def test_validate_client_token(self):
test_redis = get_auth_redis_client()
self.assertIsNotNone(test_redis)
retval, token = validate_client_token(
test_redis, url='http://mockurl',
tenant='tenant-id', cache_key='cache-key')
self.assertFalse(retval)
self.assertIsNone(token)
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_redis_getdata):
retval, token = validate_client_token(
test_redis,
url='http://mockurl',
tenant='tenant-id',
cache_key='cache-key')
self.assertTrue(retval)
self.assertEqual(token, 'the-token')
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_redis_getdata_expired):
retval, token = validate_client_token(
test_redis,
url='http://mockurl',
tenant='tenant-id',
cache_key='cache-key')
self.assertFalse(retval)
self.assertIsNone(token)
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_exception):
retval, token = validate_client_token(
test_redis, url='http://mockurl',
tenant='tenant-id', cache_key='cache-key')
self.assertFalse(retval)
self.assertIsNone(token)
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_redis_getdata):
with mock.patch.object(dateutil.parser, 'parse',
side_effect=side_effect_exception):
retval, token = validate_client_token(test_redis,
url='http://mockurl',
tenant='tenant-id',
cache_key='cache-key')
self.assertFalse(retval)
self.assertIsNone(token)
def middleware(env, start_response):
# Inject transaction-id into the response headers.
def transactionhook(status, headers, exc_info=None):
transaction = context.RequestContext()
setattr(local.store, 'context', transaction)
stealth.context.transaction = transaction
headers.append(('Transaction-ID', str(
stealth.context.transaction.request_id)))
return start_response(status, headers, exc_info)
try:
project_id = env['HTTP_X_PROJECT_ID']
token = ''
cache_key = ''
valid = False
if 'HTTP_X_AUTH_TOKEN' in env:
cache_key = env['HTTP_X_AUTH_TOKEN']
# Validate the input cache_key.
valid, token = token_validation.validate_client_token(redis_client,
auth_url, project_id, cache_key)
if valid:
env['X-AUTH-TOKEN'] = token
env.pop('HTTP_X_AUTH_TOKEN', cache_key)
return app(env, transactionhook)
# Validate the client with the impersonation token
valid, usertoken, cache_key = \
token_validation.validate_client_impersonation(
redis_client, auth_url, project_id, Admintoken)
if valid and usertoken and usertoken['token']:
# Inject cahce_key as the auth token into the response headers.
def custom_start_response(status, headers, exc_info=None):
headers.append(('HTTP_X_AUTH_TOKEN', str(cache_key)))
return transactionhook(status, headers, exc_info)
token = usertoken['token']
env['X-AUTH-TOKEN'] = token
LOG.debug(('Middleware: Auth Token validated.'))
return app(env, custom_start_response)
else:
# Validation failed for some reason, just error out as a 401
LOG.error(('Middleware: Auth Token validation failed.'))
return _http_unauthorized(start_response)
except (KeyError, LookupError):
# Header failure, error out with 412
LOG.error(('Middleware: Missing required headers.'))
return _http_precondition_failed(start_response)
def auth(self, req, resp):
try:
auth_token = None
valid = False
cache_key = None
project_id = req.headers['X-PROJECT-ID']
if 'X-AUTH-TOKEN' in req.headers:
cache_key = req.headers['X-AUTH-TOKEN']
valid, auth_token = token_validation.validate_client_token(
self.redis_client,
self.auth_url, project_id, cache_key)
if not valid:
valid, usertoken, cache_key =\
token_validation.validate_client_impersonation(
self.redis_client, self.auth_url, project_id,
self.Admintoken)
if not valid:
# Validation failed for some reason,
# just error out as a 401
LOG.error('Auth Token validation failed.')
return False, 'Auth Token validation failed.'
# WHY NOT? else if usertoken and usertoken['token']:
auth_token = usertoken['token']
#
# auth_token here is the real auth token from Keystone,
# It can be replaced in the user requests and forward
# to the service providers.
#
# req.headers['X-AUTH-TOKEN'] = auth_token
#
# validate the client and fill out the request it's valid
LOG.debug('Auth Token validated.')
# Return only generated hmac values back to the users.
return True, cache_key
except (KeyError, LookupError):
# Header failure, error out with 412
LOG.error('Missing required headers.')
return False, 'Missing required headers.'
def auth(env, start_response):
try:
project_id = env['HTTP_X_PROJECT_ID']
token = ''
cache_key = ''
valid = False
if 'HTTP_X_AUTH_TOKEN' in env:
cache_key = env['HTTP_X_AUTH_TOKEN']
valid, token = token_validation.validate_client_token(redis_client,
auth_url, project_id, cache_key)
if valid:
LOG.debug(('App: Auth Token validated.'))
start_response('204 No Content',
[])
return []
# validate the client and fill out the env
valid, usertoken, cache_key = \
token_validation.validate_client_impersonation(
redis_client, auth_url, project_id, Admintoken)
if valid and usertoken and usertoken['token']:
token = usertoken['token']
# env['X-AUTH-TOKEN'] = token
LOG.debug(('App: Auth Token validated.'))
start_response('204 No Content',
[('X-AUTH-TOKEN', cache_key)])
return []
# Validation failed. Error out as a 401
LOG.error(('App: Auth Token validation failed.'))
return _http_unauthorized(start_response)
except (KeyError, LookupError):
# Header failure, error out with 412
LOG.error(('App: Missing required headers.'))
return _http_precondition_failed(start_response)
