diff options
Diffstat (limited to 'keystone/common/controller.py')
| -rw-r--r-- | keystone/common/controller.py | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/keystone/common/controller.py b/keystone/common/controller.py index 13aeee57..affc34de 100644 --- a/keystone/common/controller.py +++ b/keystone/common/controller.py @@ -25,8 +25,12 @@ def _build_policy_check_credentials(self, action, context, kwargs): LOG.warning(_('RBAC: Invalid token')) raise exception.Unauthorized() + # NOTE(jamielennox): whilst this maybe shouldn't be within this function + # it would otherwise need to reload the token_ref from backing store. + wsgi.validate_token_bind(context, token_ref) + creds = {} - if 'token_data' in token_ref: + if 'token_data' in token_ref and 'token' in token_ref['token_data']: #V3 Tokens token_data = token_ref['token_data']['token'] try: @@ -146,7 +150,8 @@ def filterprotected(*filters): @dependency.requires('identity_api', 'policy_api', 'token_api', - 'trust_api', 'catalog_api', 'credential_api') + 'trust_api', 'catalog_api', 'credential_api', + 'assignment_api') class V2Controller(wsgi.Application): """Base controller class for Identity API v2.""" @@ -280,7 +285,8 @@ class V3Controller(V2Controller): if attr in context['query_string']: value = context['query_string'][attr] - return [r for r in refs if _attr_match(r[attr], value)] + return [r for r in refs if _attr_match( + flatten(r).get(attr), value)] return refs def _require_matching_id(self, value, ref): @@ -311,7 +317,7 @@ class V3Controller(V2Controller): # worth the duplication of state try: token_ref = self.token_api.get_token( - context=context, token_id=context['token_id']) + token_id=context['token_id']) except exception.TokenNotFound: LOG.warning(_('Invalid token in normalize_domain_id')) raise exception.Unauthorized() |