From ac2d5b85b16da31ebf4833b6264961c567125249 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@gmail.com>
Date: Tue, 13 Nov 2012 15:34:00 -0800
Subject: Properly list tokens with a null tenant

We store the tenant as a null value in json, so checking to see
if it exists is not sufficient. This makes the check safer, checking
for existance and not null before continuing.

Fixes bug 1078497

Change-Id: Ida1b958e5df6f93a30efae0d3f71df668751ff81
---
 keystone/token/backends/kvs.py      | 10 ++++++----
 keystone/token/backends/memcache.py |  5 +++--
 keystone/token/backends/sql.py      | 10 ++++++----
 3 files changed, 15 insertions(+), 10 deletions(-)

(limited to 'keystone/token/backends')

diff --git a/keystone/token/backends/kvs.py b/keystone/token/backends/kvs.py
index d723e505..123e12f9 100644
--- a/keystone/token/backends/kvs.py
+++ b/keystone/token/backends/kvs.py
@@ -59,16 +59,18 @@ class Token(kvs.Base, token.Driver):
         for token, ref in self.db.items():
             if not token.startswith('token-'):
                 continue
-            if 'user' not in ref:
+            user = ref.get('user')
+            if not user:
                 continue
-            if ref['user'].get('id') != user_id:
+            if user.get('id') != user_id:
                 continue
             if ref.get('expires') and ref.get('expires') < now:
                 continue
             if tenant_id is not None:
-                if 'tenant' not in ref:
+                tenant = ref.get('tenant')
+                if not tenant:
                     continue
-                if ref['tenant'].get('id') != tenant_id:
+                if tenant.get('id') != tenant_id:
                     continue
             tokens.append(token.split('-', 1)[1])
         return tokens
diff --git a/keystone/token/backends/memcache.py b/keystone/token/backends/memcache.py
index 41a4e290..e4fa69ad 100644
--- a/keystone/token/backends/memcache.py
+++ b/keystone/token/backends/memcache.py
@@ -109,9 +109,10 @@ class Token(token.Driver):
             token_ref = self.client.get(ptk)
             if token_ref:
                 if tenant_id is not None:
-                    if 'tenant' not in token_ref:
+                    tenant = token_ref.get('tenant')
+                    if not tenant:
                         continue
-                    if token_ref['tenant'].get('id') != tenant_id:
+                    if tenant.get('id') != tenant_id:
                         continue
                 tokens.append(token_id)
         return tokens
diff --git a/keystone/token/backends/sql.py b/keystone/token/backends/sql.py
index 45919c01..6e40e91b 100644
--- a/keystone/token/backends/sql.py
+++ b/keystone/token/backends/sql.py
@@ -82,14 +82,16 @@ class Token(sql.Base, token.Driver):
         token_references = query.filter_by(valid=True)
         for token_ref in token_references:
             token_ref_dict = token_ref.to_dict()
-            if 'user' not in token_ref_dict:
+            user = token_ref_dict.get('user')
+            if not user:
                 continue
-            if token_ref_dict['user'].get('id') != user_id:
+            if user.get('id') != user_id:
                 continue
             if tenant_id is not None:
-                if 'tenant' not in token_ref_dict:
+                tenant = token_ref_dict.get('tenant')
+                if not tenant:
                     continue
-                if token_ref_dict['tenant'].get('id') != tenant_id:
+                if tenant.get('id') != tenant_id:
                     continue
             tokens.append(token_ref['id'])
         return tokens
-- 
cgit