openstack/keystone
Code Issues Proposed changes

Raising unauthorized instead of 500 (bug 954547)

Browse Source 
Change-Id: I557ff1ca51261edf0824aeb4565816216c59c76e
This commit is contained in:
Dolph Mathews
2012-03-13 22:06:34 -05:00
parent e65a22c43a
commit d2c6e88200
1 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
keystone/common/wsgi.py
View File

@@ -207,17 +207,26 @@ class Application(BaseApplication):
context=context, token_id=context['token_id']) context=context, token_id=context['token_id'])
except exception.TokenNotFound: except exception.TokenNotFound:
raise exception.Unauthorized() raise exception.Unauthorized()
creds = user_token_ref['metadata'].copy() creds = user_token_ref['metadata'].copy()
creds['user_id'] = user_token_ref['user'].get('id')
creds['tenant_id'] = user_token_ref['tenant'].get('id') try:
creds['user_id'] = user_token_ref['user'].get('id')
except AttributeError:
logging.debug('Invalid user')
raise exception.Unauthorized()
try:
creds['tenant_id'] = user_token_ref['tenant'].get('id')
except AttributeError:
logging.debug('Invalid tenant')
raise exception.Unauthorized()
# NOTE(vish): this is pretty inefficient # NOTE(vish): this is pretty inefficient
creds['roles'] = [self.identity_api.get_role(context, role)['name'] creds['roles'] = [self.identity_api.get_role(context, role)['name']
for role in creds.get('roles', [])] for role in creds.get('roles', [])]
# Accept either is_admin or the admin role # Accept either is_admin or the admin role
self.policy_api.enforce(context, self.policy_api.enforce(context, creds, 'admin_required', {})
creds,
'admin_required',
{})
class Middleware(Application): class Middleware(Application):