Mapped Groups don't exist breaks WebSSO
The issue occurs if a user has a group that
does not map to a project in OpenStack. At
which point an exception is raised and the
websso login blows up with a 500 message.
This is because of the exception being raised
when the group name not matches thus replacing
that with a log.
Change-Id: Ia7321705db118af28f3dc6e01d5b18e8650aa633
Closes-Bug: #1789450
(cherry picked from commit ee46f73535
)
This commit is contained in:
parent
c5930abc5a
commit
6bc81fec24
|
@ -412,8 +412,8 @@ def transform_to_group_ids(group_names, mapping_id,
|
||||||
group['name'], resolve_domain(group['domain']))
|
group['name'], resolve_domain(group['domain']))
|
||||||
yield group_dict['id']
|
yield group_dict['id']
|
||||||
except exception.GroupNotFound:
|
except exception.GroupNotFound:
|
||||||
raise exception.MappedGroupNotFound(group_id=group['name'],
|
LOG.debug('Group %s has no entry in the backend',
|
||||||
mapping_id=mapping_id)
|
group['name'])
|
||||||
|
|
||||||
|
|
||||||
def get_assertion_params_from_env(request):
|
def get_assertion_params_from_env(request):
|
||||||
|
|
|
@ -1948,9 +1948,8 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):
|
||||||
self.assertEqual(ref_groups, token_groups)
|
self.assertEqual(ref_groups, token_groups)
|
||||||
|
|
||||||
def test_issue_unscoped_tokens_nonexisting_group(self):
|
def test_issue_unscoped_tokens_nonexisting_group(self):
|
||||||
self.assertRaises(exception.MappedGroupNotFound,
|
r = self._issue_unscoped_token(assertion='ANOTHER_TESTER_ASSERTION')
|
||||||
self._issue_unscoped_token,
|
self.assertIsNotNone(r.headers.get('X-Subject-Token'))
|
||||||
assertion='ANOTHER_TESTER_ASSERTION')
|
|
||||||
|
|
||||||
def test_issue_unscoped_token_with_remote_no_attribute(self):
|
def test_issue_unscoped_token_with_remote_no_attribute(self):
|
||||||
r = self._issue_unscoped_token(idp=self.IDP_WITH_REMOTE,
|
r = self._issue_unscoped_token(idp=self.IDP_WITH_REMOTE,
|
||||||
|
@ -2498,6 +2497,10 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
PROVIDERS.federation_api.update_mapping(self.mapping['id'], rules)
|
PROVIDERS.federation_api.update_mapping(self.mapping['id'], rules)
|
||||||
|
r = self._issue_unscoped_token(assertion='UNMATCHED_GROUP_ASSERTION')
|
||||||
|
assigned_group_ids = r.json['token']['user']['OS-FEDERATION']['groups']
|
||||||
|
self.assertEqual(1, len(assigned_group_ids))
|
||||||
|
self.assertEqual(group['id'], assigned_group_ids[0]['id'])
|
||||||
|
|
||||||
def test_empty_blacklist_passess_all_values(self):
|
def test_empty_blacklist_passess_all_values(self):
|
||||||
"""Test a mapping with empty blacklist specified.
|
"""Test a mapping with empty blacklist specified.
|
||||||
|
|
Loading…
Reference in New Issue