diff options
Diffstat (limited to 'keystone/auth/plugins/token.py')
-rw-r--r-- | keystone/auth/plugins/token.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/keystone/auth/plugins/token.py b/keystone/auth/plugins/token.py index d9b3d2f8..720eccac 100644 --- a/keystone/auth/plugins/token.py +++ b/keystone/auth/plugins/token.py @@ -16,6 +16,7 @@ from keystone import auth from keystone.common import logging +from keystone.common import wsgi from keystone import exception from keystone import token @@ -36,6 +37,7 @@ class Token(auth.AuthMethodHandler): target=METHOD_NAME) token_id = auth_payload['id'] token_ref = self.token_api.get_token(token_id) + wsgi.validate_token_bind(context, token_ref) user_context.setdefault( 'user_id', token_ref['token_data']['token']['user']['id']) # to support Grizzly-3 to Grizzly-RC1 transition @@ -46,7 +48,8 @@ class Token(auth.AuthMethodHandler): token_ref['token_data']['token']['extras']) user_context['method_names'].extend( token_ref['token_data']['token']['methods']) - if 'trust' in token_ref['token_data']: + if ('OS-TRUST:trust' in token_ref['token_data']['token'] or + 'trust' in token_ref['token_data']['token']): raise exception.Forbidden() except AssertionError as e: LOG.error(e) |