Browse Source

Merge "Remove the redundant verification in OAuth1 authorization"

changes/61/353761/7
Jenkins 6 years ago committed by Gerrit Code Review
parent
commit
1d34614121
  1. 10
      keystone/oauth1/controllers.py

10
keystone/oauth1/controllers.py

@ -394,16 +394,6 @@ class OAuthControllerV3(controller.V3Controller):
# create list of just the id's for the backend
role_ids = list(authed_roles)
# verify the user has the project too
req_project_id = req_token['requested_project_id']
user_projects = self.assignment_api.list_projects_for_user(user_id)
for user_project in user_projects:
if user_project['id'] == req_project_id:
break
else:
msg = _("User is not a member of the requested project")
raise exception.Unauthorized(message=msg)
# finally authorize the token
authed_token = self.oauth_api.authorize_request_token(
request_token_id, user_id, role_ids)

Loading…
Cancel
Save