Browse Source

Merge "Fix token auth error if federated_groups_id is empty list" into stable/train

changes/76/708776/1
Zuul 1 week ago
parent
commit
08f02c1a20
3 changed files with 28 additions and 3 deletions
  1. +21
    -2
      keystone/tests/unit/token/test_fernet_provider.py
  2. +1
    -1
      keystone/token/provider.py
  3. +6
    -0
      releasenotes/notes/bug-1856962-2c87d541da61c727.yaml

+ 21
- 2
keystone/tests/unit/token/test_fernet_provider.py View File

@@ -93,7 +93,7 @@ class TestValidate(unit.TestCase):
user_ref['password_expires_at'], token.user['password_expires_at']
)

def test_validate_v3_token_federated_info(self):
def _test_validate_v3_token_federted_info(self, group_ids):
# Check the user fields in the token result when use validate_v3_token
# when the token has federated info.

@@ -107,7 +107,6 @@ class TestValidate(unit.TestCase):

method_names = ['mapped']

group_ids = [uuid.uuid4().hex, ]
idp_id = uuid.uuid4().hex
idp_ref = {
'id': idp_id,
@@ -137,6 +136,18 @@ class TestValidate(unit.TestCase):
self.assertEqual(idp_id, token.identity_provider_id)
self.assertEqual(protocol, token.protocol_id)

def test_validate_v3_token_federated_info(self):
# Check the user fields in the token result when use validate_v3_token
# when the token has federated info.

group_ids = [uuid.uuid4().hex, ]
self._test_validate_v3_token_federted_info(group_ids)

def test_validate_v3_token_federated_info_empty_group(self):
# check when federated users got empty group ids

self._test_validate_v3_token_federted_info([])

def test_validate_v3_token_trust(self):
# Check the trust fields in the token result when use validate_v3_token
# when the token has trust info.
@@ -201,6 +212,14 @@ class TestValidate(unit.TestCase):
)


class TestValidateWithoutCache(TestValidate):

def config_overrides(self):
super(TestValidateWithoutCache, self).config_overrides()
self.config_fixture.config(group='token', caching=False)
self.config_fixture.config(group='token', cache_on_issue=False)


class TestTokenFormatter(unit.TestCase):
def test_restore_padding(self):
# 'a' will result in '==' padding, 'aa' will result in '=' padding, and

+ 1
- 1
keystone/token/provider.py View File

@@ -172,7 +172,7 @@ class Manager(manager.Manager):
token.access_token_id = access_token_id
token.application_credential_id = app_cred_id
token.expires_at = expires_at
if federated_group_ids:
if federated_group_ids is not None:
token.is_federated = True
token.identity_provider_id = identity_provider_id
token.protocol_id = protocol_id

+ 6
- 0
releasenotes/notes/bug-1856962-2c87d541da61c727.yaml View File

@@ -0,0 +1,6 @@
---
fixes:
- |
[`bug 1856962 <https://bugs.launchpad.net/keystone/+bug/1856962>`_]
Fixes an issue where federated users could not authenticate if their
mapped group membership was empty.

Loading…
Cancel
Save