def test_convert_integer_to_methods(self):
auth_methods = ['password', 'token', 'totp']
self.config_fixture.config(group='auth', methods=auth_methods)
expected_methods = ['password']
methods = plugins.convert_integer_to_method_list(1)
self.assertTrue(len(methods) == 1)
for method in methods:
self.assertIn(method, expected_methods)
expected_methods = ['password', 'token']
methods = plugins.convert_integer_to_method_list(3)
self.assertTrue(len(methods) == 2)
for method in methods:
self.assertIn(method, expected_methods)
expected_methods = ['password', 'totp']
methods = plugins.convert_integer_to_method_list(5)
self.assertTrue(len(methods) == 2)
for method in methods:
self.assertIn(method, expected_methods)
expected_methods = ['token', 'totp']
methods = plugins.convert_integer_to_method_list(6)
self.assertTrue(len(methods) == 2)
for method in methods:
self.assertIn(method, expected_methods)
expected_methods = ['password', 'token', 'totp']
methods = plugins.convert_integer_to_method_list(7)
self.assertTrue(len(methods) == 3)
for method in methods:
self.assertIn(method, expected_methods)
def test_convert_integer_to_methods(self):
auth_methods = ['password', 'token', 'totp']
self.config_fixture.config(group='auth', methods=auth_methods)
expected_methods = ['password']
methods = plugins.convert_integer_to_method_list(1)
self.assertTrue(len(methods) == 1)
for method in methods:
self.assertIn(method, expected_methods)
expected_methods = ['password', 'token']
methods = plugins.convert_integer_to_method_list(3)
self.assertTrue(len(methods) == 2)
for method in methods:
self.assertIn(method, expected_methods)
expected_methods = ['password', 'totp']
methods = plugins.convert_integer_to_method_list(5)
self.assertTrue(len(methods) == 2)
for method in methods:
self.assertIn(method, expected_methods)
expected_methods = ['token', 'totp']
methods = plugins.convert_integer_to_method_list(6)
self.assertTrue(len(methods) == 2)
for method in methods:
self.assertIn(method, expected_methods)
expected_methods = ['password', 'token', 'totp']
methods = plugins.convert_integer_to_method_list(7)
self.assertTrue(len(methods) == 3)
for method in methods:
self.assertIn(method, expected_methods)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
else:
# NOTE(cmurphy): The user ID of shadowed federated users is no
# longer a UUID but a sha256 hash string, and so it should not be
# converted to a byte string since it is not a UUID format.
# However. on python3 msgpack returns the serialized input as a
# byte string anyway. Similar to other msgpack'd values in the
# payload, we need to explicitly decode it to a string value.
if six.PY3 and isinstance(user_id, six.binary_type):
user_id = user_id.decode('utf-8')
methods = auth_plugins.convert_integer_to_method_list(payload[1])
group_ids = list(map(cls.unpack_group_id, payload[2]))
(is_stored_as_bytes, idp_id) = payload[3]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
else:
idp_id = idp_id.decode('utf-8')
protocol_id = payload[4]
if isinstance(protocol_id, six.binary_type):
protocol_id = protocol_id.decode('utf-8')
expires_at_str = cls._convert_float_to_time_string(payload[5])
audit_ids = list(map(cls.base64_encode, payload[6]))
system = None
project_id = None
domain_id = None
trust_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, group_ids, idp_id,
protocol_id, access_token_id, app_cred_id)
def disassemble(cls, payload):
"""Validate a federated paylod.
:param token_string: a string representing the token
:return: a tuple containing the user_id, auth methods, audit_ids, and
a dictionary containing federated information such as the the
group IDs, the identity provider ID, the protocol ID, and the
federated domain ID
"""
def unpack_group_ids(group_id_in_bytes):
group_id = cls.convert_uuid_bytes_to_hex(group_id_in_bytes)
return {'id': group_id}
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
methods = auth_plugins.convert_integer_to_method_list(payload[1])
group_ids = map(unpack_group_ids, payload[2])
idp_id = cls.attempt_convert_uuid_bytes_to_hex(payload[3])
protocol_id = payload[4]
expires_at_str = cls._convert_int_to_time_string(payload[5])
audit_ids = map(provider.base64_encode, payload[6])
federated_info = dict(group_ids=group_ids,
idp_id=idp_id,
protocol_id=protocol_id)
return (user_id, methods, expires_at_str, audit_ids, federated_info)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
try:
domain_id = cls.convert_uuid_bytes_to_hex(payload[2])
except ValueError:
# the default domain ID is configurable, and probably isn't a UUID
if six.PY3 and isinstance(payload[2], six.binary_type):
payload[2] = payload[2].decode('utf-8')
if payload[2] == CONF.identity.default_domain_id:
domain_id = payload[2]
else:
raise
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(cls.base64_encode, payload[4]))
system = None
project_id = None
trust_id = None
federated_group_ids = None
identity_provider_id = None
protocol_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, federated_group_ids,
identity_provider_id, protocol_id, access_token_id,
app_cred_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
try:
domain_id = cls.convert_uuid_bytes_to_hex(payload[2])
except ValueError:
# the default domain ID is configurable, and probably isn't a UUID
if six.PY3 and isinstance(payload[2], six.binary_type):
payload[2] = payload[2].decode('utf-8')
if payload[2] == CONF.identity.default_domain_id:
domain_id = payload[2]
else:
raise
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(cls.base64_encode, payload[4]))
system = None
project_id = None
trust_id = None
federated_group_ids = None
identity_provider_id = None
protocol_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, federated_group_ids,
identity_provider_id, protocol_id, access_token_id,
app_cred_id)
def disassemble(cls, payload):
"""Validate a federated paylod.
:param token_string: a string representing the token
:return: a tuple containing the user_id, auth methods, audit_ids, and
a dictionary containing federated information such as the the
group IDs, the identity provider ID, the protocol ID, and the
federated domain ID
"""
def unpack_group_ids(group_id_in_bytes):
(is_stored_as_bytes, group_id) = group_id_in_bytes
if is_stored_as_bytes:
group_id = cls.attempt_convert_uuid_bytes_to_hex(group_id)
return {'id': group_id}
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
group_ids = map(unpack_group_ids, payload[2])
(is_stored_as_bytes, idp_id) = payload[3]
if is_stored_as_bytes:
idp_id = cls.attempt_convert_uuid_bytes_to_hex(idp_id)
protocol_id = payload[4]
expires_at_str = cls._convert_int_to_time_string(payload[5])
audit_ids = map(provider.base64_encode, payload[6])
federated_info = dict(group_ids=group_ids, idp_id=idp_id,
protocol_id=protocol_id)
return (user_id, methods, expires_at_str, audit_ids, federated_info)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, project_id) = payload[2]
if is_stored_as_bytes:
project_id = cls.convert_uuid_bytes_to_hex(project_id)
(is_stored_as_bytes, access_token_id) = payload[3]
if is_stored_as_bytes:
access_token_id = cls.convert_uuid_bytes_to_hex(access_token_id)
expires_at_str = cls._convert_float_to_time_string(payload[4])
audit_ids = list(map(cls.base64_encode, payload[5]))
system = None
domain_id = None
trust_id = None
federated_group_ids = None
identity_provider_id = None
protocol_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, federated_group_ids,
identity_provider_id, protocol_id, access_token_id,
app_cred_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
group_ids = list(map(cls.unpack_group_id, payload[2]))
(is_stored_as_bytes, idp_id) = payload[3]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
else:
idp_id = idp_id.decode('utf-8')
protocol_id = payload[4]
if isinstance(protocol_id, six.binary_type):
protocol_id = protocol_id.decode('utf-8')
expires_at_str = cls._convert_float_to_time_string(payload[5])
audit_ids = list(map(cls.base64_encode, payload[6]))
system = None
project_id = None
domain_id = None
trust_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, group_ids, idp_id,
protocol_id, access_token_id, app_cred_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
user_id = cls._convert_or_decode(is_stored_as_bytes, user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, scope_id) = payload[2]
scope_id = cls._convert_or_decode(is_stored_as_bytes, scope_id)
project_id = (scope_id if cls.version
== FederatedProjectScopedPayload.version else None)
domain_id = (scope_id if cls.version
== FederatedDomainScopedPayload.version else None)
group_ids = list(map(cls.unpack_group_id, payload[3]))
(is_stored_as_bytes, idp_id) = payload[4]
idp_id = cls._convert_or_decode(is_stored_as_bytes, idp_id)
protocol_id = payload[5]
if six.PY3 and isinstance(protocol_id, six.binary_type):
protocol_id = protocol_id.decode('utf-8')
expires_at_str = cls._convert_float_to_time_string(payload[6])
audit_ids = list(map(cls.base64_encode, payload[7]))
system = None
trust_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, group_ids, idp_id,
protocol_id, access_token_id, app_cred_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
group_ids = list(map(cls.unpack_group_id, payload[2]))
(is_stored_as_bytes, idp_id) = payload[3]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
else:
idp_id = idp_id.decode('utf-8')
protocol_id = payload[4]
if isinstance(protocol_id, six.binary_type):
protocol_id = protocol_id.decode('utf-8')
expires_at_str = cls._convert_float_to_time_string(payload[5])
audit_ids = list(map(cls.base64_encode, payload[6]))
federated_info = dict(group_ids=group_ids, idp_id=idp_id,
protocol_id=protocol_id)
system = None
project_id = None
domain_id = None
trust_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, federated_info,
access_token_id, app_cred_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
else:
# NOTE(cmurphy): The user ID of shadowed federated users is no
# longer a UUID but a sha256 hash string, and so it should not be
# converted to a byte string since it is not a UUID format.
# However. on python3 msgpack returns the serialized input as a
# byte string anyway. Similar to other msgpack'd values in the
# payload, we need to explicitly decode it to a string value.
if six.PY3 and isinstance(user_id, six.binary_type):
user_id = user_id.decode('utf-8')
methods = auth_plugins.convert_integer_to_method_list(payload[1])
group_ids = list(map(cls.unpack_group_id, payload[2]))
(is_stored_as_bytes, idp_id) = payload[3]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
else:
idp_id = idp_id.decode('utf-8')
protocol_id = payload[4]
if isinstance(protocol_id, six.binary_type):
protocol_id = protocol_id.decode('utf-8')
expires_at_str = cls._convert_float_to_time_string(payload[5])
audit_ids = list(map(cls.base64_encode, payload[6]))
system = None
project_id = None
domain_id = None
trust_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, group_ids, idp_id,
protocol_id, access_token_id, app_cred_id)
def disassemble(cls, payload):
"""Validate a project-scoped federated payload.
:param token_string: a string representing the token
:returns: a tuple containing the user_id, auth methods, scope_id,
expiration time (as str), audit_ids, and a dictionary
containing federated information such as the the identity
provider ID, the protocol ID, the federated domain ID and
group IDs
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, scope_id) = payload[2]
if is_stored_as_bytes:
scope_id = cls.attempt_convert_uuid_bytes_to_hex(scope_id)
group_ids = list(map(cls.unpack_group_id, payload[3]))
(is_stored_as_bytes, idp_id) = payload[4]
if is_stored_as_bytes:
idp_id = cls.attempt_convert_uuid_bytes_to_hex(idp_id)
protocol_id = payload[5]
expires_at_str = cls._convert_float_to_time_string(payload[6])
audit_ids = list(map(provider.base64_encode, payload[7]))
federated_info = dict(idp_id=idp_id,
protocol_id=protocol_id,
group_ids=group_ids)
return (user_id, methods, scope_id, expires_at_str, audit_ids,
federated_info)
def disassemble(cls, payload):
"""Validate a project-scoped federated payload.
:param token_string: a string representing the token
:returns: a tuple containing the user_id, auth methods, scope_id,
expiration time (as str), audit_ids, and a dictionary
containing federated information such as the the identity
provider ID, the protocol ID, the federated domain ID and
group IDs
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, scope_id) = payload[2]
if is_stored_as_bytes:
scope_id = cls.attempt_convert_uuid_bytes_to_hex(scope_id)
group_ids = list(map(cls.unpack_group_id, payload[3]))
(is_stored_as_bytes, idp_id) = payload[4]
if is_stored_as_bytes:
idp_id = cls.attempt_convert_uuid_bytes_to_hex(idp_id)
protocol_id = payload[5]
expires_at_str = cls._convert_int_to_time_string(payload[6])
audit_ids = list(map(provider.base64_encode, payload[7]))
federated_info = dict(idp_id=idp_id, protocol_id=protocol_id,
group_ids=group_ids)
return (user_id, methods, scope_id, expires_at_str, audit_ids,
federated_info)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, scope_id) = payload[2]
if is_stored_as_bytes:
scope_id = cls.convert_uuid_bytes_to_hex(scope_id)
project_id = (
scope_id
if cls.version == FederatedProjectScopedPayload.version else None)
domain_id = (
scope_id
if cls.version == FederatedDomainScopedPayload.version else None)
group_ids = list(map(cls.unpack_group_id, payload[3]))
(is_stored_as_bytes, idp_id) = payload[4]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
protocol_id = payload[5]
expires_at_str = cls._convert_float_to_time_string(payload[6])
audit_ids = list(map(provider.base64_encode, payload[7]))
federated_info = dict(idp_id=idp_id, protocol_id=protocol_id,
group_ids=group_ids)
trust_id = None
access_token_id = None
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info, access_token_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, project_id) = payload[2]
if is_stored_as_bytes:
project_id = cls.convert_uuid_bytes_to_hex(project_id)
(is_stored_as_bytes, access_token_id) = payload[3]
if is_stored_as_bytes:
access_token_id = cls.convert_uuid_bytes_to_hex(access_token_id)
expires_at_str = cls._convert_float_to_time_string(payload[4])
audit_ids = list(map(cls.base64_encode, payload[5]))
system = None
domain_id = None
trust_id = None
federated_group_ids = None
identity_provider_id = None
protocol_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, federated_group_ids,
identity_provider_id, protocol_id, access_token_id,
app_cred_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
else:
# NOTE(cmurphy): The user ID of shadowed federated users is no
# longer a UUID but a sha256 hash string, and so it should not be
# converted to a byte string since it is not a UUID format.
# However. on python3 msgpack returns the serialized input as a
# byte string anyway. Similar to other msgpack'd values in the
# payload, we need to explicitly decode it to a string value.
if six.PY3 and isinstance(user_id, six.binary_type):
user_id = user_id.decode('utf-8')
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, scope_id) = payload[2]
if is_stored_as_bytes:
scope_id = cls.convert_uuid_bytes_to_hex(scope_id)
else:
# NOTE(lbragstad): We assembled the token payload scope as a tuple
# (False, domain_id) for cases like (False, 'default'), since the
# default domain ID isn't converted to a byte string when it's not
# in UUID format. Despite the boolean indicator in the tuple that
# denotes if the value is stored as a byte string or not, msgpack
# apparently returns the serialized input as byte strings anyway.
# For example, this means what we though we were passing in as
# (False, 'default') during token creation actually comes out as
# (False, b'default') in token validation through msgpack, which
# clearly isn't correct according to our boolean indicator. This
# causes comparison issues due to different string types (e.g.,
# b'default' != 'default') with python 3. See bug 1813085 for
# details. We use this pattern for other strings in the payload
# like idp_id and protocol_id for the same reason.
if six.PY3 and isinstance(scope_id, six.binary_type):
scope_id = scope_id.decode('utf-8')
project_id = (
scope_id
if cls.version == FederatedProjectScopedPayload.version else None)
domain_id = (
scope_id
if cls.version == FederatedDomainScopedPayload.version else None)
group_ids = list(map(cls.unpack_group_id, payload[3]))
(is_stored_as_bytes, idp_id) = payload[4]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
else:
if six.PY3 and isinstance(idp_id, six.binary_type):
idp_id = idp_id.decode('utf-8')
protocol_id = payload[5]
if six.PY3 and isinstance(protocol_id, six.binary_type):
protocol_id = protocol_id.decode('utf-8')
expires_at_str = cls._convert_float_to_time_string(payload[6])
audit_ids = list(map(cls.base64_encode, payload[7]))
system = None
trust_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, group_ids, idp_id,
protocol_id, access_token_id, app_cred_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
else:
# NOTE(cmurphy): The user ID of shadowed federated users is no
# longer a UUID but a sha256 hash string, and so it should not be
# converted to a byte string since it is not a UUID format.
# However. on python3 msgpack returns the serialized input as a
# byte string anyway. Similar to other msgpack'd values in the
# payload, we need to explicitly decode it to a string value.
if six.PY3 and isinstance(user_id, six.binary_type):
user_id = user_id.decode('utf-8')
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, scope_id) = payload[2]
if is_stored_as_bytes:
scope_id = cls.convert_uuid_bytes_to_hex(scope_id)
else:
# NOTE(lbragstad): We assembled the token payload scope as a tuple
# (False, domain_id) for cases like (False, 'default'), since the
# default domain ID isn't converted to a byte string when it's not
# in UUID format. Despite the boolean indicator in the tuple that
# denotes if the value is stored as a byte string or not, msgpack
# apparently returns the serialized input as byte strings anyway.
# For example, this means what we though we were passing in as
# (False, 'default') during token creation actually comes out as
# (False, b'default') in token validation through msgpack, which
# clearly isn't correct according to our boolean indicator. This
# causes comparison issues due to different string types (e.g.,
# b'default' != 'default') with python 3. See bug 1813085 for
# details. We use this pattern for other strings in the payload
# like idp_id and protocol_id for the same reason.
if six.PY3 and isinstance(scope_id, six.binary_type):
scope_id = scope_id.decode('utf-8')
project_id = (scope_id if cls.version
== FederatedProjectScopedPayload.version else None)
domain_id = (scope_id if cls.version
== FederatedDomainScopedPayload.version else None)
group_ids = list(map(cls.unpack_group_id, payload[3]))
(is_stored_as_bytes, idp_id) = payload[4]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
else:
if six.PY3 and isinstance(idp_id, six.binary_type):
idp_id = idp_id.decode('utf-8')
protocol_id = payload[5]
if six.PY3 and isinstance(protocol_id, six.binary_type):
protocol_id = protocol_id.decode('utf-8')
expires_at_str = cls._convert_float_to_time_string(payload[6])
audit_ids = list(map(cls.base64_encode, payload[7]))
system = None
trust_id = None
access_token_id = None
app_cred_id = None
return (user_id, methods, system, project_id, domain_id,
expires_at_str, audit_ids, trust_id, group_ids, idp_id,
protocol_id, access_token_id, app_cred_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
expires_at_str = cls._convert_float_to_time_string(payload[2])
audit_ids = list(map(provider.base64_encode, payload[3]))
project_id = None
domain_id = None
trust_id = None
federated_info = None
return (user_id, methods, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_info)
def disassemble(cls, payload):
"""Disassemble an unscoped payload into the component data.
:param payload: the payload of an unscoped token
:return: a tuple containing the user_id, auth methods, expires_at, and
audit_ids
"""
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
methods = auth_plugins.convert_integer_to_method_list(payload[1])
expires_at_str = cls._convert_float_to_time_string(payload[2])
audit_ids = list(map(provider.base64_encode, payload[3]))
return (user_id, methods, expires_at_str, audit_ids)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
expires_at_str = cls._convert_float_to_time_string(payload[2])
audit_ids = list(map(provider.base64_encode, payload[3]))
project_id = None
domain_id = None
trust_id = None
federated_info = None
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
def disassemble(cls, payload):
"""Disassemble an unscoped payload into the component data.
:param payload: the payload of an unscoped token
:return: a tuple containing the user_id, auth methods, expires_at, and
audit_ids
"""
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
methods = auth_plugins.convert_integer_to_method_list(payload[1])
expires_at_str = cls._convert_float_to_time_string(payload[2])
audit_ids = list(map(provider.base64_encode, payload[3]))
return (user_id, methods, expires_at_str, audit_ids)
def disassemble(cls, payload):
"""Validate a trust-based payload.
:param token_string: a string representing the token
:returns: a tuple containing the user_id, auth methods, project_id,
expires_at_str, audit_ids, and trust_id
"""
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
methods = auth_plugins.convert_integer_to_method_list(payload[1])
project_id = cls.attempt_convert_uuid_bytes_to_hex(payload[2])
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
trust_id = cls.convert_uuid_bytes_to_hex(payload[5])
return (user_id, methods, project_id, expires_at_str, audit_ids,
trust_id)
def disassemble(cls, payload):
"""Validate a trust-based payload.
:param token_string: a string representing the token
:returns: a tuple containing the user_id, auth methods, project_id,
expires_at_str, audit_ids, and trust_id
"""
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
methods = auth_plugins.convert_integer_to_method_list(payload[1])
project_id = cls.attempt_convert_uuid_bytes_to_hex(payload[2])
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
trust_id = cls.convert_uuid_bytes_to_hex(payload[5])
return (user_id, methods, project_id, expires_at_str, audit_ids,
trust_id)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
group_ids = list(map(cls.unpack_group_id, payload[2]))
(is_stored_as_bytes, idp_id) = payload[3]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
protocol_id = payload[4]
expires_at_str = cls._convert_float_to_time_string(payload[5])
audit_ids = list(map(provider.base64_encode, payload[6]))
federated_info = dict(group_ids=group_ids, idp_id=idp_id, protocol_id=protocol_id)
project_id = None
domain_id = None
trust_id = None
return (user_id, methods, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_info)
def disassemble(cls, payload):
"""Disassemble a payload into the component data.
The tuple consists of::
(user_id, methods, expires_at_str)
* ``methods`` are the auth methods.
:param payload: this variant of payload
:returns: a tuple of the payloads component data
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
expires_at_str = cls._convert_float_to_time_string(payload[2])
return (user_id, methods, expires_at_str)
def disassemble(cls, payload):
"""Disassemble a payload into the component data.
The tuple consists of::
(user_id, methods, expires_at_str)
* ``methods`` are the auth methods.
:param payload: this variant of payload
:returns: a tuple of the payloads component data
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
expires_at_str = cls._convert_float_to_time_string(payload[2])
return (user_id, methods, expires_at_str)
def disassemble(cls, payload):
"""Disassemble a payload into the component data.
:param payload: the payload of a token
:return: a tuple containing the user_id, auth methods, project_id,
expires_at_str, and audit_ids
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, project_id) = payload[2]
if is_stored_as_bytes:
project_id = cls.attempt_convert_uuid_bytes_to_hex(project_id)
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
return (user_id, methods, project_id, expires_at_str, audit_ids)
def disassemble(cls, payload):
"""Disassemble a payload into the component data.
:param payload: the payload of a token
:return: a tuple containing the user_id, auth methods, project_id,
expires_at_str, and audit_ids
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
(is_stored_as_bytes, project_id) = payload[2]
if is_stored_as_bytes:
project_id = cls.attempt_convert_uuid_bytes_to_hex(project_id)
expires_at_str = cls._convert_int_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
return (user_id, methods, project_id, expires_at_str, audit_ids)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
group_ids = list(map(cls.unpack_group_id, payload[2]))
(is_stored_as_bytes, idp_id) = payload[3]
if is_stored_as_bytes:
idp_id = cls.convert_uuid_bytes_to_hex(idp_id)
protocol_id = payload[4]
expires_at_str = cls._convert_float_to_time_string(payload[5])
audit_ids = list(map(provider.base64_encode, payload[6]))
federated_info = dict(group_ids=group_ids,
idp_id=idp_id,
protocol_id=protocol_id)
project_id = None
domain_id = None
trust_id = None
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
try:
domain_id = cls.convert_uuid_bytes_to_hex(payload[2])
except ValueError:
# the default domain ID is configurable, and probably isn't a UUID
if payload[2] == CONF.identity.default_domain_id:
domain_id = payload[2]
else:
raise
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
project_id = None
trust_id = None
federated_info = None
return (user_id, methods, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_info)
def disassemble(cls, payload):
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
try:
domain_id = cls.convert_uuid_bytes_to_hex(payload[2])
except ValueError:
# the default domain ID is configurable, and probably isn't a UUID
if payload[2] == CONF.identity.default_domain_id:
domain_id = payload[2]
else:
raise
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
project_id = None
trust_id = None
federated_info = None
access_token_id = None
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info, access_token_id)
def disassemble(cls, payload):
"""Disassemble a payload into the component data.
:param payload: the payload of a token
:return: a tuple containing the user_id, auth methods, domain_id,
expires_at_str, and audit_ids
"""
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
methods = auth_plugins.convert_integer_to_method_list(payload[1])
try:
domain_id = cls.convert_uuid_bytes_to_hex(payload[2])
except ValueError:
# the default domain ID is configurable, and probably isn't a UUID
if payload[2] == CONF.identity.default_domain_id:
domain_id = payload[2]
else:
raise
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
return (user_id, methods, domain_id, expires_at_str, audit_ids)
def disassemble(cls, payload):
"""Disassemble a payload into the component data.
:param payload: the payload of a token
:return: a tuple containing the user_id, auth methods, domain_id,
expires_at_str, and audit_ids
"""
user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
methods = auth_plugins.convert_integer_to_method_list(payload[1])
try:
domain_id = cls.convert_uuid_bytes_to_hex(payload[2])
except ValueError:
# the default domain ID is configurable, and probably isn't a UUID
if payload[2] == CONF.identity.default_domain_id:
domain_id = payload[2]
else:
raise
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
return (user_id, methods, domain_id, expires_at_str, audit_ids)