Don't assume group IDs are UUID format
When using the Fernet token provider to build a federated payload, we can't
assume that the group ID will always be a UUID format that we can convert to
bytes. This change makes the Fernet code smart enough to pass the original
group ID in the payload if it can't convert it to bytes.
Change-Id: I6d00902eb461c22aafd9cb5ca706b05bedefd37d
Related-Bug: 1459382
(cherry picked from commit 5b650ff3f9
)
This commit is contained in:
parent
b255b8ff71
commit
f8afb29a9d
|
@ -260,3 +260,30 @@ class TestPayloads(tests.TestCase):
|
|||
self.assertEqual(exp_expires_at, expires_at)
|
||||
self.assertEqual(exp_audit_ids, audit_ids)
|
||||
self.assertEqual(exp_trust_id, trust_id)
|
||||
|
||||
def test_federated_payload_with_non_uuid_ids(self):
|
||||
exp_user_id = 'someNonUuidUserId'
|
||||
exp_methods = ['password']
|
||||
exp_expires_at = timeutils.isotime(timeutils.utcnow())
|
||||
exp_audit_ids = [provider.random_urlsafe_str()]
|
||||
exp_federated_info = {'group_ids': [{'id': 'someNonUuidGroupId'}],
|
||||
'idp_id': uuid.uuid4().hex,
|
||||
'protocol_id': uuid.uuid4().hex}
|
||||
|
||||
payload = token_formatters.FederatedPayload.assemble(
|
||||
exp_user_id, exp_methods, exp_expires_at, exp_audit_ids,
|
||||
exp_federated_info)
|
||||
|
||||
(user_id, methods, expires_at, audit_ids, federated_info) = (
|
||||
token_formatters.FederatedPayload.disassemble(payload))
|
||||
|
||||
self.assertEqual(exp_user_id, user_id)
|
||||
self.assertEqual(exp_methods, methods)
|
||||
self.assertEqual(exp_expires_at, expires_at)
|
||||
self.assertEqual(exp_audit_ids, audit_ids)
|
||||
self.assertEqual(exp_federated_info['group_ids'][0]['id'],
|
||||
federated_info['group_ids'][0]['id'])
|
||||
self.assertEqual(exp_federated_info['idp_id'],
|
||||
federated_info['idp_id'])
|
||||
self.assertEqual(exp_federated_info['protocol_id'],
|
||||
federated_info['protocol_id'])
|
||||
|
|
|
@ -504,7 +504,7 @@ class FederatedPayload(BasePayload):
|
|||
|
||||
"""
|
||||
def pack_group_ids(group_dict):
|
||||
return cls.convert_uuid_hex_to_bytes(group_dict['id'])
|
||||
return cls.attempt_convert_uuid_hex_to_bytes(group_dict['id'])
|
||||
|
||||
b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
|
||||
methods = auth_plugins.convert_method_list_to_integer(methods)
|
||||
|
@ -530,7 +530,7 @@ class FederatedPayload(BasePayload):
|
|||
|
||||
"""
|
||||
def unpack_group_ids(group_id_in_bytes):
|
||||
group_id = cls.convert_uuid_bytes_to_hex(group_id_in_bytes)
|
||||
group_id = cls.attempt_convert_uuid_bytes_to_hex(group_id_in_bytes)
|
||||
return {'id': group_id}
|
||||
|
||||
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
|
||||
|
|
Loading…
Reference in New Issue