summaryrefslogtreecommitdiffstats
path: root/keystone/auth/plugins/token.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone/auth/plugins/token.py')
-rw-r--r--keystone/auth/plugins/token.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/keystone/auth/plugins/token.py b/keystone/auth/plugins/token.py
index d9b3d2f8..720eccac 100644
--- a/keystone/auth/plugins/token.py
+++ b/keystone/auth/plugins/token.py
@@ -16,6 +16,7 @@
from keystone import auth
from keystone.common import logging
+from keystone.common import wsgi
from keystone import exception
from keystone import token
@@ -36,6 +37,7 @@ class Token(auth.AuthMethodHandler):
target=METHOD_NAME)
token_id = auth_payload['id']
token_ref = self.token_api.get_token(token_id)
+ wsgi.validate_token_bind(context, token_ref)
user_context.setdefault(
'user_id', token_ref['token_data']['token']['user']['id'])
# to support Grizzly-3 to Grizzly-RC1 transition
@@ -46,7 +48,8 @@ class Token(auth.AuthMethodHandler):
token_ref['token_data']['token']['extras'])
user_context['method_names'].extend(
token_ref['token_data']['token']['methods'])
- if 'trust' in token_ref['token_data']:
+ if ('OS-TRUST:trust' in token_ref['token_data']['token'] or
+ 'trust' in token_ref['token_data']['token']):
raise exception.Forbidden()
except AssertionError as e:
LOG.error(e)
generated by cgit (git 2.34.1) at 2024-06-07 15:43:29 +0000