Merge "Fix token auth error if federated_groups_id is empty list" into stable/train
This commit is contained in:
Zuul
Gerrit Code Review
commit
08f02c1a20
|
|
@ -93,7 +93,7 @@ class TestValidate(unit.TestCase):
|
||||||
user_ref['password_expires_at'], token.user['password_expires_at']
|
user_ref['password_expires_at'], token.user['password_expires_at']
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_validate_v3_token_federated_info(self):
|
def _test_validate_v3_token_federted_info(self, group_ids):
|
||||||
# Check the user fields in the token result when use validate_v3_token
|
# Check the user fields in the token result when use validate_v3_token
|
||||||
# when the token has federated info.
|
# when the token has federated info.
|
||||||
|
|
||||||
|
|
@ -107,7 +107,6 @@ class TestValidate(unit.TestCase):
|
||||||
|
|
||||||
method_names = ['mapped']
|
method_names = ['mapped']
|
||||||
|
|
||||||
group_ids = [uuid.uuid4().hex, ]
|
|
||||||
idp_id = uuid.uuid4().hex
|
idp_id = uuid.uuid4().hex
|
||||||
idp_ref = {
|
idp_ref = {
|
||||||
'id': idp_id,
|
'id': idp_id,
|
||||||
|
|
@ -137,6 +136,18 @@ class TestValidate(unit.TestCase):
|
||||||
self.assertEqual(idp_id, token.identity_provider_id)
|
self.assertEqual(idp_id, token.identity_provider_id)
|
||||||
self.assertEqual(protocol, token.protocol_id)
|
self.assertEqual(protocol, token.protocol_id)
|
||||||
|
|
||||||
|
def test_validate_v3_token_federated_info(self):
|
||||||
|
# Check the user fields in the token result when use validate_v3_token
|
||||||
|
# when the token has federated info.
|
||||||
|
|
||||||
|
group_ids = [uuid.uuid4().hex, ]
|
||||||
|
self._test_validate_v3_token_federted_info(group_ids)
|
||||||
|
|
||||||
|
def test_validate_v3_token_federated_info_empty_group(self):
|
||||||
|
# check when federated users got empty group ids
|
||||||
|
|
||||||
|
self._test_validate_v3_token_federted_info([])
|
||||||
|
|
||||||
def test_validate_v3_token_trust(self):
|
def test_validate_v3_token_trust(self):
|
||||||
# Check the trust fields in the token result when use validate_v3_token
|
# Check the trust fields in the token result when use validate_v3_token
|
||||||
# when the token has trust info.
|
# when the token has trust info.
|
||||||
|
|
@ -201,6 +212,14 @@ class TestValidate(unit.TestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class TestValidateWithoutCache(TestValidate):
|
||||||
|
|
||||||
|
def config_overrides(self):
|
||||||
|
super(TestValidateWithoutCache, self).config_overrides()
|
||||||
|
self.config_fixture.config(group='token', caching=False)
|
||||||
|
self.config_fixture.config(group='token', cache_on_issue=False)
|
||||||
|
|
||||||
|
|
||||||
class TestTokenFormatter(unit.TestCase):
|
class TestTokenFormatter(unit.TestCase):
|
||||||
def test_restore_padding(self):
|
def test_restore_padding(self):
|
||||||
# 'a' will result in '==' padding, 'aa' will result in '=' padding, and
|
# 'a' will result in '==' padding, 'aa' will result in '=' padding, and
|
||||||
|
|
|
||||||
|
|
@ -172,7 +172,7 @@ class Manager(manager.Manager):
|
||||||
token.access_token_id = access_token_id
|
token.access_token_id = access_token_id
|
||||||
token.application_credential_id = app_cred_id
|
token.application_credential_id = app_cred_id
|
||||||
token.expires_at = expires_at
|
token.expires_at = expires_at
|
||||||
if federated_group_ids:
|
if federated_group_ids is not None:
|
||||||
token.is_federated = True
|
token.is_federated = True
|
||||||
token.identity_provider_id = identity_provider_id
|
token.identity_provider_id = identity_provider_id
|
||||||
token.protocol_id = protocol_id
|
token.protocol_id = protocol_id
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
[`bug 1856962 <https://bugs.launchpad.net/keystone/+bug/1856962>`_]
|
||||||
|
Fixes an issue where federated users could not authenticate if their
|
||||||
|
mapped group membership was empty.
|
||||||
Loading…
Reference in New Issue