From a144edd93b3a940ad746fd0d8693ba04fdb99474 Mon Sep 17 00:00:00 2001 From: asteroide Date: Mon, 23 May 2016 19:21:32 +0200 Subject: Modify Auth controls for Moon Auth API in order to allow unscopped tokens. Change-Id: I8ede560f38682f1d79ad8842ed7c27649f70cd8d --- keystone-moon/keystone/contrib/moon/controllers.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'keystone-moon') diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index b93fc8ae..b4413dbf 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -5,6 +5,7 @@ from keystone.common import controller from keystone import config +from keystone import exception from keystone.models import token_model from keystone.contrib.moon.exception import * from oslo_log import log @@ -128,13 +129,24 @@ class Tenants(controller.V3Controller): self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict) +def callback(self, context, prep_info, *args, **kwargs): + token_ref = "" + if context.get('token_id') is not None: + token_ref = token_model.KeystoneToken( + token_id=context['token_id'], + token_data=self.token_provider_api.validate_token( + context['token_id'])) + if not token_ref: + raise exception.Unauthorized + + @dependency.requires('authz_api') class Authz_v3(controller.V3Controller): def __init__(self): super(Authz_v3, self).__init__() - @controller.protected() + @controller.protected(callback) def get_authz(self, context, tenant_id, subject_k_id, object_name, action_name): try: return self.authz_api.authz(tenant_id, subject_k_id, object_name, action_name) -- cgit 1.2.3-korg