X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauth.py;h=c320d50f295fd28af990229c4fe4c3015dcc2c25;hp=94eb1e9e74bc75b3d709420c4d0cd0e4a4c9f433;hb=e1eb3b2c0bdb7462d330703702677b3354ceb9ff;hpb=01b15d3166ea28266fb3d994d0615e4091c43c08

diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py
index 94eb1e9..c320d50 100644
--- a/osm_nbi/auth.py
+++ b/osm_nbi/auth.py
@@ -259,6 +259,8 @@ class Authenticator:
         pid = self.create_admin_project()
         self.create_admin_user(pid)
 
+        # self.backend.update_user({"_id": "admin",
+        #                           "add_project_role_mappings": {"project": "admin", "role": "system_admin"}})
         if self.config["authentication"]["backend"] == "keystone":
             try:
                 self.backend.assign_role_to_user("admin", "admin", "system_admin")
@@ -346,6 +348,12 @@ class Authenticator:
                 if cherrypy.session.get('Authorization'):
                     del cherrypy.session['Authorization']
                 cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
+            elif self.config.get("user_not_authorized"):
+                # TODO provide user_id, roles id (not name), project_id
+                return {"id": "fake-token-id-for-test",
+                        "project_id": self.config.get("project_not_authorized", "admin"),
+                        "username": self.config["user_not_authorized"],
+                        "roles": ["system_admin"]}
             raise
 
     def new_token(self, token_info, indata, remote):