Remove the redundant verification in OAuth1 authorization
The code verify the assignment filtered by `user_id` after verifying the assignment filtered by `user_id` and `project_id`. The latter should be a subset of the former. Change-Id: I056f543a1dfbd0ad8965cdd37bb986a665711ab7changes/47/349247/1
parent
629b2d02b1
commit
b26200beb8
|
@ -394,16 +394,6 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
# create list of just the id's for the backend
|
||||
role_ids = list(authed_roles)
|
||||
|
||||
# verify the user has the project too
|
||||
req_project_id = req_token['requested_project_id']
|
||||
user_projects = self.assignment_api.list_projects_for_user(user_id)
|
||||
for user_project in user_projects:
|
||||
if user_project['id'] == req_project_id:
|
||||
break
|
||||
else:
|
||||
msg = _("User is not a member of the requested project")
|
||||
raise exception.Unauthorized(message=msg)
|
||||
|
||||
# finally authorize the token
|
||||
authed_token = self.oauth_api.authorize_request_token(
|
||||
request_token_id, user_id, role_ids)
|
||||
|
|
Loading…
Reference in New Issue