yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #42737
[Bug 1488451] Re: Possible refactor of keystone.common.validate_token_bind's code
** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1488451
Title:
Possible refactor of keystone.common.validate_token_bind's code
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
The part original code of keystone.common.validate_token_bind function is as follows
---
def validate_token_bind(context, token_ref):
...
bind = token_ref.bind
# permissive and strict modes don't require there to be a bind
permissive = bind_mode in ('permissive', 'strict')
# get the named mode if bind_mode is not one of the known
name = None if permissive or bind_mode == 'required' else bind_mode
if not bind:
if permissive:
# no bind provided and none required
return
else:
LOG.info(_LI("No bind information present in token"))
raise exception.Unauthorized()
...
---
If the bind is None, It is not necessary to execute the "name = None if permissive or bind_mode == 'required' else bind_mode".
So It had better to adjust the sequence about the above code.
The changed code is as follows:
---
def validate_token_bind(context, token_ref):
...
bind = token_ref.bind
# permissive and strict modes don't require there to be a bind
permissive = bind_mode in ('permissive', 'strict')
if not bind:
if permissive:
# no bind provided and none required
return
else:
LOG.info(_LI("No bind information present in token"))
raise exception.Unauthorized()
# get the named mode if bind_mode is not one of the known
name = None if permissive or bind_mode == 'required' else bind_mode
...
---
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1488451/+subscriptions
References
