
--- a/keystone/tests/unit/test_backend.py
+++ b/keystone/tests/unit/test_backend.py
@ -4294,9 +4294,6 @@ class TokenTests(object):
        self.assertRaises(exception.TokenNotFound,
                          self.token_provider_api._persistence.get_token,
                          uuid.uuid4().hex)
-        self.assertRaises(exception.TokenNotFound,
-                          self.token_provider_api._persistence.get_token,
-                          None)

    def test_delete_token_returns_not_found(self):
        self.assertRaises(exception.TokenNotFound,
--- a/keystone/tests/unit/test_token_provider.py
+++ b/keystone/tests/unit/test_token_provider.py
@ -781,6 +781,12 @@ class TestTokenProvider(unit.TestCase):
        self.assertIsNone(
            self.token_provider_api._is_valid_token(create_v3_token()))

+    def test_no_token_raises_token_not_found(self):
+        self.assertRaises(
+            exception.TokenNotFound,
+            self.token_provider_api.validate_token,
+            None)
+

 # NOTE(ayoung): renamed to avoid automatic test detection
 class PKIProviderTests(object):
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -403,6 +403,17 @@ class TokenAPITests(object):
        r = self.get('/auth/tokens', headers=self.headers)
        self.assertValidUnscopedTokenResponse(r)

+    def test_validate_missing_subject_token(self):
+        self.get('/auth/tokens',
+                 expected_status=http_client.NOT_FOUND)
+
+    def test_validate_missing_auth_token(self):
+        self.admin_request(
+            method='GET',
+            path='/v3/projects',
+            token=None,
+            expected_status=http_client.UNAUTHORIZED)
+
    def test_validate_token_nocatalog(self):
        v3_token = self.get_requested_token(self.build_authentication_request(
            user_id=self.user['id'],
--- a/keystone/token/persistence/core.py
+++ b/keystone/token/persistence/core.py
@ -60,11 +60,6 @@ class PersistenceManager(manager.Manager):
            raise exception.TokenNotFound(token_id=token_id)

    def get_token(self, token_id):
-        if not token_id:
-            # NOTE(morganfainberg): There are cases when the
-            # context['token_id'] will in-fact be None. This also saves
-            # a round-trip to the backend if we don't have a token_id.
-            raise exception.TokenNotFound(token_id='')
        unique_id = utils.generate_unique_id(token_id)
        token_ref = self._get_token(unique_id)
        # NOTE(morganfainberg): Lift expired checking to the manager, there is
--- a/keystone/token/provider.py
+++ b/keystone/token/provider.py
@ -250,6 +250,9 @@ class Manager(manager.Manager):
            return self.check_revocation_v3(token)

    def validate_v3_token(self, token_id):
+        if not token_id:
+            raise exception.TokenNotFound(_('No token in the request'))
+
        unique_id = utils.generate_unique_id(token_id)
        # NOTE(lbragstad): Only go to persistent storage if we have a token to
        # fetch from the backend (the driver persists the token). Otherwise
@ -266,6 +269,9 @@ class Manager(manager.Manager):

    @MEMOIZE
    def _validate_token(self, token_id):
+        if not token_id:
+            raise exception.TokenNotFound(_('No token in the request'))
+
        if not self._needs_persistence:
            return self.driver.validate_v3_token(token_id)
        token_ref = self._persistence.get_token(token_id)