def get_user(request):
try:
user_id = request.session[auth.SESSION_KEY]
backend_path = request.session[auth.BACKEND_SESSION_KEY]
backend = auth.load_backend(backend_path)
backend.request = request
user = backend.get_user(user_id) or AnonymousUser()
LOG.debug("user %s", user)
request.session.set_expiry(settings.SESSION_TIMEOUT)
LOG.debug("setting expiry to :%s", settings.SESSION_TIMEOUT)
except KeyError:
shib_header = None
for possible_header in settings.SHIB_HEADERS:
if possible_header in request.META and request.META.get(
possible_header):
shib_header = possible_header
break
if shib_header is not None:
LOG.debug("Shibboleth header is set")
LOG.debug("username %s", request.META.get(shib_header))
keystone = KeystoneBackend()
try:
user = keystone.authenticate(
password='******',
username=request.META.get(shib_header),
auth_url=settings.OPENSTACK_KEYSTONE_URL,
request=request)
user.backend = 'openstack_auth.backend.KeystoneBackend'
login(request, user)
except (keystone_exceptions.Unauthorized, KeystoneAuthException):
user = UnregisteredUser('Shibboleth',
request.META.get(shib_header))
else:
user = AnonymousUser()
return user
def get_user(request):
try:
user_id = request.session[auth.SESSION_KEY]
backend_path = request.session[auth.BACKEND_SESSION_KEY]
backend = auth.load_backend(backend_path)
backend.request = request
user = backend.get_user(user_id) or AnonymousUser()
request.session.set_expiry(settings.SESSION_TIMEOUT)
except KeyError:
shib_header = None
for possible_header in settings.SHIB_HEADERS:
if possible_header in request.META and request.META.get(
possible_header):
shib_header = possible_header
break
if shib_header is not None:
LOG.debug("Shibboleth header is set")
LOG.debug("username %s", request.META.get(shib_header))
keystone = KeystoneBackend()
try:
user = keystone.authenticate(password=settings.TUKEY_PASSWORD,
username="******" % request.META.get(shib_header),
auth_url=settings.OPENSTACK_KEYSTONE_URL,
request=request)
user.backend = 'openstack_auth.backend.KeystoneBackend'
user.identifier = request.META.get(shib_header)
login(request, user)
except (keystone_exceptions.Unauthorized, KeystoneAuthException):
user = UnregisteredUser('Shibboleth',
request.META.get(shib_header))
else:
user = AnonymousUser()
return user
def authenticate(self, code=None, group=None, openid=None, provider=None,
request=None):
""" Reads in a code and asks Provider if it's valid and
what user it points to. """
keystone = KeystoneBackend()
self.keystone = keystone
try:
profile_handle = getattr(self, '_get_%s_profile' % provider)
except AttributeError:
LOG.warn("Need to define _get_%s_profile function." % provider)
return
user_profile = profile_handle(code=code, openid=openid,
request=request)
if not user_profile:
return
if not user_profile['valid']:
msg = "Failed to login, you are not in %s group: %s" % (provider,
group)
messages.error(request, msg)
return
external_id = user_profile['user_id']
external_email = user_profile['user_email']
access_token = user_profile['access_token']
username = "******" % (provider, external_id)
tenant_name = username
password = ""
try:
# Try and find existing user
external_user = ExternalProfile.objects.get(external_id=external_id)
user = external_user.user
# Update access_token
external_user.access_token = access_token
password = external_user.password
external_user.save()
LOG.info("User: %s exists" % username)
except ExternalProfile.DoesNotExist:
LOG.info("User: %s not exists, creating..." % username)
# No existing user
try:
user = User.objects.create_user(username, external_email)
except IntegrityError:
# Username already exists, make it unique
existing_user = User.objects.get(username=username)
existing_user.delete()
user = User.objects.create_user(username, external_email)
user.save()
password = "".join([random.choice(
string.ascii_lowercase + string.digits)
for i in range(8)])
try:
# Create the UserProfile
external_user = ExternalProfile(user=user,
external_id=external_id,
access_token=access_token,
password=password)
keystone_admin = self._admin_client()
tenant = keystone_admin.tenants.create(tenant_name,
"Auto created account",
True)
user = keystone_admin.users.create(tenant_name,
password,
external_email,
tenant.id,
True)
member_user_role = settings.MEMBER_USER_ROLE
keystone_admin.roles.add_user_role(user.id,
member_user_role,
tenant.id)
external_user.tenant_id = tenant.id
external_user.save()
except Exception as e:
LOG.warn("Error creating user: %s, error: %s" % (username, e))
return
try:
user = keystone.authenticate(request=request,
username=username,
password=password,
tenant=None,
auth_url=settings.OPENSTACK_KEYSTONE_URL)
return user
except Exception as e:
messages.error(request, "Failed to login: %s" % e)
def authenticate(self,
code=None,
group=None,
openid=None,
provider=None,
request=None):
""" Reads in a code and asks Provider if it's valid and
what user it points to. """
keystone = KeystoneBackend()
self.keystone = keystone
try:
profile_handle = getattr(self, '_get_%s_profile' % provider)
except AttributeError:
LOG.warn("Need to define _get_%s_profile function." % provider)
return
user_profile = profile_handle(code=code,
openid=openid,
request=request)
if not user_profile:
return
if not user_profile['valid']:
msg = "Failed to login, you are not in %s group: %s" % (provider,
group)
messages.error(request, msg)
return
external_id = user_profile['user_id']
external_email = user_profile['user_email']
access_token = user_profile['access_token']
username = "******" % (provider, external_id)
tenant_name = username
password = ""
try:
# Try and find existing user
external_user = ExternalProfile.objects.get(
external_id=external_id)
user = external_user.user
# Update access_token
external_user.access_token = access_token
password = external_user.password
external_user.save()
LOG.info("User: %s exists" % username)
except ExternalProfile.DoesNotExist:
LOG.info("User: %s not exists, creating..." % username)
# No existing user
try:
user = User.objects.create_user(username, external_email)
except IntegrityError:
# Username already exists, make it unique
existing_user = User.objects.get(username=username)
existing_user.delete()
user = User.objects.create_user(username, external_email)
user.save()
password = "".join([
random.choice(string.ascii_lowercase + string.digits)
for i in range(8)
])
try:
# Create the UserProfile
external_user = ExternalProfile(user=user,
external_id=external_id,
access_token=access_token,
password=password)
keystone_admin = self._admin_client()
tenant = keystone_admin.tenants.create(tenant_name,
"Auto created account",
True)
user = keystone_admin.users.create(tenant_name, password,
external_email, tenant.id,
True)
member_user_role = settings.MEMBER_USER_ROLE
keystone_admin.roles.add_user_role(user.id, member_user_role,
tenant.id)
external_user.tenant_id = tenant.id
external_user.save()
except Exception as e:
LOG.warn("Error creating user: %s, error: %s" % (username, e))
return
try:
user = keystone.authenticate(
request=request,
username=username,
password=password,
tenant=None,
auth_url=settings.OPENSTACK_KEYSTONE_URL)
return user
except Exception as e:
messages.error(request, "Failed to login: %s" % e)
def authenticate(self, token=None, openid=None, request=None):
""" Reads in a Sina/Tencent code and asks Sina/Tencent
if it's valid and what user it points to. """
keystone = KeystoneBackend()
self.keystone = keystone
# Sina weibo does not need `openid`
if not openid:
user_profile = self._get_sina_profile(token=token, request=request)
else:
user_profile = self._get_tencent_profile(token=token,
openid=openid,
request=request)
if not user_profile:
return
if not user_profile['valid']:
return
external_id = user_profile['user_id']
external_email = user_profile['user_email']
access_token = user_profile['access_token']
if not openid:
username = "******" % external_id
tenant_name = "sina_%s" % external_id
else:
username = "******" % external_id
tenant_name = "tencent_%s" % external_id
password = ""
try:
# Try and find existing user
external_user = ExternalProfile.objects.get(external_id=external_id)
user = external_user.user
# Update access_token
external_user.access_token = access_token
password = external_user.password
external_user.save()
except ExternalProfile.DoesNotExist:
# No existing user
try:
try:
user = User.objects.create_user(username, external_email)
except IntegrityError:
# Username already exists, make it unique
existing_user = User.objects.get(username=username)
existing_user.delete()
user = User.objects.create_user(username, external_email)
user.save()
password = "".join([random.choice(
string.ascii_lowercase + string.digits)
for i in range(8)])
# Create the UserProfile
external_user = ExternalProfile(user=user,
external_id=external_id,
access_token=access_token,
password=password)
keystone_admin = self._admin_client()
tenant = keystone_admin.tenants.create(tenant_name,
"Auto created account",
True)
user = keystone_admin.users.create(tenant_name,
password,
external_email,
tenant.id,
True)
member_user_role = settings.MEMBER_USER_ROLE
keystone_admin.roles.add_user_role(user.id,
member_user_role,
tenant.id)
external_user.tenant_id = tenant.id
external_user.save()
except:
external_user.delete()
try:
user = keystone.authenticate(request=request,
username=username,
password=password,
tenant=None,
auth_url=settings.OPENSTACK_KEYSTONE_URL)
return user
except Exception as e:
messages.error(request, "Failed to login: %s" % e)
