Merge "make roles case-insensitive"
This commit is contained in:
commit
9a1a2a32a0
@ -100,7 +100,7 @@ class ContextMiddleware(wsgi.Middleware):
|
||||
#NOTE(bcwaldon): X-Roles is a csv string, but we need to parse
|
||||
# it into a list to be useful
|
||||
roles_header = req.headers.get('X-Roles', '')
|
||||
roles = [r.strip() for r in roles_header.split(',')]
|
||||
roles = [r.strip().lower() for r in roles_header.split(',')]
|
||||
|
||||
#NOTE(bcwaldon): This header is deprecated in favor of X-Auth-Token
|
||||
deprecated_token = req.headers.get('X-Storage-Token')
|
||||
@ -109,7 +109,7 @@ class ContextMiddleware(wsgi.Middleware):
|
||||
'user': req.headers.get('X-User-Id'),
|
||||
'tenant': req.headers.get('X-Tenant-Id'),
|
||||
'roles': roles,
|
||||
'is_admin': CONF.admin_role in roles,
|
||||
'is_admin': CONF.admin_role.strip().lower() in roles,
|
||||
'auth_tok': req.headers.get('X-Auth-Token', deprecated_token),
|
||||
'owner_is_tenant': CONF.owner_is_tenant,
|
||||
}
|
||||
|
@ -34,7 +34,7 @@ class TestContextMiddleware(base.IsolatedUnitTest):
|
||||
self._build_middleware().process_request(req)
|
||||
self.assertTrue(req.context.is_admin)
|
||||
|
||||
# without the 'admin' role, is_admin shoud be False
|
||||
# without the 'admin' role, is_admin should be False
|
||||
req = self._build_request()
|
||||
self._build_middleware().process_request(req)
|
||||
self.assertFalse(req.context.is_admin)
|
||||
@ -45,6 +45,31 @@ class TestContextMiddleware(base.IsolatedUnitTest):
|
||||
self._build_middleware().process_request(req)
|
||||
self.assertTrue(req.context.is_admin)
|
||||
|
||||
def test_roles_case_insensitive(self):
|
||||
# accept role from request
|
||||
req = self._build_request(roles=['Admin', 'role2'])
|
||||
self._build_middleware().process_request(req)
|
||||
self.assertTrue(req.context.is_admin)
|
||||
|
||||
# accept role from config
|
||||
req = self._build_request(roles=['role1'])
|
||||
self.config(admin_role='rOLe1')
|
||||
self._build_middleware().process_request(req)
|
||||
self.assertTrue(req.context.is_admin)
|
||||
|
||||
def test_roles_stripping(self):
|
||||
# stripping extra spaces in request
|
||||
req = self._build_request(roles=['\trole1'])
|
||||
self.config(admin_role='role1')
|
||||
self._build_middleware().process_request(req)
|
||||
self.assertTrue(req.context.is_admin)
|
||||
|
||||
# stripping extra spaces in config
|
||||
req = self._build_request(roles=['\trole1\n'])
|
||||
self.config(admin_role=' role1\t')
|
||||
self._build_middleware().process_request(req)
|
||||
self.assertTrue(req.context.is_admin)
|
||||
|
||||
def test_anonymous_access_enabled(self):
|
||||
req = self._build_request(identity_status='Nope')
|
||||
self.config(allow_anonymous_access=True)
|
||||
|
Loading…
Reference in New Issue
Block a user