From 1953c689e86ecdf131b4cf176bf4ff47b53493cf Mon Sep 17 00:00:00 2001 From: Radomir Dopieralski Date: Wed, 17 Oct 2018 18:44:21 +0200 Subject: [PATCH] Properly calculate auth_url for WEBSSO from POST data The redirect for WEBSSO takes its data directly from the request's POST data, and the format of that data has changed, so now we need to convert it for it to work correctly. Change-Id: I5b18e555a9bc6b24be1e59465f07e73e99739e22 closes-bug: #1794710 --- openstack_auth/forms.py | 20 ++++++++++++-------- openstack_auth/tests/unit/test_auth.py | 6 +++--- openstack_auth/views.py | 3 ++- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py index 14389938eb..883bf7611d 100644 --- a/openstack_auth/forms.py +++ b/openstack_auth/forms.py @@ -28,6 +28,13 @@ from openstack_auth import utils LOG = logging.getLogger(__name__) +def get_region_endpoint(region_id): + if region_id == "default": + return settings.OPENSTACK_KEYSTONE_URL + all_regions = getattr(settings, 'AVAILABLE_REGIONS', []) + return all_regions[int(region_id)][0] + + class Login(django_auth_forms.AuthenticationForm): """Form used for logging in a user. @@ -125,14 +132,11 @@ class Login(django_auth_forms.AuthenticationForm): password = self.cleaned_data.get('password') domain = self.cleaned_data.get('domain', default_domain) region_id = self.cleaned_data.get('region') - if region_id == "default": - region = settings.OPENSTACK_KEYSTONE_URL - else: - all_regions = getattr(settings, 'AVAILABLE_REGIONS', []) - try: - region = all_regions[int(region_id)][0] - except (ValueError, IndexError, TypeError): - raise forms.ValidationError("Invalid region %r" % region_id) + try: + region = get_region_endpoint(region_id) + except (ValueError, IndexError, TypeError): + raise forms.ValidationError("Invalid region %r" % region_id) + self.cleaned_data['region'] = region if not (username and password): # Don't authenticate, just let the other validators handle it. diff --git a/openstack_auth/tests/unit/test_auth.py b/openstack_auth/tests/unit/test_auth.py index 119464d9fc..016956692d 100644 --- a/openstack_auth/tests/unit/test_auth.py +++ b/openstack_auth/tests/unit/test_auth.py @@ -1171,7 +1171,7 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin, (settings.OPENSTACK_KEYSTONE_URL, protocol, origin)) form_data = {'auth_type': protocol, - 'region': settings.OPENSTACK_KEYSTONE_URL} + 'region': 'default'} url = reverse('login') # POST to the page and redirect to keystone. @@ -1188,7 +1188,7 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin, protocol, origin)) form_data = {'auth_type': self.idp_oidc_id, - 'region': settings.OPENSTACK_KEYSTONE_URL} + 'region': 'default'} url = reverse('login') # POST to the page and redirect to keystone. @@ -1206,7 +1206,7 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin, protocol, origin)) form_data = {'auth_type': self.idp_oidc_id, - 'region': settings.OPENSTACK_KEYSTONE_URL} + 'region': 'default'} url = reverse('login') # POST to the page and redirect to keystone. diff --git a/openstack_auth/views.py b/openstack_auth/views.py index bac06edf82..9af337810a 100644 --- a/openstack_auth/views.py +++ b/openstack_auth/views.py @@ -71,8 +71,9 @@ def login(request, template_name=None, extra_context=None, **kwargs): if request.method == 'POST': auth_type = request.POST.get('auth_type', 'credentials') if utils.is_websso_enabled() and auth_type != 'credentials': + region_id = request.POST.get('region') auth_url = getattr(settings, 'WEBSSO_KEYSTONE_URL', - request.POST.get('region')) + forms.get_region_endpoint(region_id)) url = utils.get_websso_url(request, auth_url, auth_type) return shortcuts.redirect(url)