)]}'
{"keystone/api/trusts.py":[{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"e622172e6ef467d46b54b94deb08a6529b63c085","unresolved":false,"context_lines":[{"line_number":151,"context_line":"        try:"},{"line_number":152,"context_line":"            trust \u003d PROVIDERS.trust_api.get_trust(trust_id)"},{"line_number":153,"context_line":"        except exception.NotFound:"},{"line_number":154,"context_line":"            # unprivileged users should not have trust-nonexistence exposed to"},{"line_number":155,"context_line":"            # them, handle this in the next step"},{"line_number":156,"context_line":"            pass"},{"line_number":157,"context_line":"        _trustor_trustee_only(trust)"}],"source_content_type":"text/x-python","patch_set":3,"id":"7faddb67_2b0fc888","line":154,"range":{"start_line":154,"start_character":14,"end_line":154,"end_character":26},"updated":"2019-08-15 18:45:13.000000000","message":"NIT: this likely should be \"non-authorized users\" or \"unauthorized\". (not a -1)","commit_id":"d0baa0bafa885c6f5a7cc929326cf13fb97788e9"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"66ee52a3f5b6450d81705e0eb4bc9ba04c829880","unresolved":false,"context_lines":[{"line_number":151,"context_line":"        try:"},{"line_number":152,"context_line":"            trust \u003d PROVIDERS.trust_api.get_trust(trust_id)"},{"line_number":153,"context_line":"        except exception.NotFound:"},{"line_number":154,"context_line":"            # unprivileged users should not have trust-nonexistence exposed to"},{"line_number":155,"context_line":"            # them, handle this in the next step"},{"line_number":156,"context_line":"            pass"},{"line_number":157,"context_line":"        _trustor_trustee_only(trust)"}],"source_content_type":"text/x-python","patch_set":3,"id":"7faddb67_cec5e28f","line":154,"range":{"start_line":154,"start_character":14,"end_line":154,"end_character":26},"in_reply_to":"7faddb67_2b0fc888","updated":"2019-08-15 19:23:46.000000000","message":"Will fix when tempest comes back. Since we should probably backport this it would be good for the comment to be correct.","commit_id":"d0baa0bafa885c6f5a7cc929326cf13fb97788e9"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"e622172e6ef467d46b54b94deb08a6529b63c085","unresolved":false,"context_lines":[{"line_number":153,"context_line":"        except exception.NotFound:"},{"line_number":154,"context_line":"            # unprivileged users should not have trust-nonexistence exposed to"},{"line_number":155,"context_line":"            # them, handle this in the next step"},{"line_number":156,"context_line":"            pass"},{"line_number":157,"context_line":"        _trustor_trustee_only(trust)"},{"line_number":158,"context_line":"        _normalize_trust_expires_at(trust)"},{"line_number":159,"context_line":"        _normalize_trust_roles(trust)"}],"source_content_type":"text/x-python","patch_set":3,"id":"7faddb67_cb271412","line":156,"range":{"start_line":156,"start_character":12,"end_line":156,"end_character":16},"updated":"2019-08-15 18:45:13.000000000","message":"The explicit forbiddenaction could be raised here, but consolidating is fine, comment addresses concerns of where it is handled.","commit_id":"d0baa0bafa885c6f5a7cc929326cf13fb97788e9"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"66ee52a3f5b6450d81705e0eb4bc9ba04c829880","unresolved":false,"context_lines":[{"line_number":153,"context_line":"        except exception.NotFound:"},{"line_number":154,"context_line":"            # unprivileged users should not have trust-nonexistence exposed to"},{"line_number":155,"context_line":"            # them, handle this in the next step"},{"line_number":156,"context_line":"            pass"},{"line_number":157,"context_line":"        _trustor_trustee_only(trust)"},{"line_number":158,"context_line":"        _normalize_trust_expires_at(trust)"},{"line_number":159,"context_line":"        _normalize_trust_roles(trust)"}],"source_content_type":"text/x-python","patch_set":3,"id":"7faddb67_4ed2525e","line":156,"range":{"start_line":156,"start_character":12,"end_line":156,"end_character":16},"in_reply_to":"7faddb67_cb271412","updated":"2019-08-15 19:23:46.000000000","message":"This is going to be refactored anyway into https://review.opendev.org/#/c/676277/5/keystone/api/trusts.py@55 and this style is more consistent with that","commit_id":"d0baa0bafa885c6f5a7cc929326cf13fb97788e9"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"3137614aa6646b5951802a0e1bfa2b609b1c155b","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"def _trustor_trustee_only(trust):"},{"line_number":46,"context_line":"    user_id \u003d flask.request.environ.get(context.REQUEST_CONTEXT_ENV).user_id"},{"line_number":47,"context_line":"    if not trust or (user_id not in [trust.get(\u0027trustee_user_id\u0027),"},{"line_number":48,"context_line":"                                     trust.get(\u0027trustor_user_id\u0027)]):"},{"line_number":49,"context_line":"        raise exception.ForbiddenAction("},{"line_number":50,"context_line":"            action\u003d_(\u0027Requested user has no relation to this trust\u0027))"},{"line_number":51,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"7faddb67_e466bded","line":48,"range":{"start_line":47,"start_character":4,"end_line":48,"end_character":68},"updated":"2019-08-15 21:09:16.000000000","message":"Interesting. Looks like the original logic is already preventing unauthorized users from obtaining the trust, even if they can guess the UUID or am I reading this wrong?","commit_id":"fcab1cdd2af88c32851bcaec346117e5ca9c4ad6"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"d56c70451dd89a60419782c6f268022eb13eca76","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"def _trustor_trustee_only(trust):"},{"line_number":46,"context_line":"    user_id \u003d flask.request.environ.get(context.REQUEST_CONTEXT_ENV).user_id"},{"line_number":47,"context_line":"    if not trust or (user_id not in [trust.get(\u0027trustee_user_id\u0027),"},{"line_number":48,"context_line":"                                     trust.get(\u0027trustor_user_id\u0027)]):"},{"line_number":49,"context_line":"        raise exception.ForbiddenAction("},{"line_number":50,"context_line":"            action\u003d_(\u0027Requested user has no relation to this trust\u0027))"},{"line_number":51,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"7faddb67_7a36e5b6","line":48,"range":{"start_line":47,"start_character":4,"end_line":48,"end_character":68},"in_reply_to":"7faddb67_444c719d","updated":"2019-08-16 05:59:03.000000000","message":"I see.","commit_id":"fcab1cdd2af88c32851bcaec346117e5ca9c4ad6"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"ad2e32b8d2444052f18cb47e81c35e3d243e6972","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"def _trustor_trustee_only(trust):"},{"line_number":46,"context_line":"    user_id \u003d flask.request.environ.get(context.REQUEST_CONTEXT_ENV).user_id"},{"line_number":47,"context_line":"    if not trust or (user_id not in [trust.get(\u0027trustee_user_id\u0027),"},{"line_number":48,"context_line":"                                     trust.get(\u0027trustor_user_id\u0027)]):"},{"line_number":49,"context_line":"        raise exception.ForbiddenAction("},{"line_number":50,"context_line":"            action\u003d_(\u0027Requested user has no relation to this trust\u0027))"},{"line_number":51,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"7faddb67_444c719d","line":48,"range":{"start_line":47,"start_character":4,"end_line":48,"end_character":68},"in_reply_to":"7faddb67_e466bded","updated":"2019-08-15 21:59:00.000000000","message":"The key is on line 150 of the old version:\n\n trust \u003d PROVIDERS.trust_api.get_trust(trust_id)\n\nThat happens before this function is called. If it fails, it never gets to this function.","commit_id":"fcab1cdd2af88c32851bcaec346117e5ca9c4ad6"}],"keystone/tests/unit/test_v3_auth.py":[{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"e622172e6ef467d46b54b94deb08a6529b63c085","unresolved":false,"context_lines":[{"line_number":4377,"context_line":""},{"line_number":4378,"context_line":"    def test_create_one_time_use_trust(self):"},{"line_number":4379,"context_line":"        trust \u003d self._initialize_test_consume_trust(1)"},{"line_number":4380,"context_line":"        # No more uses, the trust is made unavailable. Requesting a non-existent"},{"line_number":4381,"context_line":"        # trust will result in a 403 to prevent disclosing its existence or"},{"line_number":4382,"context_line":"        # non-existence."},{"line_number":4383,"context_line":"        self.get("}],"source_content_type":"text/x-python","patch_set":3,"id":"7faddb67_eb24500f","line":4380,"range":{"start_line":4380,"start_character":68,"end_line":4380,"end_character":80},"updated":"2019-08-15 18:45:13.000000000","message":"possible pep8 line-length, might be weird web formatting.","commit_id":"d0baa0bafa885c6f5a7cc929326cf13fb97788e9"}]}