Make it so federated tokens are validated on v2.0

This makes it so that when we validate a fernet federated token against v2.0
and raise an Unauthorized exception.

This is an effort to break https://review.openstack.org/#/c/258650 into
smaller, more reviewable pieces.

Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Co-Authored-By: Adam Young <ayound@redhat.com>

Change-Id: I321e9e72bb31617b4ecf8ba1e0171dfc099b88c7
Partial-Bug: 1561054
This commit is contained in:
Lance Bragstad 2016-07-21 19:36:16 +00:00
parent cd26ae9227
commit 5bbc78a9a8
1 changed files with 5 additions and 0 deletions

View File

@ -90,6 +90,11 @@ class V2TokenDataHelper(object):
'API.')
raise exception.Unauthorized(msg)
if 'OS-FEDERATION' in v3_token['user']:
msg = _('Unable to validate Federation tokens using the version '
'v2.0 API.')
raise exception.Unauthorized(msg)
# Set user roles
user['roles'] = []
role_ids = []