From f75f2cae51b6a82dc995a792fe7b9149791b6729 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Sun, 13 Mar 2016 18:57:27 -0400
Subject: [PATCH] Correct sockapi behavior when user authorize returns None

If a user can connect, but gets removed mid session, traces were
being generated.  Correct by recognizing the circumstance and returning
the appropriate error to the client.
---
 confluent_server/confluent/sockapi.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/confluent_server/confluent/sockapi.py b/confluent_server/confluent/sockapi.py
index 38bf589c..6203f198 100644
--- a/confluent_server/confluent/sockapi.py
+++ b/confluent_server/confluent/sockapi.py
@@ -185,15 +185,15 @@ def process_request(connection, request, cfm, authdata, authname, skipauth):
         authdata = auth.authorize(authdata[2], path, authdata[3], operation)
         auditmsg = {
             'operation': operation,
-            'user': authdata[2],
             'target': path,
         }
-        if authdata[3] is not None:
-            auditmsg['tenant'] = authdata[3]
         if authdata is None:
             auditmsg['allowed'] = False
             auditlog.log(auditmsg)
             raise exc.ForbiddenRequest()
+        auditmsg['user'] = authdata[2]
+        if authdata[3] is not None:
+            auditmsg['tenant'] = authdata[3]
         auditmsg['allowed'] = True
         auditlog.log(auditmsg)
     try: