4 files changed, 35 insertions, 2 deletions

diff --git a/openstack_auth/plugin/base.py b/openstack_auth/plugin/base.py
index a2fc755..e3bd802 100644
--- a/openstack_auth/plugin/base.py
+++ b/openstack_auth/plugin/base.py
@@ -12,6 +12,7 @@
 
 import abc
 
+from django.utils.translation import ugettext_lazy as _
 from keystoneclient import exceptions as keystone_exceptions
 from keystoneclient.v2_0 import client as v2_client
 from keystoneclient.v3 import client as v3_client
diff --git a/openstack_auth/tests/tests.py b/openstack_auth/tests/tests.py
index 29bfa3d..09bdc76 100644
--- a/openstack_auth/tests/tests.py
+++ b/openstack_auth/tests/tests.py
@@ -474,6 +474,15 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
         client.projects = self.mox.CreateMockAnything()
         client.projects.list(user=user.id).AndReturn(projects)
 
+    def _mock_unscoped_client_list_projects_fail(self, user):
+        client = self._mock_unscoped_client(user)
+        self._mock_unscoped_list_projects_fail(client, user)
+
+    def _mock_unscoped_list_projects_fail(self, client, user):
+        client.projects = self.mox.CreateMockAnything()
+        client.projects.list(user=user.id).AndRaise(
+            keystone_exceptions.AuthorizationFailure)
+
     def _create_password_auth(self, username=None, password=None, url=None):
         if not username:
             username = self.data.user.name
@@ -607,6 +616,25 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
         self.assertContains(response,
                             'You are not authorized for any projects.')
 
+    def test_fail_projects(self):
+        user = self.data.user
+
+        form_data = self.get_form_data(user)
+        self._mock_unscoped_client_list_projects_fail(user)
+        self.mox.ReplayAll()
+
+        url = reverse('login')
+
+        # GET the page to set the test cookie.
+        response = self.client.get(url, form_data)
+        self.assertEqual(response.status_code, 200)
+
+        # POST to the page to log in.
+        response = self.client.post(url, form_data)
+        self.assertTemplateUsed(response, 'auth/login.html')
+        self.assertContains(response,
+                            'Unable to retrieve authorized projects.')
+
     def test_invalid_credentials(self):
         user = self.data.user
 
diff --git a/openstack_auth/user.py b/openstack_auth/user.py
index 811fe84..132e37b 100644
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@@ -55,8 +55,9 @@ def create_user_from_token(request, token, endpoint, services_region=None):
                 roles=token.roles,
                 endpoint=endpoint,
                 services_region=svc_region,
-                is_federated=token.is_federated,
-                unscoped_token=token.unscoped_token)
+                is_federated=getattr(token, 'is_federated', False),
+                unscoped_token=getattr(token, 'unscoped_token',
+                                       request.session.get('unscoped_token')))
 
 
 class Token(object):
diff --git a/requirements.txt b/requirements.txt
index 8116201..02c1e7f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,5 +4,8 @@
 pbr>=0.6,!=0.7,<1.0
 Django>=1.4.2,<1.8
 oslo.config>=1.9.3,<1.10.0  # Apache-2.0
+oslo.i18n>=1.5.0,<1.6.0  # Apache-2.0
+oslo.serialization>=1.4.0,<1.5.0               # Apache-2.0
+oslo.utils>=1.4.0,<1.5.0                       # Apache-2.0
 python-keystoneclient>=1.1.0
 six>=1.9.0