From ce10b6691fc9fbdad4024e572a9352fb9a51671a Mon Sep 17 00:00:00 2001
From: Wenxiang Wu <wu.wenxiang@99cloud.net>
Date: Thu, 18 Jan 2024 14:42:13 +0800
Subject: [PATCH] fix: user login failure due to no role assignment to its
 default project

This bug start from: https://review.opendev.org/c/openstack/skyline-apiserver/+/901229

Closes-Bug: #2049719
Change-Id: Icd7dbd5128dc8f4eb83a09d3304726ebb96cb074
---
 skyline_apiserver/api/v1/login.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/skyline_apiserver/api/v1/login.py b/skyline_apiserver/api/v1/login.py
index addaa95..182adab 100644
--- a/skyline_apiserver/api/v1/login.py
+++ b/skyline_apiserver/api/v1/login.py
@@ -93,8 +93,6 @@ async def _get_projects_and_unscope_token(
         auth=unscope_auth, verify=CONF.default.cafile, timeout=constants.DEFAULT_TIMEOUT
     )
 
-    default_project_id = await _get_default_project_id(session, region)
-
     unscope_client = KeystoneClient(
         session=session,
         endpoint=auth_url,
@@ -110,6 +108,8 @@ async def _get_projects_and_unscope_token(
     if not project_scope:
         raise Exception("You are not authorized for any projects or domains.")
 
+    default_project_id = await _get_default_project_id(session, region)
+
     return project_scope, unscope_token, default_project_id
 
 
@@ -182,6 +182,8 @@ async def login(
             project_enabled=True,
         )
 
+        if default_project_id not in [i.id for i in project_scope]:
+            default_project_id = None
         project_scope_token = await get_project_scope_token(
             keystone_token=unscope_token,
             region=credential.region,
@@ -277,6 +279,8 @@ async def websso(
             project_enabled=True,
         )
 
+        if default_project_id not in [i.id for i in project_scope]:
+            default_project_id = None
         project_scope_token = await get_project_scope_token(
             keystone_token=token,
             region=CONF.openstack.sso_region,