aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2016-05-23 19:21:32 +0200
committerasteroide <thomas.duval@orange.com>2016-05-23 19:21:32 +0200
commita144edd93b3a940ad746fd0d8693ba04fdb99474 (patch)
tree70e46d4126f4fa2d9491e1390691d9aac3f3eada /keystone-moon/keystone
parentfe8cb3471df875e04a9eddf8aa0eb304f676c9ff (diff)
Modify Auth controls for Moon Auth API in order to allow unscopped tokens.
Change-Id: I8ede560f38682f1d79ad8842ed7c27649f70cd8d
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py14
1 files changed, 13 insertions, 1 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index b93fc8ae..b4413dbf 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -5,6 +5,7 @@
from keystone.common import controller
from keystone import config
+from keystone import exception
from keystone.models import token_model
from keystone.contrib.moon.exception import *
from oslo_log import log
@@ -128,13 +129,24 @@ class Tenants(controller.V3Controller):
self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict)
+def callback(self, context, prep_info, *args, **kwargs):
+ token_ref = ""
+ if context.get('token_id') is not None:
+ token_ref = token_model.KeystoneToken(
+ token_id=context['token_id'],
+ token_data=self.token_provider_api.validate_token(
+ context['token_id']))
+ if not token_ref:
+ raise exception.Unauthorized
+
+
@dependency.requires('authz_api')
class Authz_v3(controller.V3Controller):
def __init__(self):
super(Authz_v3, self).__init__()
- @controller.protected()
+ @controller.protected(callback)
def get_authz(self, context, tenant_id, subject_k_id, object_name, action_name):
try:
return self.authz_api.authz(tenant_id, subject_k_id, object_name, action_name)