diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py index f4ec8e5173..97bb3eb1d9 100644 --- a/keystone/tests/unit/test_v3_federation.py +++ b/keystone/tests/unit/test_v3_federation.py @@ -154,8 +154,8 @@ class FederatedSetupMixin(object): self.assertIn('identity_provider', user['OS-FEDERATION']) self.assertIn('protocol', user['OS-FEDERATION']) - # Make sure user_id is url safe - self.assertEqual(urllib.parse.quote(user['name']), user['id']) + # Make sure user_name is url safe + self.assertEqual(urllib.parse.quote(user['name']), user['name']) def _issue_unscoped_token(self, idp=None, @@ -2503,6 +2503,21 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): self._issue_unscoped_token, assertion='ANOTHER_LOCAL_USER_ASSERTION') + def test_user_name_and_id_in_federation_token(self): + r = self._issue_unscoped_token(assertion='EMPLOYEE_ASSERTION') + token = r.json_body['token'] + self.assertEqual( + mapping_fixtures.EMPLOYEE_ASSERTION['UserName'], + token['user']['name']) + self.assertNotEqual(token['user']['name'], token['user']['id']) + r = self.v3_create_token( + self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_EMPLOYEE) + token = r.json_body['token'] + self.assertEqual( + mapping_fixtures.EMPLOYEE_ASSERTION['UserName'], + token['user']['name']) + self.assertNotEqual(token['user']['name'], token['user']['id']) + class FernetFederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin): AUTH_METHOD = 'token' diff --git a/keystone/tests/unit/token/test_fernet_provider.py b/keystone/tests/unit/token/test_fernet_provider.py index 5f51d7b309..a742177392 100644 --- a/keystone/tests/unit/token/test_fernet_provider.py +++ b/keystone/tests/unit/token/test_fernet_provider.py @@ -129,6 +129,7 @@ class TestValidate(unit.TestCase): protocol = uuid.uuid4().hex auth_context = { 'user_id': user_ref['id'], + 'user_name': user_ref['name'], 'group_ids': group_ids, federation_constants.IDENTITY_PROVIDER: identity_provider, federation_constants.PROTOCOL: protocol, @@ -140,7 +141,7 @@ class TestValidate(unit.TestCase): token = token_data['token'] exp_user_info = { 'id': user_ref['id'], - 'name': user_ref['id'], + 'name': user_ref['name'], 'domain': {'id': CONF.federation.federated_domain_name, 'name': CONF.federation.federated_domain_name, }, federation_constants.FEDERATION: { diff --git a/keystone/token/providers/common.py b/keystone/token/providers/common.py index 94729178d3..6c04d66b81 100644 --- a/keystone/token/providers/common.py +++ b/keystone/token/providers/common.py @@ -628,10 +628,14 @@ class BaseProvider(provider.Provider): group_ids = auth_context['group_ids'] idp = auth_context[federation_constants.IDENTITY_PROVIDER] protocol = auth_context[federation_constants.PROTOCOL] + + user_dict = self.identity_api.get_user(user_id) + user_name = user_dict['name'] + token_data = { 'user': { 'id': user_id, - 'name': parse.unquote(user_id), + 'name': parse.unquote(user_name), federation_constants.FEDERATION: { 'groups': [{'id': x} for x in group_ids], 'identity_provider': {'id': idp}, diff --git a/keystone/token/providers/fernet/core.py b/keystone/token/providers/fernet/core.py index ff6fe9cc78..df7556671a 100644 --- a/keystone/token/providers/fernet/core.py +++ b/keystone/token/providers/fernet/core.py @@ -22,7 +22,7 @@ from keystone.token.providers.fernet import token_formatters as tf CONF = cfg.CONF -@dependency.requires('trust_api', 'oauth_api') +@dependency.requires('trust_api', 'oauth_api', 'identity_api') class Provider(common.BaseProvider): def __init__(self, *args, **kwargs): super(Provider, self).__init__(*args, **kwargs) @@ -107,11 +107,14 @@ class Provider(common.BaseProvider): 'protocol': {'id': protocol_id} } + user_dict = self.identity_api.get_user(user_id) + user_name = user_dict['name'] + token_dict = { 'user': { federation_constants.FEDERATION: federated_info, 'id': user_id, - 'name': user_id, + 'name': user_name, 'domain': {'id': CONF.federation.federated_domain_name, 'name': CONF.federation.federated_domain_name, }, }