diff options
author | Zuul <zuul@review.opendev.org> | 2020-02-12 07:49:55 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2020-02-12 07:49:55 +0000 |
commit | 08f02c1a208b0aa872c3b8540d553f1d9780fbfb (patch) | |
tree | b4bed0d450fa8a17a0a17a7d86fe1e65d9263b4b | |
parent | abd5bae62f019fa9cdde538a7638107508ea86ac (diff) | |
parent | c0d5162288f9985f1a15a7c865e0ba688df428ec (diff) | |
download | keystone-08f02c1a208b0aa872c3b8540d553f1d9780fbfb.tar.gz |
Merge "Fix token auth error if federated_groups_id is empty list" into stable/train
-rw-r--r-- | keystone/tests/unit/token/test_fernet_provider.py | 23 | ||||
-rw-r--r-- | keystone/token/provider.py | 2 | ||||
-rw-r--r-- | releasenotes/notes/bug-1856962-2c87d541da61c727.yaml | 6 |
3 files changed, 28 insertions, 3 deletions
diff --git a/keystone/tests/unit/token/test_fernet_provider.py b/keystone/tests/unit/token/test_fernet_provider.py index a3e6d870c..f84fae094 100644 --- a/keystone/tests/unit/token/test_fernet_provider.py +++ b/keystone/tests/unit/token/test_fernet_provider.py @@ -93,7 +93,7 @@ class TestValidate(unit.TestCase): user_ref['password_expires_at'], token.user['password_expires_at'] ) - def test_validate_v3_token_federated_info(self): + def _test_validate_v3_token_federted_info(self, group_ids): # Check the user fields in the token result when use validate_v3_token # when the token has federated info. @@ -107,7 +107,6 @@ class TestValidate(unit.TestCase): method_names = ['mapped'] - group_ids = [uuid.uuid4().hex, ] idp_id = uuid.uuid4().hex idp_ref = { 'id': idp_id, @@ -137,6 +136,18 @@ class TestValidate(unit.TestCase): self.assertEqual(idp_id, token.identity_provider_id) self.assertEqual(protocol, token.protocol_id) + def test_validate_v3_token_federated_info(self): + # Check the user fields in the token result when use validate_v3_token + # when the token has federated info. + + group_ids = [uuid.uuid4().hex, ] + self._test_validate_v3_token_federted_info(group_ids) + + def test_validate_v3_token_federated_info_empty_group(self): + # check when federated users got empty group ids + + self._test_validate_v3_token_federted_info([]) + def test_validate_v3_token_trust(self): # Check the trust fields in the token result when use validate_v3_token # when the token has trust info. @@ -201,6 +212,14 @@ class TestValidate(unit.TestCase): ) +class TestValidateWithoutCache(TestValidate): + + def config_overrides(self): + super(TestValidateWithoutCache, self).config_overrides() + self.config_fixture.config(group='token', caching=False) + self.config_fixture.config(group='token', cache_on_issue=False) + + class TestTokenFormatter(unit.TestCase): def test_restore_padding(self): # 'a' will result in '==' padding, 'aa' will result in '=' padding, and diff --git a/keystone/token/provider.py b/keystone/token/provider.py index e3c45a303..c537d1ba8 100644 --- a/keystone/token/provider.py +++ b/keystone/token/provider.py @@ -172,7 +172,7 @@ class Manager(manager.Manager): token.access_token_id = access_token_id token.application_credential_id = app_cred_id token.expires_at = expires_at - if federated_group_ids: + if federated_group_ids is not None: token.is_federated = True token.identity_provider_id = identity_provider_id token.protocol_id = protocol_id diff --git a/releasenotes/notes/bug-1856962-2c87d541da61c727.yaml b/releasenotes/notes/bug-1856962-2c87d541da61c727.yaml new file mode 100644 index 000000000..e66a910e5 --- /dev/null +++ b/releasenotes/notes/bug-1856962-2c87d541da61c727.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + [`bug 1856962 <https://bugs.launchpad.net/keystone/+bug/1856962>`_] + Fixes an issue where federated users could not authenticate if their + mapped group membership was empty. |