def __validate_unscoped_token(self, token_id, belongs_to=None):
(token, user) = self.__validate_token(token_id, belongs_to)
if token.tenant_id:
raise fault.ForbiddenFault("Expecting unscoped token")
return (token, user)
def delete_tenant(self, admin_token, tenant_id):
self.__validate_admin_token(admin_token)
dtenant = api.TENANT.get(tenant_id)
if dtenant == None:
raise fault.ItemNotFoundFault("The tenant could not be found")
if not api.TENANT.is_empty(tenant_id):
raise fault.ForbiddenFault("You may not delete a tenant that "
"contains get_users")
api.TENANT.delete(dtenant.id)
return None
def __validate_token(self, token_id, belongs_to=None, is_check_token=None):
"""
Method to validate a token.
token_id -- value of actual token that need to be validated.
belngs_to -- optional tenant_id to check whether the token is
mapped to a specific tenant.
is_check_token -- optional argument that tells whether
we check the existence of a Token using another Token
to authenticate.This value decides the faults that are to be thrown.
"""
if not token_id:
raise fault.UnauthorizedFault("Missing token")
(token, user) = self.__get_dauth_data(token_id)
if not token:
if is_check_token:
raise fault.ItemNotFoundFault("Token does not exist.")
else:
raise fault.UnauthorizedFault(
"Bad token, please reauthenticate")
if token.expires < datetime.now():
if is_check_token:
raise fault.ItemNotFoundFault("Token expired, please renew.")
else:
raise fault.ForbiddenFault("Token expired, please renew.")
if not user.enabled:
raise fault.UserDisabledFault("User %s has been disabled!" %
user.id)
if user.tenant_id:
self.__validate_tenant_by_id(user.tenant_id)
if token.tenant_id:
self.__validate_tenant_by_id(token.tenant_id)
if belongs_to and unicode(token.tenant_id) != unicode(belongs_to):
raise fault.UnauthorizedFault("Unauthorized on this tenant")
return (token, user)