Beispiel #1
0
 def get_user(self, user_id):
     """ Just returns the user of a given ID. """
     try:
         keystone = KeystoneBackend()
         keystone.request = self.request
     except:
         return None
     return keystone.get_user(user_id)
 def get_user(self, user_id):
     """ Just returns the user of a given ID. """
     try:
         keystone = KeystoneBackend()
         keystone.request = self.request
     except:
         return None
     return keystone.get_user(user_id)
Beispiel #3
0
def get_user(request):
    try:
        user_id = request.session[auth.SESSION_KEY]
        backend_path = request.session[auth.BACKEND_SESSION_KEY]
        backend = auth.load_backend(backend_path)
        backend.request = request
        user = backend.get_user(user_id) or AnonymousUser()
        LOG.debug("user %s", user)

        request.session.set_expiry(settings.SESSION_TIMEOUT)

        LOG.debug("setting expiry to :%s", settings.SESSION_TIMEOUT)

    except KeyError:
        shib_header = None
        for possible_header in settings.SHIB_HEADERS:
            if possible_header in request.META and request.META.get(
                    possible_header):
                shib_header = possible_header
                break

        if shib_header is not None:

            LOG.debug("Shibboleth header is set")
            LOG.debug("username %s", request.META.get(shib_header))

            keystone = KeystoneBackend()
            try:
                user = keystone.authenticate(
                    password='******',
                    username=request.META.get(shib_header),
                    auth_url=settings.OPENSTACK_KEYSTONE_URL,
                    request=request)
                user.backend = 'openstack_auth.backend.KeystoneBackend'
                login(request, user)
            except (keystone_exceptions.Unauthorized, KeystoneAuthException):
                user = UnregisteredUser('Shibboleth',
                                        request.META.get(shib_header))

        else:
            user = AnonymousUser()
    return user
def get_user(request):

    try:
        user_id = request.session[auth.SESSION_KEY]
        backend_path = request.session[auth.BACKEND_SESSION_KEY]
        backend = auth.load_backend(backend_path)
        backend.request = request
        user = backend.get_user(user_id) or AnonymousUser()

        request.session.set_expiry(settings.SESSION_TIMEOUT)


    except KeyError:
        shib_header = None


        for possible_header in settings.SHIB_HEADERS:
            if possible_header in request.META and request.META.get(
                possible_header):
                shib_header = possible_header
                break

        if shib_header is not None:
            LOG.debug("Shibboleth header is set")
            LOG.debug("username %s", request.META.get(shib_header))
            keystone = KeystoneBackend()
            try:
                user = keystone.authenticate(password=settings.TUKEY_PASSWORD,
                    username="******" % request.META.get(shib_header),
                    auth_url=settings.OPENSTACK_KEYSTONE_URL,
                    request=request)
                user.backend = 'openstack_auth.backend.KeystoneBackend'
                user.identifier = request.META.get(shib_header)
                login(request, user)
            except (keystone_exceptions.Unauthorized, KeystoneAuthException):
                user = UnregisteredUser('Shibboleth',
                    request.META.get(shib_header))


        else:
            user = AnonymousUser()
    return user
    def authenticate(self, code=None, group=None, openid=None, provider=None,
                     request=None):
        """ Reads in a code and asks Provider if it's valid and
        what user it points to. """
        keystone = KeystoneBackend()
        self.keystone = keystone
        try:
            profile_handle = getattr(self, '_get_%s_profile' % provider)
        except AttributeError:
            LOG.warn("Need to define _get_%s_profile function." % provider)
            return
        user_profile = profile_handle(code=code, openid=openid,
                                      request=request)
        if not user_profile:
            return
        if not user_profile['valid']:
            msg = "Failed to login, you are not in %s group: %s" % (provider,
                                                                    group)
            messages.error(request, msg)
            return

        external_id = user_profile['user_id']
        external_email = user_profile['user_email']
        access_token = user_profile['access_token']

        username = "******" % (provider, external_id)
        tenant_name = username
        password = ""
        try:
            # Try and find existing user
            external_user = ExternalProfile.objects.get(external_id=external_id)
            user = external_user.user
            # Update access_token
            external_user.access_token = access_token
            password = external_user.password
            external_user.save()
            LOG.info("User: %s exists" % username)
        except ExternalProfile.DoesNotExist:
            LOG.info("User: %s not exists, creating..." % username)
            # No existing user
            try:
                user = User.objects.create_user(username, external_email)
            except IntegrityError:
                # Username already exists, make it unique
                existing_user = User.objects.get(username=username)
                existing_user.delete()
                user = User.objects.create_user(username, external_email)
            user.save()

            password = "".join([random.choice(
                                    string.ascii_lowercase + string.digits)
                               for i in range(8)])
            try:
                # Create the UserProfile
                external_user = ExternalProfile(user=user,
                                            external_id=external_id,
                                            access_token=access_token,
                                            password=password)
                keystone_admin = self._admin_client()

                tenant = keystone_admin.tenants.create(tenant_name,
                                                      "Auto created account",
                                                       True)
                user = keystone_admin.users.create(tenant_name,
                                                   password,
                                                   external_email,
                                                   tenant.id,
                                                   True)
                member_user_role = settings.MEMBER_USER_ROLE
                keystone_admin.roles.add_user_role(user.id,
                                                   member_user_role,
                                                   tenant.id)
                external_user.tenant_id = tenant.id
                external_user.save()
            except Exception as e:
                LOG.warn("Error creating user: %s, error: %s" % (username, e))
                return
        try:
            user = keystone.authenticate(request=request,
                                    username=username,
                                    password=password,
                                    tenant=None,
                                    auth_url=settings.OPENSTACK_KEYSTONE_URL)
            return user
        except Exception as e:
            messages.error(request, "Failed to login: %s" % e)
Beispiel #6
0
    def authenticate(self, token=None, request=None):
        """ Reads in a Facebook code and asks Facebook
            if it's valid and what user it points to. """
        logger.error('test')
        keystone = KeystoneBackend()
        self.keystone = keystone

        # Get a legit access token from Facebook
        access_token, fb_profile = self.facebook_get_token_profile(
            token, request)
        if not access_token:
            # No access token means failed auth to FB
            msg = _("Facebook login invalid or Token Expired")
            messages.error(request, msg)
            logger.error(msg)
            return None

        facebook_id = fb_profile['id']

        # verify TryStack group membership
        if not self.facebook_trystack_group_member(access_token):
            msg = _(
                "Facebook id %s is not a member of the TryStack Facebook group"
                % facebook_id)
            messages.error(request, msg)
            logger.error(msg)
            return None

        #### If we got here then auth and group membership are valid
        #### time to ensure the user exists and get a token

        # create user and tenant if they don't exist
        username = tenant_name = "facebook%s" % facebook_id
        password = "".join([
            random.choice(string.ascii_lowercase + string.digits)
            for i in range(8)
        ])
        if not self.keystone_user_exists(username):
            tenant = self.add_keystone_user(settings, tenant_name, password,
                                            fb_profile)
        else:
            tenant = self.get_keystone_tenant(tenant_name)

        # get a keystone token for the user (requires the custom auth filter)
        d = '{"auth":{"%s": "customer-x", "passwordCredentials": {"username": "******", "password": "******"}}}' % (
            username, username)
        url = "%s/tokens/" % self.keystone_get_endpoint('keystone', 'adminurl')
        headers = {
            'Content-Type': 'application/json; charset=UTF-8',
            'X-Auth-Token': settings.ADMIN_TOKEN
        }
        resp, content = Http().request(uri=url,
                                       method="POST",
                                       headers=headers,
                                       body=d)

        # load the token, create a new client based on the token
        auth_json = json.loads(content)['access']
        client = keystone_client.Client(
            username=username,
            tenant_name=username,
            token=auth_json['token']['id'],
            auth_url=settings.OPENSTACK_KEYSTONE_URL)
        # use the client and token to create a Token object
        token = Token(auth_ref=client.auth_ref)
        # generate a django user (this is how openstack_auth.backend does it too)
        user = create_user_from_token(request, token,
                                      settings.OPENSTACK_KEYSTONE_URL)
        #client.service_catalog.url_for(endpoint_type='publicURL'))
        return user
    def authenticate(self,
                     code=None,
                     group=None,
                     openid=None,
                     provider=None,
                     request=None):
        """ Reads in a code and asks Provider if it's valid and
        what user it points to. """
        keystone = KeystoneBackend()
        self.keystone = keystone
        try:
            profile_handle = getattr(self, '_get_%s_profile' % provider)
        except AttributeError:
            LOG.warn("Need to define _get_%s_profile function." % provider)
            return
        user_profile = profile_handle(code=code,
                                      openid=openid,
                                      request=request)
        if not user_profile:
            return
        if not user_profile['valid']:
            msg = "Failed to login, you are not in %s group: %s" % (provider,
                                                                    group)
            messages.error(request, msg)
            return

        external_id = user_profile['user_id']
        external_email = user_profile['user_email']
        access_token = user_profile['access_token']

        username = "******" % (provider, external_id)
        tenant_name = username
        password = ""
        try:
            # Try and find existing user
            external_user = ExternalProfile.objects.get(
                external_id=external_id)
            user = external_user.user
            # Update access_token
            external_user.access_token = access_token
            password = external_user.password
            external_user.save()
            LOG.info("User: %s exists" % username)
        except ExternalProfile.DoesNotExist:
            LOG.info("User: %s not exists, creating..." % username)
            # No existing user
            try:
                user = User.objects.create_user(username, external_email)
            except IntegrityError:
                # Username already exists, make it unique
                existing_user = User.objects.get(username=username)
                existing_user.delete()
                user = User.objects.create_user(username, external_email)
            user.save()

            password = "".join([
                random.choice(string.ascii_lowercase + string.digits)
                for i in range(8)
            ])
            try:
                # Create the UserProfile
                external_user = ExternalProfile(user=user,
                                                external_id=external_id,
                                                access_token=access_token,
                                                password=password)
                keystone_admin = self._admin_client()

                tenant = keystone_admin.tenants.create(tenant_name,
                                                       "Auto created account",
                                                       True)
                user = keystone_admin.users.create(tenant_name, password,
                                                   external_email, tenant.id,
                                                   True)
                member_user_role = settings.MEMBER_USER_ROLE
                keystone_admin.roles.add_user_role(user.id, member_user_role,
                                                   tenant.id)
                external_user.tenant_id = tenant.id
                external_user.save()
            except Exception as e:
                LOG.warn("Error creating user: %s, error: %s" % (username, e))
                return
        try:
            user = keystone.authenticate(
                request=request,
                username=username,
                password=password,
                tenant=None,
                auth_url=settings.OPENSTACK_KEYSTONE_URL)
            return user
        except Exception as e:
            messages.error(request, "Failed to login: %s" % e)
Beispiel #8
0
    def authenticate(self, token=None, openid=None, request=None):
        """ Reads in a Sina/Tencent code and asks Sina/Tencent
            if it's valid and what user it points to. """
        keystone = KeystoneBackend()
        self.keystone = keystone
        # Sina weibo does not need `openid`
        if not openid:
            user_profile = self._get_sina_profile(token=token, request=request)
        else:
            user_profile = self._get_tencent_profile(token=token,
                                                     openid=openid,
                                                     request=request)
        if not user_profile:
            return
        if not user_profile['valid']:
            return

        external_id = user_profile['user_id']
        external_email = user_profile['user_email']
        access_token = user_profile['access_token']

        if not openid:
            username = "******" % external_id
            tenant_name = "sina_%s" % external_id
        else:
            username = "******" % external_id
            tenant_name = "tencent_%s" % external_id

        password = ""
        try:
            # Try and find existing user
            external_user = ExternalProfile.objects.get(external_id=external_id)
            user = external_user.user
            # Update access_token
            external_user.access_token = access_token
            password = external_user.password
            external_user.save()
        except ExternalProfile.DoesNotExist:
            # No existing user
            try:
                try:
                    user = User.objects.create_user(username, external_email)
                except IntegrityError:
                    # Username already exists, make it unique
                    existing_user = User.objects.get(username=username)
                    existing_user.delete()
                    user = User.objects.create_user(username, external_email)
                user.save()

                password = "".join([random.choice(
                                        string.ascii_lowercase + string.digits)
                                   for i in range(8)])
                # Create the UserProfile
                external_user = ExternalProfile(user=user,
                                                external_id=external_id,
                                                access_token=access_token,
                                                password=password)
                keystone_admin = self._admin_client()

                tenant = keystone_admin.tenants.create(tenant_name,
                                                       "Auto created account",
                                                       True)
                user = keystone_admin.users.create(tenant_name,
                                                   password,
                                                   external_email,
                                                   tenant.id,
                                                   True)
                member_user_role = settings.MEMBER_USER_ROLE
                keystone_admin.roles.add_user_role(user.id,
                                                   member_user_role,
                                                   tenant.id)
                external_user.tenant_id = tenant.id
                external_user.save()
            except:
                external_user.delete()

        try:
            user = keystone.authenticate(request=request,
                                    username=username,
                                    password=password,
                                    tenant=None,
                                    auth_url=settings.OPENSTACK_KEYSTONE_URL)
            return user
        except Exception as e:
            messages.error(request, "Failed to login: %s" % e)
    def authenticate(self, token=None, request=None):
        """ Reads in a Facebook code and asks Facebook
            if it's valid and what user it points to. """
        keystone = KeystoneBackend()
        self.keystone = keystone
        args = {
            'client_id': settings.FACEBOOK_APP_ID,
            'client_secret': settings.FACEBOOK_APP_SECRET,
            'redirect_uri': request.build_absolute_uri(
                reverse('horizon.facebook.views.authentication_callback')),
            'code': token,
        }
        # Get a legit access token
        target = urllib.urlopen(
                'https://graph.facebook.com/oauth/access_token?'
                + urllib.urlencode(args)).read()
        response = cgi.parse_qs(target)
        if 'access_token' not in response:
            messages.error(
                request, _("Token Expired, please login again."))
            return None
        access_token = response['access_token'][-1]

        # Read the user's profile information
        fb_profile = urllib.urlopen(
                'https://graph.facebook.com/me?access_token=%s' % access_token)
        fb_profile = json.load(fb_profile)
        tenant_id = None
        password = ""
        try:
            # Try and find existing user
            fb_user = FacebookProfile.objects.get(facebook_id=fb_profile['id'])
            user = fb_user.user
            # Update access_token
            fb_user.access_token = access_token
            password = fb_user.password
            tenant_id = fb_user.tenant_id
            fb_user.save()
        except FacebookProfile.DoesNotExist:
            # No existing user
            try:
                facebook_id = fb_profile['id']
                username = "******" % facebook_id
                try:
                    user = User.objects.create_user(username, fb_profile['email'])
                except IntegrityError:
                    # Username already exists, make it unique
                    existing_user = User.objects.get(username=username)
                    existing_user.delete()
                    user = User.objects.create_user(username, fb_profile['email'])
                user.save()

                password = "".join([random.choice(
                                        string.ascii_lowercase + string.digits)
                                   for i in range(8)])
                # Create the FacebookProfile
                fb_user = FacebookProfile(user=user, facebook_id=fb_profile['id'],
                                          access_token=access_token,
                                          password=password)
                tenant_name = "facebook%s" % fb_profile['id']
                if not self.keystone_user_exists(username):
                    tenant = self.add_keystone_user(settings, tenant_name, password, fb_profile)
                else:
                    tenant = self.get_keystone_tenant(settings, tenant_name)
                fb_user.tenant_id = tenant.id
                tenant_id = fb_user.tenant_id
                fb_user.save()
            except Exception, e:
                messages.error(request, e)
                fb_user.delete()