diff options
-rw-r--r-- | openstack_auth/user.py | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/openstack_auth/user.py b/openstack_auth/user.py index fa30fe6..45c51bb 100644 --- a/openstack_auth/user.py +++ b/openstack_auth/user.py @@ -84,18 +84,17 @@ class Token(object): # Token-related attributes self.id = auth_ref.auth_token self.unscoped_token = unscoped_token - if (_TOKEN_HASH_ENABLED and - (keystone_cms.is_asn1_token(self.id) - or keystone_cms.is_pkiz(self.id))): + if _TOKEN_HASH_ENABLED and self._is_pki_token(self.id): algorithm = getattr(settings, 'OPENSTACK_TOKEN_HASH_ALGORITHM', 'md5') hasher = hashlib.new(algorithm) hasher.update(self.id) self.id = hasher.hexdigest() - # If the scoped_token is long, then unscoped_token must be too. - hasher = hashlib.new(algorithm) - hasher.update(self.unscoped_token) - self.unscoped_token = hasher.hexdigest() + # Only hash unscoped token if needed + if self._is_pki_token(self.unscoped_token): + hasher = hashlib.new(algorithm) + hasher.update(self.unscoped_token) + self.unscoped_token = hasher.hexdigest() self.expires = auth_ref.expires # Project-related attributes @@ -121,6 +120,11 @@ class Token(object): self.serviceCatalog = auth_ref.service_catalog.get_data() + def _is_pki_token(self, token): + """Determines if this is a pki-based token (pki or pkiz)""" + return (keystone_cms.is_ans1_token(token) + or keystone_cms.is_pkiz(token)) + class User(models.AbstractBaseUser, models.AnonymousUser): """A User class with some extra special sauce for Keystone. |