Fix fernet audit ids for v2.0
The fernet token provider was doing some weird things with audit ids that
caused token rescoping to not work because audit ids were never pulled from the
original token. This commit also enables some tests for v2.0 authentication
with the Fernet as the token provider.
Closes-Bug: 1577558
Change-Id: Iffbaf505ef50a6c6d97c5340645acb2f6fda7e0e
(cherry picked from commit 0d376025ba
)
This commit is contained in:
parent
56a35b0054
commit
ee1dc94104
|
@ -33,6 +33,7 @@ from keystone import exception
|
|||
from keystone.models import token_model
|
||||
from keystone.tests import unit
|
||||
from keystone.tests.unit import default_fixtures
|
||||
from keystone.tests.unit import ksfixtures
|
||||
from keystone.tests.unit.ksfixtures import database
|
||||
from keystone import token
|
||||
from keystone.token import provider
|
||||
|
@ -671,6 +672,27 @@ class AuthWithToken(AuthTest):
|
|||
token_id=token_2_id)
|
||||
|
||||
|
||||
class FernetAuthWithToken(AuthWithToken):
|
||||
def config_overrides(self):
|
||||
super(FernetAuthWithToken, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
|
||||
def test_token_auth_with_binding(self):
|
||||
self.config_fixture.config(group='token', bind=['kerberos'])
|
||||
body_dict = _build_user_auth()
|
||||
self.assertRaises(exception.NotImplemented,
|
||||
self.controller.authenticate,
|
||||
self.context_with_remote_user,
|
||||
body_dict)
|
||||
|
||||
def test_revoke_with_no_audit_info(self):
|
||||
self.skipTest('Fernet with v2.0 and revocation is broken')
|
||||
|
||||
def test_deleting_role_revokes_token(self):
|
||||
self.skipTest('Fernet with v2.0 and revocation is broken')
|
||||
|
||||
|
||||
class AuthWithPasswordCredentials(AuthTest):
|
||||
def test_auth_invalid_user(self):
|
||||
"""Verify exception is raised if invalid user."""
|
||||
|
|
|
@ -180,7 +180,8 @@ class Auth(controller.V2Controller):
|
|||
try:
|
||||
token_model_ref = token_model.KeystoneToken(
|
||||
token_id=old_token,
|
||||
token_data=self.token_provider_api.validate_token(old_token))
|
||||
token_data=self.token_provider_api.validate_v2_token(old_token)
|
||||
)
|
||||
except exception.NotFound as e:
|
||||
raise exception.Unauthorized(e)
|
||||
|
||||
|
|
|
@ -15,7 +15,6 @@ from oslo_config import cfg
|
|||
from keystone.common import dependency
|
||||
from keystone.common import utils as ks_utils
|
||||
from keystone.federation import constants as federation_constants
|
||||
from keystone.token import provider
|
||||
from keystone.token.providers import common
|
||||
from keystone.token.providers.fernet import token_formatters as tf
|
||||
|
||||
|
@ -145,12 +144,8 @@ class Provider(common.BaseProvider):
|
|||
expires_at = token_data['access']['token']['expires']
|
||||
audit_ids = token_data['access']['token'].get('audit_ids')
|
||||
methods = ['password']
|
||||
if audit_ids:
|
||||
parent_audit_id = token_data['access']['token'].get(
|
||||
'parent_audit_id')
|
||||
audit_ids = provider.audit_info(parent_audit_id)
|
||||
if parent_audit_id:
|
||||
methods.append('token')
|
||||
if len(audit_ids) > 1:
|
||||
methods.append('token')
|
||||
project_id = token_data['access']['token'].get('tenant', {}).get('id')
|
||||
domain_id = None
|
||||
trust_id = None
|
||||
|
|
Loading…
Reference in New Issue