Merge "Use unscoped token for scoping to project" into stable/kilo

openstack_auth/backend.py

@@ -138,11 +138,9 @@ class KeystoneBackend(object):
         request = kwargs.get('request')
 
         if request:
-            # Check if token is automatically scoped to default_project
-            # grab the project from this token, to use as a default
-            # if no recent_project is found in the cookie
-            recent_project = request.COOKIES.get('recent_project',
-                                                 unscoped_auth_ref.project_id)
+            # Grab recent_project found in the cookie, try to scope
+            # to the last project used.
+            recent_project = request.COOKIES.get('recent_project')
 
         # if a most recent project was found, try using it first
         if recent_project:

openstack_auth/plugin/password.py

@@ -42,7 +42,8 @@ class PasswordPlugin(base.BasePlugin):
             return v3_auth.Password(auth_url=auth_url,
                                     username=username,
                                     password=password,
-                                    user_domain_name=user_domain_name)
+                                    user_domain_name=user_domain_name,
+                                    unscoped=True)
 
         else:
             return v2_auth.Password(auth_url=auth_url,

openstack_auth/tests/tests.py

@@ -496,7 +496,8 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
         return auth_v3.Password(auth_url=url,
                                 password=password,
                                 username=username,
-                                user_domain_name=DEFAULT_DOMAIN)
+                                user_domain_name=DEFAULT_DOMAIN,
+                                unscoped=True)
 
     def _create_token_auth(self, project_id, token=None, url=None):
         if not token: