diff options
author | lin-hua-cheng <os.lcheng@gmail.com> | 2015-04-01 21:47:38 -0700 |
---|---|---|
committer | lin-hua-cheng <os.lcheng@gmail.com> | 2015-04-01 21:47:38 -0700 |
commit | 7e99945cc64b8e3432965bffb57dce74312b08e2 (patch) | |
tree | 8845dc125175c86afd8725babe681f5bc30d9c25 | |
parent | 98d599961d6e1ad9d66b5682cbb0078bdc36cfed (diff) | |
download | django_openstack_auth-7e99945cc64b8e3432965bffb57dce74312b08e2.tar.gz |
Hash token only for ASN1 and PKIZ tokens
Hashing the token only works if the token is ASN1 or PKIZ.
Check the token format instead of naively checking the token
length if it needs to be hashed.
Change-Id: I1c7bb3a1b6e1da30c241a4813bf7544695bd4fab
Closes-Bug: #1439499
-rw-r--r-- | openstack_auth/user.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/openstack_auth/user.py b/openstack_auth/user.py index 57c6d67..43336e5 100644 --- a/openstack_auth/user.py +++ b/openstack_auth/user.py @@ -16,6 +16,7 @@ import logging from django.conf import settings from django.contrib.auth import models +from keystoneclient.common import cms as keystone_cms from keystoneclient import exceptions as keystone_exceptions from openstack_auth import utils @@ -79,7 +80,8 @@ class Token(object): # Token-related attributes self.id = auth_ref.auth_token self.unscoped_token = unscoped_token - if len(self.id) > 64: + if (keystone_cms.is_asn1_token(self.id) + or keystone_cms.is_pkiz(self.id)): algorithm = getattr(settings, 'OPENSTACK_TOKEN_HASH_ALGORITHM', 'md5') hasher = hashlib.new(algorithm) |