Remove the keystone admin auth hack. Handle condition when no valid tenants returned gracefully.

2011-09-29 16:50:01 -07:00 · 2011-09-29 16:50:01 -07:00 · 121d1c906e
commit 121d1c906e
parent 576eef884a
2 changed files with 45 additions and 13 deletions
--- a/django-openstack/django_openstack/auth/views.py
+++ b/django-openstack/django_openstack/auth/views.py
@ -68,24 +68,19 @@ class Login(forms.SelfHandlingForm):
                request.session['unscoped_token'] = token.id

                def get_first_tenant_for_user():
-                    for t in api.tenant_list_for_token(request, token.id):
-                        # FIXME (anthony)
-                        # keystone does the annoying 'always return everything
-                        # for admin users thing' which causes the following
-                        # annoying code block to exist (until that is fixed)
-                        if is_admin(token):
-                            for u in api.users_list_for_token_and_tenant(
-                                                    request, token.id, t.id):
-                                if u.name == data['username']:
-                                    return t
-                        else:
-                            return t
-                    return None
+                    tenants = api.tenant_list_for_token(request, token.id)
+                    return tenants[0] if len(tenants) else None

                # Get the tenant list, and log in using first tenant
                # FIXME (anthony): add tenant chooser here?
                tenant = get_first_tenant_for_user()

+                # Abort if there are no valid tenants for this user
+                if not tenant:
+                    messages.error(request, 'No tenants present for user: %s' %
+                                            data['username'])
+                    return
+
                # Create a token
                token = api.token_create_scoped_with_token(request,
                                         data.get('tenant', tenant.id),
--- a/django-openstack/django_openstack/tests/view_tests/auth_tests.py
+++ b/django-openstack/django_openstack/tests/view_tests/auth_tests.py
@ -19,6 +19,7 @@
 #    under the License.

 from django import http
+from django.contrib import messages
 from django.core.urlresolvers import reverse
 from django_openstack import api
 from django_openstack.tests.view_tests import base
@ -50,6 +51,42 @@ class AuthViewTests(base.BaseViewTests):
        res = self.client.get(reverse('auth_login'))
        self.assertRedirectsNoFollow(res, reverse('syspanel_overview'))

+    def test_login_no_tenants(self):
+        NEW_TENANT_ID = '6'
+        NEW_TENANT_NAME = 'FAKENAME'
+        TOKEN_ID = 1
+
+        form_data = {'method': 'Login',
+                    'password': self.PASSWORD,
+                    'username': self.TEST_USER}
+
+        self.mox.StubOutWithMock(api, 'token_create')
+        aToken = self.mox.CreateMock(api.Token)
+        aToken.id = TOKEN_ID
+        aToken.user = { 'roles': [{'name': 'fake'}]}
+        aToken.serviceCatalog = {}
+        api.token_create(IsA(http.HttpRequest), "", self.TEST_USER,
+                         self.PASSWORD).AndReturn(aToken)
+
+        aTenant = self.mox.CreateMock(api.Token)
+        aTenant.id = NEW_TENANT_ID
+        aTenant.name = NEW_TENANT_NAME
+
+        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
+        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
+                                  AndReturn([])
+
+        self.mox.StubOutWithMock(messages, 'error')
+        messages.error(IsA(http.HttpRequest), IsA(unicode))
+
+        self.mox.ReplayAll()
+
+        res = self.client.post(reverse('auth_login'), form_data)
+
+        self.assertTemplateUsed(res, 'splash.html')
+
+        self.mox.VerifyAll()
+
    def test_login(self):
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'