From 121d1c906e2bbddae96ef19f45a6198f1fafb4fc Mon Sep 17 00:00:00 2001
From: Anthony Young <sleepsonthefloor@gmail.com>
Date: Thu, 29 Sep 2011 16:50:01 -0700
Subject: [PATCH] Remove the keystone admin auth hack.  Handle condition when
 no valid tenants returned gracefully.

---
 .../django_openstack/auth/views.py            | 21 ++++-------
 .../tests/view_tests/auth_tests.py            | 37 +++++++++++++++++++
 2 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/django-openstack/django_openstack/auth/views.py b/django-openstack/django_openstack/auth/views.py
index e3759b5506..fe85467a1c 100644
--- a/django-openstack/django_openstack/auth/views.py
+++ b/django-openstack/django_openstack/auth/views.py
@@ -68,24 +68,19 @@ class Login(forms.SelfHandlingForm):
                 request.session['unscoped_token'] = token.id
 
                 def get_first_tenant_for_user():
-                    for t in api.tenant_list_for_token(request, token.id):
-                        # FIXME (anthony)
-                        # keystone does the annoying 'always return everything
-                        # for admin users thing' which causes the following
-                        # annoying code block to exist (until that is fixed)
-                        if is_admin(token):
-                            for u in api.users_list_for_token_and_tenant(
-                                                    request, token.id, t.id):
-                                if u.name == data['username']:
-                                    return t
-                        else:
-                            return t
-                    return None
+                    tenants = api.tenant_list_for_token(request, token.id)
+                    return tenants[0] if len(tenants) else None
 
                 # Get the tenant list, and log in using first tenant
                 # FIXME (anthony): add tenant chooser here?
                 tenant = get_first_tenant_for_user()
 
+                # Abort if there are no valid tenants for this user
+                if not tenant:
+                    messages.error(request, 'No tenants present for user: %s' %
+                                            data['username'])
+                    return
+
                 # Create a token
                 token = api.token_create_scoped_with_token(request,
                                          data.get('tenant', tenant.id),
diff --git a/django-openstack/django_openstack/tests/view_tests/auth_tests.py b/django-openstack/django_openstack/tests/view_tests/auth_tests.py
index 1848a142a5..3df595921d 100644
--- a/django-openstack/django_openstack/tests/view_tests/auth_tests.py
+++ b/django-openstack/django_openstack/tests/view_tests/auth_tests.py
@@ -19,6 +19,7 @@
 #    under the License.
 
 from django import http
+from django.contrib import messages
 from django.core.urlresolvers import reverse
 from django_openstack import api
 from django_openstack.tests.view_tests import base
@@ -50,6 +51,42 @@ class AuthViewTests(base.BaseViewTests):
         res = self.client.get(reverse('auth_login'))
         self.assertRedirectsNoFollow(res, reverse('syspanel_overview'))
 
+    def test_login_no_tenants(self):
+        NEW_TENANT_ID = '6'
+        NEW_TENANT_NAME = 'FAKENAME'
+        TOKEN_ID = 1
+
+        form_data = {'method': 'Login',
+                    'password': self.PASSWORD,
+                    'username': self.TEST_USER}
+
+        self.mox.StubOutWithMock(api, 'token_create')
+        aToken = self.mox.CreateMock(api.Token)
+        aToken.id = TOKEN_ID
+        aToken.user = { 'roles': [{'name': 'fake'}]}
+        aToken.serviceCatalog = {}
+        api.token_create(IsA(http.HttpRequest), "", self.TEST_USER,
+                         self.PASSWORD).AndReturn(aToken)
+
+        aTenant = self.mox.CreateMock(api.Token)
+        aTenant.id = NEW_TENANT_ID
+        aTenant.name = NEW_TENANT_NAME
+
+        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
+        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
+                                  AndReturn([])
+
+        self.mox.StubOutWithMock(messages, 'error')
+        messages.error(IsA(http.HttpRequest), IsA(unicode))
+
+        self.mox.ReplayAll()
+
+        res = self.client.post(reverse('auth_login'), form_data)
+
+        self.assertTemplateUsed(res, 'splash.html')
+
+        self.mox.VerifyAll()
+
     def test_login(self):
         NEW_TENANT_ID = '6'
         NEW_TENANT_NAME = 'FAKENAME'