diff options
Diffstat (limited to 'keystone/common/controller.py')
-rw-r--r-- | keystone/common/controller.py | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/keystone/common/controller.py b/keystone/common/controller.py index 3ca1bf8b..affc34de 100644 --- a/keystone/common/controller.py +++ b/keystone/common/controller.py @@ -25,8 +25,12 @@ def _build_policy_check_credentials(self, action, context, kwargs): LOG.warning(_('RBAC: Invalid token')) raise exception.Unauthorized() + # NOTE(jamielennox): whilst this maybe shouldn't be within this function + # it would otherwise need to reload the token_ref from backing store. + wsgi.validate_token_bind(context, token_ref) + creds = {} - if 'token_data' in token_ref: + if 'token_data' in token_ref and 'token' in token_ref['token_data']: #V3 Tokens token_data = token_ref['token_data']['token'] try: @@ -146,7 +150,8 @@ def filterprotected(*filters): @dependency.requires('identity_api', 'policy_api', 'token_api', - 'trust_api', 'catalog_api', 'credential_api') + 'trust_api', 'catalog_api', 'credential_api', + 'assignment_api') class V2Controller(wsgi.Application): """Base controller class for Identity API v2.""" @@ -312,7 +317,7 @@ class V3Controller(V2Controller): # worth the duplication of state try: token_ref = self.token_api.get_token( - context=context, token_id=context['token_id']) + token_id=context['token_id']) except exception.TokenNotFound: LOG.warning(_('Invalid token in normalize_domain_id')) raise exception.Unauthorized() |