diff options
author | Dolph Mathews <dolph.mathews@gmail.com> | 2013-02-19 10:39:22 -0600 |
---|---|---|
committer | Henry Nash <henryn@linux.vnet.ibm.com> | 2013-03-19 19:19:59 +0000 |
commit | cd3f58a8d05010838bd5e2d095103c2623499112 (patch) | |
tree | b0fe0e0553c71a4d5f603e4acf78e53fc5dd09e4 /keystone/auth | |
parent | a066b69fbe1ad2e3f577a3a21487d2eaebe22a15 (diff) | |
download | keystone-cd3f58a8d05010838bd5e2d095103c2623499112.tar.gz keystone-cd3f58a8d05010838bd5e2d095103c2623499112.tar.xz keystone-cd3f58a8d05010838bd5e2d095103c2623499112.zip |
Validate domains unconditionally (bug 1130236)
Ensure that we validate the domain status of user/project for
a user authenticating via the v2 API.
This patch builds on the initial functional change done by Dolph,
and fixes up the tests that broke sure to domain being required in
any tests that setup data directly in the backends.
Fixes Bug #1130236
Change-Id: I66dfd453fb95fa4fa3fde713b663386a2c2ecdf8
Diffstat (limited to 'keystone/auth')
-rw-r--r-- | keystone/auth/plugins/password.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/keystone/auth/plugins/password.py b/keystone/auth/plugins/password.py index 46ae6cb9..9d924059 100644 --- a/keystone/auth/plugins/password.py +++ b/keystone/auth/plugins/password.py @@ -91,6 +91,9 @@ class UserAuthInfo(object): else: user_ref = self.identity_api.get_user( context=self.context, user_id=user_id) + domain_ref = self.identity_api.get_domain( + context=self.context, domain_id=user_ref['domain_id']) + self._assert_domain_is_enabled(domain_ref) except exception.UserNotFound as e: LOG.exception(e) raise exception.Unauthorized(e) |