Automatically link the superuser account to federated service for auth
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
This commit is contained in:
Joseph Schorr
parent
33b54218cc
commit
38a6b3621c
5 changed files with 37 additions and 5 deletions
|
|
@ -344,7 +344,8 @@ def _validate_jwt(config, password):
|
|||
# Try to instatiate the JWT authentication mechanism. This will raise an exception if
|
||||
# the key cannot be found.
|
||||
users = ExternalJWTAuthN(verify_endpoint, issuer, OVERRIDE_CONFIG_DIRECTORY,
|
||||
app.config['HTTPCLIENT'])
|
||||
app.config['HTTPCLIENT'],
|
||||
app.config.get('JWT_AUTH_MAX_FRESH_S', 300))
|
||||
|
||||
# Verify that the superuser exists. If not, raise an exception.
|
||||
username = get_authenticated_user().username
|
||||
|
|
@ -403,4 +404,4 @@ _VALIDATORS = {
|
|||
'ldap': _validate_ldap,
|
||||
'jwt': _validate_jwt,
|
||||
'keystone': _validate_keystone,
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue