Revision ddc6960a snf-astakos-app/astakos/api/tokens.py

b/snf-astakos-app/astakos/api/tokens.py
36 36
from django.http import urlencode
37 37
from django.views.decorators.csrf import csrf_exempt
38 38

  
39
from snf_django.lib.api import faults, utils, api_method, get_token
39
from snf_django.lib.api import faults, utils, api_method
40 40

  
41 41
from astakos.im.models import Service, AstakosUser
42
from .util import user_from_token, json_response, xml_response
42
from .util import user_from_token, json_response, xml_response, validate_user
43 43

  
44 44
import logging
45 45
logger = logging.getLogger(__name__)
......
49 49
            logger=logger)
50 50
@user_from_token  # Authenticate user!!
51 51
def get_endpoints(request, token):
52
    if token != get_token(request):
52
    if token != request.user.auth_token:
53 53
        raise faults.Forbidden()
54 54

  
55 55
    belongsTo = request.GET.get('belongsTo')
......
92 92

  
93 93
    uuid = None
94 94
    try:
95
        tenant = req['auth']['tenantName']
96 95
        token_id = req['auth']['token']['id']
97 96
    except KeyError:
98 97
        try:
......
109 108
    except AstakosUser.DoesNotExist:
110 109
        raise faults.Unauthorized('Invalid token')
111 110

  
112
    if tenant != user.uuid:
113
        raise faults.Unauthorized('Invalid tenant')
111
    validate_user(user)
114 112

  
115 113
    if uuid is not None:
116 114
        if user.uuid != uuid:

Also available in: Unified diff