Raising unauthorized instead of 500 (bug 954547)

Change-Id: I557ff1ca51261edf0824aeb4565816216c59c76e
2012-03-13 22:06:34 -05:00
parent e65a22c43a
commit d2c6e88200
1 changed files with 15 additions and 6 deletions
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@@ -207,17 +207,26 @@ class Application(BaseApplication):
                        context=context, token_id=context['token_id'])
            except exception.TokenNotFound:
                raise exception.Unauthorized()
+
            creds = user_token_ref['metadata'].copy()
-            creds['user_id'] = user_token_ref['user'].get('id')
-            creds['tenant_id'] = user_token_ref['tenant'].get('id')
+
+            try:
+                creds['user_id'] = user_token_ref['user'].get('id')
+            except AttributeError:
+                logging.debug('Invalid user')
+                raise exception.Unauthorized()
+
+            try:
+                creds['tenant_id'] = user_token_ref['tenant'].get('id')
+            except AttributeError:
+                logging.debug('Invalid tenant')
+                raise exception.Unauthorized()
+
            # NOTE(vish): this is pretty inefficient
            creds['roles'] = [self.identity_api.get_role(context, role)['name']
                              for role in creds.get('roles', [])]
            # Accept either is_admin or the admin role
-            self.policy_api.enforce(context,
-                                    creds,
-                                    'admin_required',
-                                    {})
+            self.policy_api.enforce(context, creds, 'admin_required', {})


 class Middleware(Application):