Add tests for 718999, fix a little brittle code introduced by the committed fix.

Also fix and test for a 500 if the auth token doesn't exist in the database.
author: Kevin L. Mitchell <kevin.mitchell@rackspace.com> 2011-02-25 19:54:40 +0000
committer: Tarmac <> 2011-02-25 19:54:40 +0000
commit: 18e16ab9f5be77764a810b2d6ac5ae8c5be6bb52 (patch)
tree: e012d607f5cd709ae69ff7257f0d208f931d84f0 /nova
parent: 8b37ae8c291a38407654859d7ff659ced92c0270 (diff)
parent: fa6778586ab303f9e65aa3c50b80d20a4f097c6f (diff)
download: nova-18e16ab9f5be77764a810b2d6ac5ae8c5be6bb52.tar.gz
nova-18e16ab9f5be77764a810b2d6ac5ae8c5be6bb52.tar.xz
nova-18e16ab9f5be77764a810b2d6ac5ae8c5be6bb52.zip
4 files changed, 51 insertions, 4 deletions
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index dff69a7f2..6011e6115 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -26,6 +26,7 @@ import webob.dec
 from nova import auth
 from nova import context
 from nova import db
+from nova import exception
 from nova import flags
 from nova import manager
 from nova import utils
@@ -103,11 +104,14 @@ class AuthMiddleware(wsgi.Middleware):
         2 days ago.
         """
         ctxt = context.get_admin_context()
-        token = self.db.auth_token_get(ctxt, token_hash)
+        try:
+            token = self.db.auth_token_get(ctxt, token_hash)
+        except exception.NotFound:
+            return None
         if token:
             delta = datetime.datetime.now() - token.created_at
             if delta.days >= 2:
-                self.db.auth_token_destroy(ctxt, token.id)
+                self.db.auth_token_destroy(ctxt, token.token_hash)
             else:
                 return self.auth.get_user(token.user_id)
         return None
diff --git a/nova/db/api.py b/nova/db/api.py
index 4c7eb857f..dcaf55e8f 100644
--- a/nova/db/api.py
+++ b/nova/db/api.py
@@ -640,6 +640,11 @@ def auth_token_get(context, token_hash):
     return IMPL.auth_token_get(context, token_hash)
 
 
+def auth_token_update(context, token_hash, values):
+    """Updates a token given the hash representing it."""
+    return IMPL.auth_token_update(context, token_hash, values)
+
+
 def auth_token_create(context, token):
     """Creates a new token."""
     return IMPL.auth_token_create(context, token)
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index 0be08c4d1..6df2a8843 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -1270,8 +1270,9 @@ def auth_token_destroy(context, token_id):
 
 
 @require_admin_context
-def auth_token_get(context, token_hash):
-    session = get_session()
+def auth_token_get(context, token_hash, session=None):
+    if session is None:
+        session = get_session()
     tk = session.query(models.AuthToken).\
                   filter_by(token_hash=token_hash).\
                   filter_by(deleted=can_read_deleted(context)).\
@@ -1282,6 +1283,15 @@ def auth_token_get(context, token_hash):
 
 
 @require_admin_context
+def auth_token_update(context, token_hash, values):
+    session = get_session()
+    with session.begin():
+        token_ref = auth_token_get(context, token_hash, session=session)
+        token_ref.update(values)
+        token_ref.save(session=session)
+
+
+@require_admin_context
 def auth_token_create(_context, token):
     tk = models.AuthToken()
     tk.update(token)
diff --git a/nova/tests/api/openstack/test_auth.py b/nova/tests/api/openstack/test_auth.py
index 86dfb110f..ff8d42a14 100644
--- a/nova/tests/api/openstack/test_auth.py
+++ b/nova/tests/api/openstack/test_auth.py
@@ -26,6 +26,7 @@ import nova.api.openstack.auth
 import nova.auth.manager
 from nova import auth
 from nova import context
+from nova import db
 from nova import test
 from nova.tests.api.openstack import fakes
 
@@ -130,6 +131,33 @@ class Test(test.TestCase):
         self.assertEqual(result.status, '401 Unauthorized')
 
 
+class TestFunctional(test.TestCase):
+    def test_token_expiry(self):
+        ctx = context.get_admin_context()
+        tok = db.auth_token_create(ctx, dict(
+                token_hash='bacon',
+                cdn_management_url='',
+                server_management_url='',
+                storage_url='',
+                user_id='ham',
+                ))
+
+        db.auth_token_update(ctx, tok.token_hash, dict(
+                created_at=datetime.datetime(2000, 1, 1, 12, 0, 0),
+                ))
+
+        req = webob.Request.blank('/v1.0/')
+        req.headers['X-Auth-Token'] = 'bacon'
+        result = req.get_response(fakes.wsgi_app())
+        self.assertEqual(result.status, '401 Unauthorized')
+
+    def test_token_doesnotexist(self):
+        req = webob.Request.blank('/v1.0/')
+        req.headers['X-Auth-Token'] = 'ham'
+        result = req.get_response(fakes.wsgi_app())
+        self.assertEqual(result.status, '401 Unauthorized')
+
+
 class TestLimiter(test.TestCase):
     def setUp(self):
         super(TestLimiter, self).setUp()
author	Kevin L. Mitchell <kevin.mitchell@rackspace.com>	2011-02-25 19:54:40 +0000
committer	Tarmac <>	2011-02-25 19:54:40 +0000
commit	18e16ab9f5be77764a810b2d6ac5ae8c5be6bb52 (patch)
tree	e012d607f5cd709ae69ff7257f0d208f931d84f0 /nova
parent	8b37ae8c291a38407654859d7ff659ced92c0270 (diff)
parent	fa6778586ab303f9e65aa3c50b80d20a4f097c6f (diff)
download	nova-18e16ab9f5be77764a810b2d6ac5ae8c5be6bb52.tar.gz nova-18e16ab9f5be77764a810b2d6ac5ae8c5be6bb52.tar.xz nova-18e16ab9f5be77764a810b2d6ac5ae8c5be6bb52.zip