Attempt to scope only to enabled projects
Filter out the disabled projects from the list of projects that authentication backend will attempt to scope to. Tests has been updated, the backend will no longer attempts to scope to disabled projects. Change-Id: I0fcdcd2ce72cd6580a2985d637c4bbabc60e4377 Closes-Bug: #1223079
This commit is contained in:
parent
b1538c90fa
commit
7f062dbf43
@ -135,6 +135,9 @@ class KeystoneBackend(object):
|
||||
msg = _('Unable to retrieve authorized projects.')
|
||||
raise exceptions.KeystoneAuthException(msg)
|
||||
|
||||
# Attempt to scope only to enabled projects
|
||||
projects = [project for project in projects if project.enabled]
|
||||
|
||||
# Abort if there are no projects for this user
|
||||
if not projects:
|
||||
msg = _('You are not authorized for any projects.')
|
||||
|
@ -148,17 +148,16 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
def test_login(self):
|
||||
self._login()
|
||||
|
||||
def test_login_with_disabled_tenants(self):
|
||||
# Test to validate that authentication will try to get
|
||||
# scoped token if the first project is disabled.
|
||||
tenants = [self.data.tenant_one, self.data.tenant_two]
|
||||
def test_login_with_disabled_tenant(self):
|
||||
# Test to validate that authentication will not try to get
|
||||
# scoped token for disabled project.
|
||||
tenants = [self.data.tenant_two, self.data.tenant_one]
|
||||
user = self.data.user
|
||||
unscoped = self.data.unscoped_access_info
|
||||
|
||||
form_data = self.get_form_data(user)
|
||||
self._mock_unscoped_client_list_tenants(user, tenants)
|
||||
self._mock_client_token_auth_failure(unscoped, self.data.tenant_one.id)
|
||||
self._mock_scoped_client_for_tenant(unscoped, self.data.tenant_two.id)
|
||||
self._mock_scoped_client_for_tenant(unscoped, self.data.tenant_one.id)
|
||||
self.mox.ReplayAll()
|
||||
|
||||
url = reverse('login')
|
||||
@ -180,14 +179,11 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
self.client.session['services_region'])
|
||||
|
||||
def test_no_enabled_tenants(self):
|
||||
tenants = [self.data.tenant_one, self.data.tenant_two]
|
||||
tenants = [self.data.tenant_two]
|
||||
user = self.data.user
|
||||
unscoped = self.data.unscoped_access_info
|
||||
|
||||
form_data = self.get_form_data(user)
|
||||
self._mock_unscoped_client_list_tenants(user, tenants)
|
||||
self._mock_client_token_auth_failure(unscoped, self.data.tenant_one.id)
|
||||
self._mock_client_token_auth_failure(unscoped, self.data.tenant_two.id)
|
||||
self.mox.ReplayAll()
|
||||
|
||||
url = reverse('login')
|
||||
@ -200,8 +196,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
response = self.client.post(url, form_data)
|
||||
self.assertTemplateUsed(response, 'auth/login.html')
|
||||
self.assertContains(response,
|
||||
'Unable to authenticate to any available'
|
||||
' projects.')
|
||||
'You are not authorized for any projects.')
|
||||
|
||||
def test_no_tenants(self):
|
||||
user = self.data.user
|
||||
@ -523,16 +518,16 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
response = self.client.post(url, form_data)
|
||||
self.assertRedirects(response, settings.LOGIN_REDIRECT_URL)
|
||||
|
||||
def test_login_with_disabled_projects(self):
|
||||
projects = [self.data.project_one, self.data.project_two]
|
||||
def test_login_with_disabled_project(self):
|
||||
# Test to validate that authentication will not try to get
|
||||
# scoped token for disabled project.
|
||||
projects = [self.data.project_two, self.data.project_one]
|
||||
user = self.data.user
|
||||
unscoped = self.data.unscoped_access_info
|
||||
|
||||
form_data = self.get_form_data(user)
|
||||
self._mock_unscoped_client_list_projects(user, projects)
|
||||
self._mock_client_token_auth_failure(unscoped,
|
||||
self.data.project_one.id)
|
||||
self._mock_scoped_client_for_tenant(unscoped, self.data.project_two.id)
|
||||
self._mock_scoped_client_for_tenant(unscoped, self.data.project_one.id)
|
||||
self.mox.ReplayAll()
|
||||
|
||||
url = reverse('login')
|
||||
@ -546,17 +541,12 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
self.assertRedirects(response, settings.LOGIN_REDIRECT_URL)
|
||||
|
||||
def test_no_enabled_projects(self):
|
||||
projects = [self.data.project_one, self.data.project_two]
|
||||
projects = [self.data.project_two]
|
||||
user = self.data.user
|
||||
unscoped = self.data.unscoped_access_info
|
||||
|
||||
form_data = self.get_form_data(user)
|
||||
|
||||
self._mock_unscoped_client_list_projects(user, projects)
|
||||
self._mock_client_token_auth_failure(unscoped,
|
||||
self.data.project_one.id)
|
||||
self._mock_client_token_auth_failure(unscoped,
|
||||
self.data.project_two.id)
|
||||
self.mox.ReplayAll()
|
||||
|
||||
url = reverse('login')
|
||||
@ -569,8 +559,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
response = self.client.post(url, form_data)
|
||||
self.assertTemplateUsed(response, 'auth/login.html')
|
||||
self.assertContains(response,
|
||||
'Unable to authenticate to any available'
|
||||
' projects.')
|
||||
'You are not authorized for any projects.')
|
||||
|
||||
def test_no_projects(self):
|
||||
user = self.data.user
|
||||
|
Loading…
Reference in New Issue
Block a user