diff options
Diffstat (limited to 'keystone-moon/keystone/token/controllers.py')
-rw-r--r-- | keystone-moon/keystone/token/controllers.py | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/keystone-moon/keystone/token/controllers.py b/keystone-moon/keystone/token/controllers.py index ff65e733..6eeb23ec 100644 --- a/keystone-moon/keystone/token/controllers.py +++ b/keystone-moon/keystone/token/controllers.py @@ -38,6 +38,7 @@ LOG = log.getLogger(__name__) class ExternalAuthNotApplicable(Exception): """External authentication is not applicable.""" + pass @@ -48,19 +49,17 @@ class Auth(controller.V2Controller): @controller.v2_deprecated def ca_cert(self, context, auth=None): - ca_file = open(CONF.signing.ca_certs, 'r') - data = ca_file.read() - ca_file.close() + with open(CONF.signing.ca_certs, 'r') as ca_file: + data = ca_file.read() return data @controller.v2_deprecated def signing_cert(self, context, auth=None): - cert_file = open(CONF.signing.certfile, 'r') - data = cert_file.read() - cert_file.close() + with open(CONF.signing.certfile, 'r') as cert_file: + data = cert_file.read() return data - @controller.v2_deprecated + @controller.v2_auth_deprecated def authenticate(self, context, auth=None): """Authenticate credentials and return a token. @@ -82,7 +81,6 @@ class Auth(controller.V2Controller): Alternatively, this call accepts auth with only a token and tenant that will return a token that is scoped to that tenant. """ - if auth is None: raise exception.ValidationError(attribute='auth', target='request body') @@ -182,7 +180,8 @@ class Auth(controller.V2Controller): try: token_model_ref = token_model.KeystoneToken( token_id=old_token, - token_data=self.token_provider_api.validate_token(old_token)) + token_data=self.token_provider_api.validate_v2_token(old_token) + ) except exception.NotFound as e: raise exception.Unauthorized(e) @@ -369,6 +368,10 @@ class Auth(controller.V2Controller): size=CONF.max_param_size) if tenant_name: + if (CONF.resource.project_name_url_safe == 'strict' and + utils.is_not_url_safe(tenant_name)): + msg = _('Tenant name cannot contain reserved characters.') + raise exception.Unauthorized(message=msg) try: tenant_ref = self.resource_api.get_project_by_name( tenant_name, CONF.identity.default_domain_id) @@ -379,7 +382,6 @@ class Auth(controller.V2Controller): def _get_project_roles_and_ref(self, user_id, tenant_id): """Returns the project roles for this user, and the project ref.""" - tenant_ref = None role_list = [] if tenant_id: |