From be9734b03bce871d32e21da2ba341dfa42aa020a Mon Sep 17 00:00:00 2001
From: Brian Lamar <brian.lamar@rackspace.com>
Date: Fri, 11 Mar 2011 17:19:14 -0500
Subject: Fixed lp732866 by catching relevant `exception.NotFound` exception.
 Tests did not uncover this vulnerability due to "incorrect" FakeAuthManager.
 I say "incorrect" because potentially different implementations (LDAP or
 Database driven) of AuthManager might return different errors from
 `get_user_from_access_key`.

Also, removed all references to 'bacon', 'ham', 'herp', and 'derp' and replaced them with hopefully more helpful terms.
---
 nova/api/openstack/auth.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'nova/api')

diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index 4c6b58eff..f3a9bdeca 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -135,7 +135,11 @@ class AuthMiddleware(wsgi.Middleware):
         req - wsgi.Request object
         """
         ctxt = context.get_admin_context()
-        user = self.auth.get_user_from_access_key(key)
+
+        try:
+            user = self.auth.get_user_from_access_key(key)
+        except exception.NotFound:
+            user = None
 
         if user and user.name == username:
             token_hash = hashlib.sha1('%s%s%f' % (username, key,
-- 
cgit