Merge "Reject user creation using admin token without domain"
This commit is contained in:
commit
81cfed9d1c
|
@ -745,7 +745,16 @@ class V3Controller(wsgi.Application):
|
|||
being used.
|
||||
|
||||
"""
|
||||
token_ref = utils.get_token_ref(context)
|
||||
try:
|
||||
token_ref = utils.get_token_ref(context)
|
||||
except exception.Unauthorized:
|
||||
if context.get('is_admin'):
|
||||
raise exception.ValidationError(
|
||||
_('You have tried to create a resource using the admin '
|
||||
'token. As this token is not within a domain you must '
|
||||
'explicitly include a domain for this resource to '
|
||||
'belong to.'))
|
||||
raise
|
||||
|
||||
if token_ref.domain_scoped:
|
||||
return token_ref.domain_id
|
||||
|
|
|
@ -106,6 +106,27 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||
ref['domain_id'] = CONF.identity.default_domain_id
|
||||
return self.assertValidUserResponse(r, ref)
|
||||
|
||||
def test_create_user_with_admin_token_and_domain(self):
|
||||
"""Call ``POST /users`` with admin token and domain id."""
|
||||
ref = unit.new_user_ref(domain_id=self.domain_id)
|
||||
self.post('/users', body={'user': ref}, token=CONF.admin_token,
|
||||
expected_status=http_client.CREATED)
|
||||
|
||||
def test_create_user_with_admin_token_and_no_domain(self):
|
||||
"""Call ``POST /users`` with admin token but no domain id.
|
||||
|
||||
It should not be possible to use the admin token to create a user
|
||||
while not explicitly passing the domain in the request body.
|
||||
|
||||
"""
|
||||
# Passing a valid domain id to new_user_ref() since domain_id is
|
||||
# not an optional parameter.
|
||||
ref = unit.new_user_ref(domain_id=self.domain_id)
|
||||
# Delete the domain id before sending the request.
|
||||
del ref['domain_id']
|
||||
self.post('/users', body={'user': ref}, token=CONF.admin_token,
|
||||
expected_status=http_client.BAD_REQUEST)
|
||||
|
||||
def test_create_user_bad_request(self):
|
||||
"""Call ``POST /users``."""
|
||||
self.post('/users', body={'user': {}},
|
||||
|
|
Loading…
Reference in New Issue