Add remote_id definition in _perform_auth

This is to add remote_id definition in _perform_auth, otherwise
if no remote_id is found, we'll get "NameError: name 'remote_id'
is not defined" exception.

Change-Id: I2ad7dd6d9e7f74dbeaa87a68472be75b04cef631
Closes-Bug: #1844207
This commit is contained in:
zhufl 2019-09-03 14:53:15 +08:00 committed by Colleen Murphy
parent fe39838f71
commit e224082ecd
3 changed files with 18 additions and 0 deletions

View File

@ -335,6 +335,7 @@ class AuthFederationWebSSOResource(_AuthFederationWebSSOBase):
@classmethod @classmethod
def _perform_auth(cls, protocol_id): def _perform_auth(cls, protocol_id):
idps = PROVIDERS.federation_api.list_idps() idps = PROVIDERS.federation_api.list_idps()
remote_id = None
for idp in idps: for idp in idps:
try: try:
remote_id_name = federation_utils.get_remote_id_parameter( remote_id_name = federation_utils.get_remote_id_parameter(

View File

@ -4886,6 +4886,16 @@ class WebSSOTests(FederatedTokenTests):
auth_api.AuthFederationWebSSOResource._perform_auth, auth_api.AuthFederationWebSSOResource._perform_auth,
self.PROTOCOL) self.PROTOCOL)
def test_federated_sso_auth_protocol_not_found(self):
environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0],
'QUERY_STRING': 'origin=%s' % self.ORIGIN}
environment.update(mapping_fixtures.EMPLOYEE_ASSERTION)
with self.make_request(environ=environment):
self.assertRaises(
exception.Unauthorized,
auth_api.AuthFederationWebSSOResource._perform_auth,
'no_this_protocol')
def test_federated_sso_untrusted_dashboard(self): def test_federated_sso_untrusted_dashboard(self):
environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0], environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0],
'QUERY_STRING': 'origin=%s' % uuid.uuid4().hex} 'QUERY_STRING': 'origin=%s' % uuid.uuid4().hex}

View File

@ -0,0 +1,7 @@
---
fixes:
- |
[`bug 1844207 <https://bugs.launchpad.net/keystone/+bug/1844207>`_]
Fixes an issue with WebSSO auth where a server error was raised if a remote
ID can't be found for the requested federation protocol, now correctly
raises an Unauthorized client error.