diff options
author | asteroide <thomas.duval@orange.com> | 2016-05-23 19:21:32 +0200 |
---|---|---|
committer | asteroide <thomas.duval@orange.com> | 2016-05-23 19:21:32 +0200 |
commit | a144edd93b3a940ad746fd0d8693ba04fdb99474 (patch) | |
tree | 70e46d4126f4fa2d9491e1390691d9aac3f3eada /keystone-moon/keystone | |
parent | fe8cb3471df875e04a9eddf8aa0eb304f676c9ff (diff) |
Modify Auth controls for Moon Auth API in order to allow unscopped tokens.
Change-Id: I8ede560f38682f1d79ad8842ed7c27649f70cd8d
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r-- | keystone-moon/keystone/contrib/moon/controllers.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index b93fc8ae..b4413dbf 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -5,6 +5,7 @@ from keystone.common import controller from keystone import config +from keystone import exception from keystone.models import token_model from keystone.contrib.moon.exception import * from oslo_log import log @@ -128,13 +129,24 @@ class Tenants(controller.V3Controller): self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict) +def callback(self, context, prep_info, *args, **kwargs): + token_ref = "" + if context.get('token_id') is not None: + token_ref = token_model.KeystoneToken( + token_id=context['token_id'], + token_data=self.token_provider_api.validate_token( + context['token_id'])) + if not token_ref: + raise exception.Unauthorized + + @dependency.requires('authz_api') class Authz_v3(controller.V3Controller): def __init__(self): super(Authz_v3, self).__init__() - @controller.protected() + @controller.protected(callback) def get_authz(self, context, tenant_id, subject_k_id, object_name, action_name): try: return self.authz_api.authz(tenant_id, subject_k_id, object_name, action_name) |