From 04e55d8ec394df454684bf800517cddb005ab286 Mon Sep 17 00:00:00 2001
From: onovy <novy@ondrej.org>
Date: Fri, 17 Apr 2015 13:09:13 +0200
Subject: [PATCH] When creating account create account in Swift first.

When you try to create account with same suffix as already existed
before, Swift raises error. But SwAuth already created container for
this account in .auth which creates inconsistency.
---
 swauth/middleware.py | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/swauth/middleware.py b/swauth/middleware.py
index 66661ac..2c9a4df 100644
--- a/swauth/middleware.py
+++ b/swauth/middleware.py
@@ -757,24 +757,7 @@ class Swauth(object):
         account = req.path_info_pop()
         if req.path_info or not account or account[0] == '.':
             return HTTPBadRequest(request=req)
-        # Ensure the container in the main auth account exists (this
-        # container represents the new account)
-        path = quote('/v1/%s/%s' % (self.auth_account, account))
-        resp = self.make_pre_authed_request(
-            req.environ, 'HEAD', path).get_response(self.app)
-        if resp.status_int == 404:
-            resp = self.make_pre_authed_request(
-                req.environ, 'PUT', path).get_response(self.app)
-            if resp.status_int // 100 != 2:
-                raise Exception('Could not create account within main auth '
-                    'account: %s %s' % (path, resp.status))
-        elif resp.status_int // 100 == 2:
-            if 'x-container-meta-account-id' in resp.headers:
-                # Account was already created
-                return HTTPAccepted(request=req)
-        else:
-            raise Exception('Could not verify account within main auth '
-                'account: %s %s' % (path, resp.status))
+
         account_suffix = req.headers.get('x-account-suffix')
         if not account_suffix:
             account_suffix = str(uuid4())
@@ -798,6 +781,24 @@ class Swauth(object):
                  'host': self.dsc_parsed2.hostname,
                  'port': self.dsc_parsed2.port, 'path': path})
             raise
+        # Ensure the container in the main auth account exists (this
+        # container represents the new account)
+        path = quote('/v1/%s/%s' % (self.auth_account, account))
+        resp = self.make_pre_authed_request(
+            req.environ, 'HEAD', path).get_response(self.app)
+        if resp.status_int == 404:
+            resp = self.make_pre_authed_request(
+                req.environ, 'PUT', path).get_response(self.app)
+            if resp.status_int // 100 != 2:
+                raise Exception('Could not create account within main auth '
+                    'account: %s %s' % (path, resp.status))
+        elif resp.status_int // 100 == 2:
+            if 'x-container-meta-account-id' in resp.headers:
+                # Account was already created
+                return HTTPAccepted(request=req)
+        else:
+            raise Exception('Could not verify account within main auth '
+                'account: %s %s' % (path, resp.status))
         # Record the mapping from account id back to account name
         path = quote('/v1/%s/.account_id/%s%s' %
                      (self.auth_account, self.reseller_prefix, account_suffix))