Merge "Check consumer and project id before creating request token"

2015-02-23 16:05:06 +00:00
parent cd32ba0704 ee2f991923
commit 19aedf0472
2 changed files with 24 additions and 1 deletions
--- a/keystone/contrib/oauth1/controllers.py
+++ b/keystone/contrib/oauth1/controllers.py
@@ -204,7 +204,8 @@ class AccessTokenRolesV3(controller.V3Controller):
        return formatted_entity


-@dependency.requires('assignment_api', 'oauth_api', 'token_provider_api')
+@dependency.requires('assignment_api', 'oauth_api',
+                     'resource_api', 'token_provider_api')
 class OAuthControllerV3(controller.V3Controller):
    collection_name = 'not_used'
    member_name = 'not_used'
@@ -214,6 +215,7 @@ class OAuthControllerV3(controller.V3Controller):
        oauth_headers = oauth1.get_oauth_headers(headers)
        consumer_id = oauth_headers.get('oauth_consumer_key')
        requested_project_id = headers.get('Requested-Project-Id')
+
        if not consumer_id:
            raise exception.ValidationError(
                attribute='oauth_consumer_key', target='request')
@@ -221,6 +223,10 @@ class OAuthControllerV3(controller.V3Controller):
            raise exception.ValidationError(
                attribute='requested_project_id', target='request')

+        # NOTE(stevemar): Ensure consumer and requested project exist
+        self.resource_api.get_project(requested_project_id)
+        self.oauth_api.get_consumer(consumer_id)
+
        url = self.base_url(context, context['path'])

        req_headers = {'Requested-Project-Id': requested_project_id}