openstack
/
keystone
Code Issues Proposed changes
keystone/keystone
History
Colleen Murphy ba89d27793 Ensure OAuth1 authorized roles are respected 
Without this patch, when an OAuth1 request token is authorized with a
limited set of roles, the roles for the access token are ignored when
the user uses it to request a keystone token. This means that user of an
access token can use it to escallate their role assignments beyond what
was authorized by the creator. This patch fixes the issue by ensuring
the token model accounts for an OAuth1-scoped token and correctly
populating the roles for it.

Change-Id: I02f9836fbd4d7e629653977fc341476cfd89859e
Closes-bug: #1873290
(cherry picked from commit 6c73690f77)
 		2020-05-02 12:35:10 -07:00
..
api Check timestamp of signed EC2 token request 2020-04-30 20:25:13 +00:00
application_credential Remove six usage 2020-01-30 06:06:51 +00:00
assignment Remove six usage 2020-01-30 06:06:51 +00:00
auth Add expiring user group memberships on mapped authentication 2020-04-07 19:30:57 -04:00
catalog Remove six usage 2020-01-30 06:06:51 +00:00
cmd Merge "Default to bootstrapping roles as immutable" 2020-02-12 05:47:02 +00:00
common Merge "Add schema placeholders for Ussuri" 2020-04-23 21:19:52 +00:00
conf Check timestamp of signed EC2 token request 2020-04-30 20:25:13 +00:00
credential Remove six usage 2020-01-30 06:06:51 +00:00
endpoint_policy Remove six usage 2020-01-30 06:06:51 +00:00
federation Merge "Expiring Group Memberships API - Allow set idp authorization_ttl" 2020-04-10 09:37:50 +00:00
identity Merge "Stop adding entry in local_user while updating ephemerals" 2020-04-20 20:34:43 +00:00
limit Remove six usage 2020-01-30 06:06:51 +00:00
locale Imported Translations from Zanata 2020-04-26 07:04:33 +00:00
models Ensure OAuth1 authorized roles are respected 2020-05-02 12:35:10 -07:00
oauth1 Remove six usage 2020-01-30 06:06:51 +00:00
policy Remove six usage 2020-01-30 06:06:51 +00:00
receipt Remove six usage 2020-01-30 06:06:51 +00:00
resource Remove six usage 2020-01-30 06:06:51 +00:00
revoke Remove six usage 2020-01-30 06:06:51 +00:00
server Remove six usage 2020-01-30 06:06:51 +00:00
tests Ensure OAuth1 authorized roles are respected 2020-05-02 12:35:10 -07:00
token Remove six usage 2020-01-30 06:06:51 +00:00
trust Remove six usage 2020-01-30 06:06:51 +00:00
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py Remove six usage 2020-01-30 06:06:51 +00:00
i18n.py Fix translated response 2019-08-19 14:49:37 +08:00
notifications.py Always have username in CADF initiator 2020-01-09 15:55:48 +00:00
version.py Add expiring user group memberships on mapped authentication 2020-04-07 19:30:57 -04:00