Fix external auth returns for query_user calls
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
This commit is contained in:
Joseph Schorr
parent
f0b19b26c9
commit
3203fd6de1
8 changed files with 834 additions and 651 deletions
|
|
@ -187,12 +187,12 @@ class LDAPUsers(FederatedUsers):
|
|||
def query_users(self, query, limit=20):
|
||||
""" Queries LDAP for matching users. """
|
||||
if not query:
|
||||
return (None, 'Empty query')
|
||||
return (None, self.federated_service, 'Empty query')
|
||||
|
||||
logger.debug('Got query %s with limit %s', query, limit)
|
||||
(results, err_msg) = self._ldap_user_search(query + '*', limit=limit)
|
||||
if err_msg is not None:
|
||||
return (None, err_msg)
|
||||
return (None, self.federated_service, err_msg)
|
||||
|
||||
final_results = []
|
||||
for result in results[0:limit]:
|
||||
|
|
@ -203,7 +203,7 @@ class LDAPUsers(FederatedUsers):
|
|||
final_results.append(credentials)
|
||||
|
||||
logger.debug('For query %s found results %s', query, final_results)
|
||||
return (final_results, None)
|
||||
return (final_results, self.federated_service, None)
|
||||
|
||||
def verify_credentials(self, username_or_email, password):
|
||||
""" Verify the credentials with LDAP. """
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class KeystoneV2Users(FederatedUsers):
|
|||
return (UserInformation(username=username_or_email, email=email, id=user_id), None)
|
||||
|
||||
def query_users(self, query, limit=20):
|
||||
return (None, 'Unsupported in Keystone V2')
|
||||
return (None, self.federated_service, 'Unsupported in Keystone V2')
|
||||
|
||||
def get_user(self, username_or_email):
|
||||
return (None, 'Unsupported in Keystone V2')
|
||||
|
|
@ -108,7 +108,7 @@ class KeystoneV3Users(FederatedUsers):
|
|||
return (None, kut.message or 'Invalid username or password')
|
||||
|
||||
def get_user(self, username_or_email):
|
||||
users_found, err_msg = self.query_users(username_or_email)
|
||||
users_found, _, err_msg = self.query_users(username_or_email)
|
||||
if err_msg is not None:
|
||||
return (None, err_msg)
|
||||
|
||||
|
|
@ -128,7 +128,7 @@ class KeystoneV3Users(FederatedUsers):
|
|||
|
||||
def query_users(self, query, limit=20):
|
||||
if len(query) < 3:
|
||||
return ([], None)
|
||||
return ([], self.federated_service, None)
|
||||
|
||||
try:
|
||||
keystone_client = kv3client.Client(username=self.admin_username, password=self.admin_password,
|
||||
|
|
@ -137,13 +137,13 @@ class KeystoneV3Users(FederatedUsers):
|
|||
found_users = list(_take(limit, keystone_client.users.list(name=query)))
|
||||
logger.debug('For Keystone query %s found users: %s', query, found_users)
|
||||
if not found_users:
|
||||
return ([], None)
|
||||
return ([], self.federated_service, None)
|
||||
|
||||
return ([self._user_info(user) for user in found_users], None)
|
||||
return ([self._user_info(user) for user in found_users], self.federated_service, None)
|
||||
except KeystoneAuthorizationFailure as kaf:
|
||||
logger.exception('Keystone auth failure for admin user for query %s', query)
|
||||
return (None, kaf.message or 'Invalid admin username or password')
|
||||
return (None, self.federated_service, kaf.message or 'Invalid admin username or password')
|
||||
except KeystoneUnauthorized as kut:
|
||||
logger.exception('Keystone unauthorized for admin user for query %s', query)
|
||||
return (None, kut.message or 'Invalid admin username or password')
|
||||
return (None, self.federated_service, kut.message or 'Invalid admin username or password')
|
||||
|
||||
|
|
|
|||
Reference in a new issue