X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauth.py;h=576ae4d376d6964c7ccb489ee6dd0c179e31439d;hp=6c444992f2255c458d3445e3e38c2b06fd8e7aad;hb=ace34903be528e8e10e096d3d059b81df30ddaa9;hpb=a6bb45d79abef42b8585cfa61aedf32e4326f2c9

diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py
index 6c44499..576ae4d 100644
--- a/osm_nbi/auth.py
+++ b/osm_nbi/auth.py
@@ -42,7 +42,7 @@ from time import time
 from os import path
 from base_topic import BaseTopic    # To allow project names in project_id
 
-from authconn import AuthException
+from authconn import AuthException, AuthExceptionUnauthorized
 from authconn_keystone import AuthconnKeystone
 from osm_common import dbmongo
 from osm_common import dbmemory
@@ -292,21 +292,18 @@ class Authenticator:
                 if not token:
                     raise AuthException("Needed a token or Authorization http header",
                                         http_code=HTTPStatus.UNAUTHORIZED)
-                try:
-                    token_info = self.backend.validate_token(token)
-                    # TODO add to token info remote host, port
-
-                    self.check_permissions(token_info, cherrypy.request.path_info,
-                                           cherrypy.request.method)
-                    return token_info
-                except AuthException:
-                    self.del_token(token)
-                    raise
+                token_info = self.backend.validate_token(token)
+                # TODO add to token info remote host, port
+
+                self.check_permissions(token_info, cherrypy.request.path_info,
+                                       cherrypy.request.method)
+                return token_info
         except AuthException as e:
-            if cherrypy.session.get('Authorization'):
-                del cherrypy.session['Authorization']
-            cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
-            raise AuthException(str(e))
+            if not isinstance(e, AuthExceptionUnauthorized):
+                if cherrypy.session.get('Authorization'):
+                    del cherrypy.session['Authorization']
+                cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
+            raise
 
     def new_token(self, session, indata, remote):
         if self.config["authentication"]["backend"] == "internal":
@@ -317,7 +314,7 @@ class Authenticator:
                 current_token = session.get("token")
             token_info = self.backend.authenticate(
                 user=indata.get("username"),
-                password=indata.get("username"),
+                password=indata.get("password"),
                 token=current_token,
                 project=indata.get("project_id")
             )
@@ -429,7 +426,7 @@ class Authenticator:
             if role in roles_required:
                 return
 
-        raise AuthException("Access denied: lack of permissions.")
+        raise AuthExceptionUnauthorized("Access denied: lack of permissions.")
 
     def get_user_list(self):
         return self.backend.get_user_list()