2013-03-19 18:41:55 |
Henry Nash |
description |
Currently domains are removed from user & project refs prior to validation.
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L81
Their validation was also made conditional because the validation was merged prior to domain_id's being available on users & projects:
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L97
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L97
The validation needs to become unconditional and validated prior to being removed. |
There two separate problems:
In v2 authentication, currently domains are removed from user & project refs prior to validation.
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L81
Their validation was also made conditional because the validation was merged prior to domain_id's being available on users & projects:
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L97
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L97
The validation needs to become unconditional and validated prior to being removed.
In v3, the domain is checked when authenticating by username, but not by user_id - the later successfully authenticates even if the domain is disabled. |
|