Don't assume group IDs are UUID format
When using the Fernet token provider to build a federated payload, we can't assume that the group ID will always be a UUID format that we can convert to bytes. This change makes the Fernet code smart enough to pass the original group ID in the payload if it can't convert it to bytes. Change-Id: I6d00902eb461c22aafd9cb5ca706b05bedefd37d Related-Bug: 1459382
This commit is contained in:
parent
fe3da741c7
commit
5b650ff3f9
|
@ -260,3 +260,30 @@ class TestPayloads(tests.TestCase):
|
|||
self.assertEqual(exp_expires_at, expires_at)
|
||||
self.assertEqual(exp_audit_ids, audit_ids)
|
||||
self.assertEqual(exp_trust_id, trust_id)
|
||||
|
||||
def test_federated_payload_with_non_uuid_ids(self):
|
||||
exp_user_id = 'someNonUuidUserId'
|
||||
exp_methods = ['password']
|
||||
exp_expires_at = timeutils.isotime(timeutils.utcnow())
|
||||
exp_audit_ids = [provider.random_urlsafe_str()]
|
||||
exp_federated_info = {'group_ids': [{'id': 'someNonUuidGroupId'}],
|
||||
'idp_id': uuid.uuid4().hex,
|
||||
'protocol_id': uuid.uuid4().hex}
|
||||
|
||||
payload = token_formatters.FederatedPayload.assemble(
|
||||
exp_user_id, exp_methods, exp_expires_at, exp_audit_ids,
|
||||
exp_federated_info)
|
||||
|
||||
(user_id, methods, expires_at, audit_ids, federated_info) = (
|
||||
token_formatters.FederatedPayload.disassemble(payload))
|
||||
|
||||
self.assertEqual(exp_user_id, user_id)
|
||||
self.assertEqual(exp_methods, methods)
|
||||
self.assertEqual(exp_expires_at, expires_at)
|
||||
self.assertEqual(exp_audit_ids, audit_ids)
|
||||
self.assertEqual(exp_federated_info['group_ids'][0]['id'],
|
||||
federated_info['group_ids'][0]['id'])
|
||||
self.assertEqual(exp_federated_info['idp_id'],
|
||||
federated_info['idp_id'])
|
||||
self.assertEqual(exp_federated_info['protocol_id'],
|
||||
federated_info['protocol_id'])
|
||||
|
|
|
@ -504,7 +504,7 @@ class FederatedPayload(BasePayload):
|
|||
|
||||
"""
|
||||
def pack_group_ids(group_dict):
|
||||
return cls.convert_uuid_hex_to_bytes(group_dict['id'])
|
||||
return cls.attempt_convert_uuid_hex_to_bytes(group_dict['id'])
|
||||
|
||||
b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
|
||||
methods = auth_plugins.convert_method_list_to_integer(methods)
|
||||
|
@ -531,7 +531,7 @@ class FederatedPayload(BasePayload):
|
|||
|
||||
"""
|
||||
def unpack_group_ids(group_id_in_bytes):
|
||||
group_id = cls.convert_uuid_bytes_to_hex(group_id_in_bytes)
|
||||
group_id = cls.attempt_convert_uuid_bytes_to_hex(group_id_in_bytes)
|
||||
return {'id': group_id}
|
||||
|
||||
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
|
||||
|
|
Loading…
Reference in New Issue