def get_api_key(username, secret, endpoint_url=None):
# Try to use a client with username/api key
try:
client = Client(
username=username,
api_key=secret,
endpoint_url=endpoint_url,
timeout=5)
client['Account'].getCurrentUser()
return secret
except SoftLayerAPIError as e:
if 'invalid api token' not in e.faultString.lower():
raise
# Try to use a client with username/password
client = Client(endpoint_url=endpoint_url, timeout=5)
client.authenticate_with_password(username, secret)
user_record = client['Account'].getCurrentUser(
mask='id, apiAuthenticationKeys')
api_keys = user_record['apiAuthenticationKeys']
if len(api_keys) == 0:
return client['User_Customer'].addApiAuthenticationKey(
id=user_record['id'])
return api_keys[0]['authenticationKey']
def get_new_token(credentials):
username = lookup(credentials, 'auth', 'passwordCredentials', 'username')
credential = lookup(credentials, 'auth', 'passwordCredentials', 'password')
# If the 'password' is the right length, treat it as an API api_key
if len(credential) == 64:
client = Client(username=username, api_key=credential)
user = client['Account'].getCurrentUser(mask=USER_MASK)
return {'username': username,
'api_key': credential,
'auth_type': 'api_key',
'tenant_id': str(user['accountId']),
'expires': time.time() + (60 * 60 * 24)}, user
else:
client = Client()
client.auth = None
try:
userId, tokenHash = client.authenticate_with_password(username,
credential)
user = client['Account'].getCurrentUser(mask=USER_MASK)
return {'userId': userId,
'tokenHash': tokenHash,
'auth_type': 'token',
'tenant_id': str(user['accountId']),
'expires': time.time() + (60 * 60 * 24)}, user
except SoftLayerAPIError as e:
if e.faultCode == 'SoftLayer_Exception_User_Customer_LoginFailed':
raise Unauthorized(e.faultString)
raise
def get_api_key(username, secret, endpoint_url=None):
""" Tries API-Key and password auth to get (and potentially generate) an
API key. """
# Try to use a client with username/api key
try:
client = Client(username=username, api_key=secret, endpoint_url=endpoint_url, timeout=5)
client["Account"].getCurrentUser()
return secret
except SoftLayerAPIError as ex:
if "invalid api token" not in ex.faultString.lower():
raise
# Try to use a client with username/password
client = Client(endpoint_url=endpoint_url, timeout=5)
client.authenticate_with_password(username, secret)
user_record = client["Account"].getCurrentUser(mask="id, apiAuthenticationKeys")
api_keys = user_record["apiAuthenticationKeys"]
if len(api_keys) == 0:
return client["User_Customer"].addApiAuthenticationKey(id=user_record["id"])
return api_keys[0]["authenticationKey"]
def authenticate_with_password(username, password, question_id=None,
answer=None):
client = Client()
try:
(user_id, user_hash) = client.authenticate_with_password(username,
password,
question_id,
answer)
session['sl_user_id'] = user_id
session['sl_user_hash'] = user_hash
except SoftLayerAPIError as e:
c = 'SoftLayer_Exception_User_Customer_InvalidSecurityQuestionAnswer'
if e.faultCode == c:
return 'security_question'
return False
return True
def authenticate_with_password(username,
password,
question_id=None,
answer=None):
client = Client()
try:
(user_id, user_hash) = client.authenticate_with_password(
username, password, question_id, answer)
session['sl_user_id'] = user_id
session['sl_user_hash'] = user_hash
except SoftLayerAPIError as e:
c = 'SoftLayer_Exception_User_Customer_InvalidSecurityQuestionAnswer'
if e.faultCode == c:
return 'security_question'
return False
return True
def get_new_token_v3(credentials):
credential = lookup(credentials, 'auth', 'identity', 'password', 'user',
'password')
username = lookup(credentials, 'auth', 'identity', 'password', 'user',
'name')
def assert_tenant(user):
tenant = lookup(credentials, 'auth', 'tenantId')
if tenant and str(user['accountId']) != tenant:
raise Unauthorized('Invalid username, password or tenant id')
# If the 'password' is the right length, treat it as an API api_key
if len(credential) == 64:
client = Client(username=username, api_key=credential)
user = client['Account'].getCurrentUser(mask=USER_MASK)
assert_tenant(user)
return {
'username': username,
'api_key': credential,
'auth_type': 'api_key',
'tenant_id': str(user['accountId']),
'expires': time.time() + (60 * 60 * 24)
}, user
else:
client = Client()
client.auth = None
try:
userId, tokenHash = client.authenticate_with_password(
username, credential)
user = client['Account'].getCurrentUser(mask=USER_MASK)
assert_tenant(user)
return {
'userId': userId,
'tokenHash': tokenHash,
'auth_type': 'token',
'tenant_id': str(user['accountId']),
'expires': time.time() + (60 * 60 * 24)
}, user
except SoftLayerAPIError as e:
if e.faultCode == 'SoftLayer_Exception_User_Customer_LoginFailed':
raise Unauthorized(e.faultString)
raise
def authenticate(self, creds):
username = lookup(creds, "auth", "passwordCredentials", "username")
credential = lookup(creds, "auth", "passwordCredentials", "password")
token_id = lookup(creds, "auth", "token", "id")
if token_id:
token = identity.token_id_driver().token_from_id(token_id)
token_driver = identity.token_driver()
token_driver.validate_token(token)
username = token_driver.username(token)
credential = token_driver.credential(token)
def assert_tenant(user):
tenant = lookup(creds, "auth", "tenantId") or lookup(creds, "auth", "tenantName")
if tenant and str(user["accountId"]) != tenant:
raise Unauthorized("Invalid username, password or tenant id")
# If the 'password' is the right length, treat it as an API api_key
if len(credential) == 64:
client = Client(
username=username,
api_key=credential,
endpoint_url=cfg.CONF["softlayer"]["endpoint"],
proxy=cfg.CONF["softlayer"]["proxy"],
)
user = client["Account"].getCurrentUser(mask=USER_MASK)
assert_tenant(user)
return {"user": user, "credential": credential, "auth_type": "api_key"}
else:
client = Client(endpoint_url=cfg.CONF["softlayer"]["endpoint"], proxy=cfg.CONF["softlayer"]["proxy"])
client.auth = None
try:
userId, tokenHash = client.authenticate_with_password(username, credential)
user = client["Account"].getCurrentUser(mask=USER_MASK)
assert_tenant(user)
return {"user": user, "credential": tokenHash, "auth_type": "token"}
except SoftLayerAPIError as e:
if e.faultCode == "SoftLayer_Exception_User_Customer" "_LoginFailed":
raise Unauthorized(e.faultString)
raise
