Hash token only for ASN1 and PKIZ tokens

Hashing the token only works if the token is ASN1 or PKIZ. Check the token format instead of naively checking the token length if it needs to be hashed. Change-Id: I1c7bb3a1b6e1da30c241a4813bf7544695bd4fab Closes-Bug: #1439499
author: lin-hua-cheng <os.lcheng@gmail.com> 2015-04-01 21:47:38 -0700
committer: lin-hua-cheng <os.lcheng@gmail.com> 2015-04-01 21:47:38 -0700
commit: 7e99945cc64b8e3432965bffb57dce74312b08e2 (patch)
tree: 8845dc125175c86afd8725babe681f5bc30d9c25
parent: 98d599961d6e1ad9d66b5682cbb0078bdc36cfed (diff)
download: django_openstack_auth-7e99945cc64b8e3432965bffb57dce74312b08e2.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/openstack_auth/user.py b/openstack_auth/user.py
index 57c6d67..43336e5 100644
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@@ -16,6 +16,7 @@ import logging
 
 from django.conf import settings
 from django.contrib.auth import models
+from keystoneclient.common import cms as keystone_cms
 from keystoneclient import exceptions as keystone_exceptions
 
 from openstack_auth import utils
@@ -79,7 +80,8 @@ class Token(object):
         # Token-related attributes
         self.id = auth_ref.auth_token
         self.unscoped_token = unscoped_token
-        if len(self.id) > 64:
+        if (keystone_cms.is_asn1_token(self.id)
+                or keystone_cms.is_pkiz(self.id)):
             algorithm = getattr(settings, 'OPENSTACK_TOKEN_HASH_ALGORITHM',
                                 'md5')
             hasher = hashlib.new(algorithm)
author	lin-hua-cheng <os.lcheng@gmail.com>	2015-04-01 21:47:38 -0700
committer	lin-hua-cheng <os.lcheng@gmail.com>	2015-04-01 21:47:38 -0700
commit	7e99945cc64b8e3432965bffb57dce74312b08e2 (patch)
tree	8845dc125175c86afd8725babe681f5bc30d9c25
parent	98d599961d6e1ad9d66b5682cbb0078bdc36cfed (diff)
download	django_openstack_auth-7e99945cc64b8e3432965bffb57dce74312b08e2.tar.gz