Use unscoped token for scoping to project

When authenticating a user in v3, always request
for an unscoped token. Otherwise it would automatically
default to the default project.

Change-Id: I9e1d9129e2fb35933c803096fca9f1236affc27f
Closes-Bug: #1474893
This commit is contained in:
lin-hua-cheng 2015-07-15 11:13:38 -07:00
parent ff51ae3a5e
commit e4062e3706
3 changed files with 7 additions and 7 deletions

View File

@ -144,11 +144,9 @@ class KeystoneBackend(object):
request = kwargs.get('request')
if request:
# Check if token is automatically scoped to default_project
# grab the project from this token, to use as a default
# if no recent_project is found in the cookie
recent_project = request.COOKIES.get('recent_project',
unscoped_auth_ref.project_id)
# Grab recent_project found in the cookie, try to scope
# to the last project used.
recent_project = request.COOKIES.get('recent_project')
# if a most recent project was found, try using it first
if recent_project:

View File

@ -42,7 +42,8 @@ class PasswordPlugin(base.BasePlugin):
return v3_auth.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_name=user_domain_name)
user_domain_name=user_domain_name,
unscoped=True)
else:
return v2_auth.Password(auth_url=auth_url,

View File

@ -496,7 +496,8 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
return auth_v3.Password(auth_url=url,
password=password,
username=username,
user_domain_name=DEFAULT_DOMAIN)
user_domain_name=DEFAULT_DOMAIN,
unscoped=True)
def _create_token_auth(self, project_id, token=None, url=None):
if not token: