Browse Source

Add remote_id definition in _perform_auth

This is to add remote_id definition in _perform_auth, otherwise
if no remote_id is found, we'll get "NameError: name 'remote_id'
is not defined" exception.

Change-Id: I2ad7dd6d9e7f74dbeaa87a68472be75b04cef631
Closes-Bug: #1844207
tags/16.0.0.0rc1
zhufl 4 months ago
parent
commit
e224082ecd
3 changed files with 18 additions and 0 deletions
  1. +1
    -0
      keystone/api/auth.py
  2. +10
    -0
      keystone/tests/unit/test_v3_federation.py
  3. +7
    -0
      releasenotes/notes/bug-1844207-x27a31f3403xfd7y.yaml

+ 1
- 0
keystone/api/auth.py View File

@@ -335,6 +335,7 @@ class AuthFederationWebSSOResource(_AuthFederationWebSSOBase):
@classmethod
def _perform_auth(cls, protocol_id):
idps = PROVIDERS.federation_api.list_idps()
remote_id = None
for idp in idps:
try:
remote_id_name = federation_utils.get_remote_id_parameter(

+ 10
- 0
keystone/tests/unit/test_v3_federation.py View File

@@ -4886,6 +4886,16 @@ class WebSSOTests(FederatedTokenTests):
auth_api.AuthFederationWebSSOResource._perform_auth,
self.PROTOCOL)

def test_federated_sso_auth_protocol_not_found(self):
environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0],
'QUERY_STRING': 'origin=%s' % self.ORIGIN}
environment.update(mapping_fixtures.EMPLOYEE_ASSERTION)
with self.make_request(environ=environment):
self.assertRaises(
exception.Unauthorized,
auth_api.AuthFederationWebSSOResource._perform_auth,
'no_this_protocol')

def test_federated_sso_untrusted_dashboard(self):
environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0],
'QUERY_STRING': 'origin=%s' % uuid.uuid4().hex}

+ 7
- 0
releasenotes/notes/bug-1844207-x27a31f3403xfd7y.yaml View File

@@ -0,0 +1,7 @@
---
fixes:
- |
[`bug 1844207 <https://bugs.launchpad.net/keystone/+bug/1844207>`_]
Fixes an issue with WebSSO auth where a server error was raised if a remote
ID can't be found for the requested federation protocol, now correctly
raises an Unauthorized client error.

Loading…
Cancel
Save