diff --git a/swift/common/middleware/swauth.py b/swift/common/middleware/swauth.py index 0f8c467113..610df8b80f 100644 --- a/swift/common/middleware/swauth.py +++ b/swift/common/middleware/swauth.py @@ -174,7 +174,8 @@ class Swauth(object): if expires < time(): groups = None if not groups: - path = quote('/v1/%s/.token/%s' % (self.auth_account, token)) + path = quote('/v1/%s/.token%s/%s' % + (self.auth_account, token[-1], token)) resp = self.make_request(env, 'GET', path).get_response(self.app) if resp.status_int // 100 != 2: return None @@ -331,8 +332,14 @@ class Swauth(object): if resp.status_int // 100 != 2: raise Exception('Could not create the main auth account: %s %s' % (path, resp.status)) - for container in ('.token', '.account_id'): - path = quote('/v1/%s/%s' % (self.auth_account, container)) + path = quote('/v1/%s/.account_id' % self.auth_account) + resp = self.make_request(req.environ, 'PUT', + path).get_response(self.app) + if resp.status_int // 100 != 2: + raise Exception('Could not create container: %s %s' % + (path, resp.status)) + for container in xrange(16): + path = quote('/v1/%s/.token%x' % (self.auth_account, container)) resp = self.make_request(req.environ, 'PUT', path).get_response(self.app) if resp.status_int // 100 != 2: @@ -845,8 +852,8 @@ class Swauth(object): (path, resp.status)) candidate_token = resp.headers.get('x-object-meta-auth-token') if candidate_token: - path = quote('/v1/%s/.token/%s' % (self.auth_account, - candidate_token)) + path = quote('/v1/%s/.token%s/%s' % + (self.auth_account, candidate_token[-1], candidate_token)) resp = self.make_request(req.environ, 'DELETE', path).get_response(self.app) if resp.status_int // 100 != 2 and resp.status_int != 404: @@ -952,8 +959,8 @@ class Swauth(object): token = None candidate_token = resp.headers.get('x-object-meta-auth-token') if candidate_token: - path = quote('/v1/%s/.token/%s' % (self.auth_account, - candidate_token)) + path = quote('/v1/%s/.token%s/%s' % + (self.auth_account, candidate_token[-1], candidate_token)) resp = self.make_request(req.environ, 'GET', path).get_response(self.app) if resp.status_int // 100 == 2: @@ -980,7 +987,8 @@ class Swauth(object): # Generate new token token = '%stk%s' % (self.reseller_prefix, uuid4().hex) # Save token info - path = quote('/v1/%s/.token/%s' % (self.auth_account, token)) + path = quote('/v1/%s/.token%s/%s' % + (self.auth_account, token[-1], token)) resp = self.make_request(req.environ, 'PUT', path, json.dumps({'account': account, 'user': user, 'account_id': account_id, @@ -1042,7 +1050,8 @@ class Swauth(object): if expires < time(): groups = None if not groups: - path = quote('/v1/%s/.token/%s' % (self.auth_account, token)) + path = quote('/v1/%s/.token%s/%s' % + (self.auth_account, token[-1], token)) resp = self.make_request(req.environ, 'GET', path).get_response(self.app) if resp.status_int // 100 != 2: diff --git a/test/unit/common/middleware/test_swauth.py b/test/unit/common/middleware/test_swauth.py index 8f1d6c0633..6c8c32bddd 100644 --- a/test/unit/common/middleware/test_swauth.py +++ b/test/unit/common/middleware/test_swauth.py @@ -826,20 +826,22 @@ class TestAuth(unittest.TestCase): self.assertEquals(self.test_auth.app.calls, 7) def test_prep_success(self): - self.test_auth.app = FakeApp(iter([ + list_to_iter = [ # PUT of .auth account ('201 Created', {}, ''), - # PUT of .token container - ('201 Created', {}, ''), # PUT of .account_id container - ('201 Created', {}, '')])) + ('201 Created', {}, '')] + # PUT of .token* containers + for x in xrange(16): + list_to_iter.append(('201 Created', {}, '')) + self.test_auth.app = FakeApp(iter(list_to_iter)) resp = Request.blank('/auth/v2/.prep', environ={'REQUEST_METHOD': 'POST'}, headers={'X-Auth-Admin-User': '.super_admin', 'X-Auth-Admin-Key': 'supertest'} ).get_response(self.test_auth) self.assertEquals(resp.status_int, 204) - self.assertEquals(self.test_auth.app.calls, 3) + self.assertEquals(self.test_auth.app.calls, 18) def test_prep_bad_method(self): resp = Request.blank('/auth/v2/.prep',