Build domain scope for Fernet tokens
This commit makes sure we pass domain_id to get_token_data() for the V3TokenDataHelper object. Previously, we weren't passing domain_id which caused missing data in validation responses for domain-scoped tokens. Change-Id: Ie810ba5d778c2186f699aae5f87ea0ff783e0bf9 Closes-Bug: 1430433
This commit is contained in:
parent
55d940c70b
commit
d1773114ee
|
@ -4200,6 +4200,18 @@ class TestFernetTokenProvider(test_v3.RestfulTestCase,
|
|||
project_scoped_token = self._get_project_scoped_token()
|
||||
self._validate_token(project_scoped_token)
|
||||
|
||||
def test_validate_domain_scoped_token(self):
|
||||
# Grant user access to domain
|
||||
self.assignment_api.create_grant(self.role['id'],
|
||||
user_id=self.user['id'],
|
||||
domain_id=self.domain['id'])
|
||||
domain_scoped_token = self._get_domain_scoped_token()
|
||||
resp = self._validate_token(domain_scoped_token)
|
||||
resp_json = json.loads(resp.body)
|
||||
self.assertIsNotNone(resp_json['token']['catalog'])
|
||||
self.assertIsNotNone(resp_json['token']['roles'])
|
||||
self.assertIsNotNone(resp_json['token']['domain'])
|
||||
|
||||
def test_validate_tampered_project_scoped_token_fails(self):
|
||||
project_scoped_token = self._get_project_scoped_token()
|
||||
tampered_token = (project_scoped_token[:50] + uuid.uuid4().hex +
|
||||
|
|
|
@ -175,6 +175,7 @@ class Provider(common.BaseProvider):
|
|||
return self.v3_token_data_helper.get_token_data(
|
||||
user_id,
|
||||
method_names=methods,
|
||||
domain_id=domain_id,
|
||||
project_id=project_id,
|
||||
issued_at=created_at,
|
||||
expires=expires_at,
|
||||
|
|
Loading…
Reference in New Issue