From 96829d1601b0ef25d6b520b225821b16309030df Mon Sep 17 00:00:00 2001 From: Brant Knudson Date: Tue, 22 Apr 2014 16:06:26 -0500 Subject: [PATCH] Debug log when token found in revocation list The auth_token middleware didn't log when a token is rejected because it's in the revocation list. This adds a log message so that it's easier to debug problems. Change-Id: I1388ed04641d209ba2083a1096488edc22267ebe --- keystoneclient/middleware/auth_token.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index 95be453f2..ce8aab42b 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -857,6 +857,7 @@ class AuthProtocol(object): # regardless of initial mechanism used to validate it, # and needs to be checked. if self._is_token_id_in_revoked_list(token_id): + self.LOG.debug('Token is marked as having been revoked') raise InvalidUserToken('Token authorization failed') expires = confirm_token_not_expired(data) self._confirm_token_bind(data, env) @@ -1190,7 +1191,10 @@ class AuthProtocol(object): if isinstance(signed_text, six.text_type): signed_text = signed_text.encode('utf-8') token_id = utils.hash_signed_token(signed_text) - return self._is_token_id_in_revoked_list(token_id) + is_revoked = self._is_token_id_in_revoked_list(token_id) + if is_revoked: + self.LOG.debug('Token is marked as having been revoked') + return is_revoked def _is_token_id_in_revoked_list(self, token_id): """Indicate whether the token_id appears in the revocation list."""