summaryrefslogtreecommitdiffstats
path: root/keystone/auth/plugins/token.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone/auth/plugins/token.py')
-rw-r--r--keystone/auth/plugins/token.py9
1 files changed, 6 insertions, 3 deletions
diff --git a/keystone/auth/plugins/token.py b/keystone/auth/plugins/token.py
index b82c0311..bc7cb1ba 100644
--- a/keystone/auth/plugins/token.py
+++ b/keystone/auth/plugins/token.py
@@ -37,6 +37,12 @@ class Token(auth.AuthMethodHandler):
target=METHOD_NAME)
token_id = auth_payload['id']
token_ref = self.token_api.get_token(token_id)
+ if ('OS-TRUST:trust' in token_ref['token_data']['token'] or
+ 'trust' in token_ref['token_data']['token']):
+ raise exception.Forbidden()
+ if 'OS-OAUTH1' in token_ref['token_data']['token']:
+ raise exception.Forbidden()
+
wsgi.validate_token_bind(context, token_ref)
user_context.setdefault(
'user_id', token_ref['token_data']['token']['user']['id'])
@@ -48,9 +54,6 @@ class Token(auth.AuthMethodHandler):
token_ref['token_data']['token']['extras'])
user_context['method_names'].extend(
token_ref['token_data']['token']['methods'])
- if ('OS-TRUST:trust' in token_ref['token_data']['token'] or
- 'trust' in token_ref['token_data']['token']):
- raise exception.Forbidden()
except AssertionError as e:
LOG.error(e)
raise exception.Unauthorized(e)
generated by cgit (git 2.34.1) at 2024-05-07 20:09:49 +0000