Use the tenant name for X_TENANT
Fixes bug 870351 Change-Id: I2cf12a28c6dc29595ef490acdb511f604d86d3ee
This commit is contained in:
Kevin L. Mitchell
parent
5fa576a1b7
commit
625fcebc0c
|
|
@ -510,7 +510,7 @@ class IdentityService(object):
|
|||
ts.append(UserRole(drole_ref.role_id, drole.name,
|
||||
drole_ref.tenant_id))
|
||||
|
||||
user = auth.User(duser.id, duser.name, None, UserRoles(ts, []))
|
||||
user = auth.User(duser.id, duser.name, None, None, UserRoles(ts, []))
|
||||
|
||||
return auth.AuthData(token, user, endpoints)
|
||||
|
||||
|
|
@ -537,8 +537,14 @@ class IdentityService(object):
|
|||
ts.append(UserRole(drole_ref.role_id, drole.name,
|
||||
drole_ref.tenant_id))
|
||||
|
||||
# Also get the user's tenant's name
|
||||
tenant_name = None
|
||||
if duser.tenant_id:
|
||||
utenant = api.TENANT.get(duser.tenant_id)
|
||||
tenant_name = utenant.name
|
||||
|
||||
user = auth.User(duser.id, duser.name, duser.tenant_id,
|
||||
UserRoles(ts, []))
|
||||
tenant_name, UserRoles(ts, []))
|
||||
|
||||
return auth.ValidateData(token, user)
|
||||
|
||||
|
|
|
|||
|
|
@ -293,12 +293,14 @@ class User(object):
|
|||
id = None
|
||||
username = None
|
||||
tenant_id = None
|
||||
tenant_name = None
|
||||
role_refs = None
|
||||
|
||||
def __init__(self, id, username, tenant_id, role_refs=None):
|
||||
def __init__(self, id, username, tenant_id, tenant_name, role_refs=None):
|
||||
self.id = id
|
||||
self.username = username
|
||||
self.tenant_id = tenant_id
|
||||
self.tenant_name = tenant_name
|
||||
self.role_refs = role_refs
|
||||
|
||||
|
||||
|
|
@ -444,6 +446,8 @@ class ValidateData(object):
|
|||
|
||||
if self.user.tenant_id is not None:
|
||||
user.set('tenantId', unicode(self.user.tenant_id))
|
||||
if self.user.tenant_name is not None:
|
||||
user.set('tenantName', unicode(self.user.tenant_name))
|
||||
|
||||
if self.user.role_refs is not None:
|
||||
user.append(self.user.role_refs.to_dom())
|
||||
|
|
@ -468,6 +472,8 @@ class ValidateData(object):
|
|||
|
||||
if self.user.tenant_id is not None:
|
||||
user['tenantId'] = unicode(self.user.tenant_id)
|
||||
if self.user.tenant_name is not None:
|
||||
user['tenantName'] = unicode(self.user.tenant_name)
|
||||
|
||||
if self.user.role_refs is not None:
|
||||
user["roles"] = self.user.role_refs.to_json_values()
|
||||
|
|
|
|||
|
|
@ -166,6 +166,9 @@ class AuthProtocol(object):
|
|||
self._decorate_request('X_AUTHORIZATION', "Proxy %s" %
|
||||
claims['user'], env, proxy_headers)
|
||||
self._decorate_request('X_TENANT',
|
||||
claims.get('tenant_name', claims['tenant']),
|
||||
env, proxy_headers)
|
||||
self._decorate_request('X_TENANT_ID',
|
||||
claims['tenant'], env, proxy_headers)
|
||||
self._decorate_request('X_USER',
|
||||
claims['user'], env, proxy_headers)
|
||||
|
|
@ -288,13 +291,18 @@ class AuthProtocol(object):
|
|||
|
||||
try:
|
||||
tenant = token_info['access']['token']['tenant']['id']
|
||||
tenant_name = token_info['access']['token']['tenant']['name']
|
||||
except:
|
||||
tenant = None
|
||||
tenant_name = None
|
||||
if not tenant:
|
||||
tenant = token_info['access']['user'].get('tenantId')
|
||||
tenant_name = token_info['access']['user'].get('tenantName')
|
||||
verified_claims = {'user': token_info['access']['user']['username'],
|
||||
'tenant': tenant,
|
||||
'roles': roles}
|
||||
if tenant_name:
|
||||
verified_claims['tenantName'] = tenant_name
|
||||
return verified_claims
|
||||
|
||||
def _decorate_request(self, index, value, env, proxy_headers):
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class TestServer(unittest.TestCase):
|
|||
environ = {'wsgi.url_scheme': 'http'}
|
||||
self.request = webob.Request(environ)
|
||||
self.auth_data = auth.ValidateData(auth.Token(datetime.date.today(),
|
||||
"2231312"), auth.User("id", "username", "12345"))
|
||||
"2231312"), auth.User("id", "username", "12345", "aTenant"))
|
||||
|
||||
#def tearDown(self):
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue