luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Move checking non-assignable policies above the actual token creation

This commit is contained in:
Jeff Mitchell 2016-08-08 16:44:29 -04:00
parent be39df9887
commit d7f6218869
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
vault/token_store.go
View File

@ -1307,11 +1307,6 @@ func (ts *TokenStore) handleCreateCommon(
renewable = false
}
// Create the token
if err := ts.create(&te); err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
}
// Prevent internal policies from being assigned to tokens
for _, policy := range te.Policies {
if strutil.StrListContains(nonAssignablePolicies, policy) {
@ -1319,6 +1314,11 @@ func (ts *TokenStore) handleCreateCommon(
}
}
// Create the token
if err := ts.create(&te); err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
}
// Generate the response
resp.Auth = &logical.Auth{
DisplayName: te.DisplayName,