Exemple #1
0
    def test_login_no_tenants(self):
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'
        TOKEN_ID = 1

        form_data = {'method': 'Login',
                    'password': self.PASSWORD,
                    'username': self.TEST_USER}

        self.mox.StubOutWithMock(api, 'token_create')
        aToken = self.mox.CreateMock(api.Token)
        aToken.id = TOKEN_ID
        aToken.user = { 'roles': [{'name': 'fake'}]}
        aToken.serviceCatalog = {}
        api.token_create(IsA(http.HttpRequest), "", self.TEST_USER,
                         self.PASSWORD).AndReturn(aToken)

        aTenant = self.mox.CreateMock(api.Token)
        aTenant.id = NEW_TENANT_ID
        aTenant.name = NEW_TENANT_NAME

        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
                                  AndReturn([])

        self.mox.StubOutWithMock(messages, 'error')
        messages.error(IsA(http.HttpRequest), IsA(unicode))

        self.mox.ReplayAll()

        res = self.client.post(reverse('auth_login'), form_data)

        self.assertTemplateUsed(res, 'splash.html')

        self.mox.VerifyAll()
Exemple #2
0
    def test_gakunin_login_by_email(self):
        TOKEN_ID = 1
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'
        key = {}
        key['wsgi.url_scheme'] =  'https'
        key['email'] = '*****@*****.**'

        aToken = self.mox.CreateMock(api.Token)
        aToken.id = TOKEN_ID
        aToken.user = { 'roles': [{'name': 'fake'}]}
        aToken.serviceCatalog = {}
        self.mox.StubOutWithMock(api, 'token_create_by_email')
        api.token_create_by_email(IsA(http.HttpRequest), '*****@*****.**').AndReturn(aToken)
        
        aTenant = self.mox.CreateMock(api.Token)
        aTenant.id = NEW_TENANT_ID
        aTenant.name = NEW_TENANT_NAME

        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
                                  AndReturn([aTenant])

        self.mox.ReplayAll()
        res = self.client.get(reverse('gakunin_login'),  **key )
        self.assertEqual(res._headers['location'], ('Location', 'https://testserver:80/auth/login/'))
        #self.assertRedirectsNoFollow(res, reverse('auth_login'))
        self.mox.VerifyAll()
        self.mox.UnsetStubs()
Exemple #3
0
def auth_with_token(request, data, token_id, tenant_id = None, region=None, show_error=False):
    try:
        try:
            tenants = api.tenant_list_for_token_and_region(request, token_id, region)
        except api.ServiceCatalogException, e:
            tenants = api.tenant_list_for_token(request, token_id)

        if tenant_id:
            for t in tenants:
                if t.id == tenant_id:
                    tenant = t
        else:
            tenant = tenants[0] if len(tenants) else None

        # Abort if there are no valid tenants for this user
        if not tenant:
            messages.error(request, 'No tenants present for user: %s' %
                                    data['username'])
            return
        # Create a token
        LOG.info('tokencreate')
        token = api.token_create_scoped_with_token_and_region(request,
                                 tenant.id,
                                 token_id,
                                 region)

        # set tanent info for region
        set_tenant_for_region(request, tenant, region)

        return token
Exemple #4
0
def auth_with_token(request,
                    data,
                    token_id,
                    tenant_id=None,
                    region=None,
                    show_error=False):
    try:
        try:
            tenants = api.tenant_list_for_token_and_region(
                request, token_id, region)
        except api.ServiceCatalogException, e:
            tenants = api.tenant_list_for_token(request, token_id)

        if tenant_id:
            for t in tenants:
                if t.id == tenant_id:
                    tenant = t
        else:
            tenant = tenants[0] if len(tenants) else None

        # Abort if there are no valid tenants for this user
        if not tenant:
            messages.error(
                request, 'No tenants present for user: %s' % data['username'])
            return
        # Create a token
        LOG.info('tokencreate')
        token = api.token_create_scoped_with_token_and_region(
            request, tenant.id, token_id, region)

        # set tanent info for region
        set_tenant_for_region(request, tenant, region)

        return token
Exemple #5
0
    def handle(self, request, data):
        def is_admin(token):
            for role in token.user["roles"]:
                if role["name"].lower() == "admin":
                    return True
            return False

        try:
            if data.get("tenant"):
                token = api.token_create(request, data.get("tenant"), data["username"], data["password"])

                tenants = api.tenant_list_for_token(request, token.id)
                tenant = None
                for t in tenants:
                    if t.id == data.get("tenant"):
                        tenant = t
            else:
                token = api.token_create(request, "", data["username"], data["password"])

                # Unscoped token
                request.session["unscoped_token"] = token.id
                request.user.username = data["username"]

                def get_first_tenant_for_user():
                    tenants = api.tenant_list_for_token(request, token.id)
                    return tenants[0] if len(tenants) else None

                # Get the tenant list, and log in using first tenant
                # FIXME (anthony): add tenant chooser here?
                tenant = get_first_tenant_for_user()

                # Abort if there are no valid tenants for this user
                if not tenant:
                    messages.error(request, "No tenants present for user: %s" % data["username"])
                    return

                # Create a token
                token = api.token_create_scoped(request, tenant.id, token.id)

            request.session["admin"] = is_admin(token)
            request.session["serviceCatalog"] = token.serviceCatalog

            LOG.info('Login form for user "%s". Service Catalog data:\n%s' % (data["username"], token.serviceCatalog))

            request.session["tenant"] = tenant.name
            request.session["tenant_id"] = tenant.id
            request.session["token"] = token.id
            request.session["user"] = data["username"]

            return shortcuts.redirect("dash_overview")

        except api_exceptions.Unauthorized as e:
            msg = "Error authenticating: %s" % e.message
            LOG.exception(msg)
            messages.error(request, msg)
        except api_exceptions.ApiException as e:
            messages.error(request, "Error authenticating with keystone: %s" % e.message)
Exemple #6
0
    def test_login(self):
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'
        TOKEN_ID = 1

        form_data = {'method': 'Login',
                    'password': self.PASSWORD,
                    'username': self.TEST_USER}

        self.mox.StubOutWithMock(api, 'token_create')

        class FakeToken(object):
            id = TOKEN_ID,
            user = {"id": "1",
                    "roles": [{"id": "1", "name": "fake"}], "name": "user"}
            serviceCatalog = {}
            tenant = None
        aToken = api.Token(FakeToken())
        bToken = aToken

        api.token_create(IsA(http.HttpRequest), "", self.TEST_USER,
                         self.PASSWORD).AndReturn(aToken)

        aTenant = self.mox.CreateMock(api.Token)
        aTenant.id = NEW_TENANT_ID
        aTenant.name = NEW_TENANT_NAME
        bToken.tenant = {'id': aTenant.id, 'name': aTenant.name}

        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
                                  AndReturn([aTenant])

        self.mox.StubOutWithMock(api, 'token_create_scoped')
        api.token_create_scoped(IsA(http.HttpRequest), aTenant.id,
                                    aToken.id).AndReturn(bToken)

        self.mox.ReplayAll()

        res = self.client.post(reverse('auth_login'), form_data)

        self.assertRedirectsNoFollow(res, reverse('dash_overview'))

        self.mox.VerifyAll()
Exemple #7
0
    def test_switch_tenants(self):
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'
        TOKEN_ID = 1

        self.setActiveUser(self.TEST_TOKEN, self.TEST_USER, self.TEST_TENANT,
                           False, self.TEST_SERVICE_CATALOG)

        form_data = {'method': 'LoginWithTenant',
                     'password': self.PASSWORD,
                     'tenant': NEW_TENANT_ID,
                     'username': self.TEST_USER}

        self.mox.StubOutWithMock(api, 'token_create_with_region')
        #self.mox.StubOutWithMock(api, 'token_create')

        aTenant = self.mox.CreateMock(api.Token)
        aTenant.id = NEW_TENANT_ID
        aTenant.name = NEW_TENANT_NAME

        aToken = self.mox.CreateMock(api.Token)
        aToken.id = TOKEN_ID
        aToken.user = { 'roles': [{'name': 'fake'}]}
        aToken.serviceCatalog = {}

        api.token_create_with_region(IsA(http.HttpRequest), NEW_TENANT_ID, self.TEST_USER,
                         self.PASSWORD).AndReturn(aToken)

        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
                                  AndReturn([aTenant])


        self.mox.ReplayAll()

        res = self.client.post(reverse('auth_switch', args=[NEW_TENANT_ID]),
                               form_data)

        self.assertRedirectsNoFollow(res, reverse('dash_containers', args=[NEW_TENANT_ID]))
        self.assertEqual(self.client.session['tenant'], NEW_TENANT_NAME)

        self.mox.VerifyAll()
        self.mox.UnsetStubs()
Exemple #8
0
    def test_switch_tenants(self):
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'
        TOKEN_ID = 1

        self.setActiveUser(self.TEST_TOKEN, self.TEST_USER, self.TEST_TENANT,
                           False, self.TEST_SERVICE_CATALOG)

        form_data = {
            'method': 'LoginWithTenant',
            'password': self.PASSWORD,
            'tenant': NEW_TENANT_ID,
            'username': self.TEST_USER
        }

        self.mox.StubOutWithMock(api, 'token_create')

        aTenant = self.mox.CreateMock(api.Token)
        aTenant.id = NEW_TENANT_ID
        aTenant.name = NEW_TENANT_NAME

        aToken = self.mox.CreateMock(api.Token)
        aToken.id = TOKEN_ID
        aToken.user = {'roles': [{'name': 'fake'}]}
        aToken.serviceCatalog = {}

        api.token_create(IsA(http.HttpRequest), NEW_TENANT_ID, self.TEST_USER,
                         self.PASSWORD).AndReturn(aToken)

        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
                                  AndReturn([aTenant])

        self.mox.ReplayAll()

        res = self.client.post(reverse('auth_switch', args=[NEW_TENANT_ID]),
                               form_data)

        self.assertRedirectsNoFollow(res, reverse('dash_overview'))
        self.assertEqual(self.client.session['tenant'], NEW_TENANT_NAME)

        self.mox.VerifyAll()
Exemple #9
0
    def test_login(self):
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'
        TOKEN_ID = 1

        form_data = {
            'method': 'Login',
            'password': self.PASSWORD,
            'username': self.TEST_USER
        }

        self.mox.StubOutWithMock(api, 'token_create')
        aToken = api.Token(id=TOKEN_ID,
                           user={'roles': [{
                               'name': 'fake'
                           }]},
                           serviceCatalog={})
        bToken = aToken

        api.token_create(IsA(http.HttpRequest), "", self.TEST_USER,
                         self.PASSWORD).AndReturn(aToken)

        aTenant = self.mox.CreateMock(api.Token)
        aTenant.id = NEW_TENANT_ID
        aTenant.name = NEW_TENANT_NAME

        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
                                  AndReturn([aTenant])
        bToken.tenant_id = aTenant.id

        self.mox.StubOutWithMock(api, 'token_create_scoped')
        api.token_create_scoped(IsA(http.HttpRequest), aTenant.id,
                                aToken.id).AndReturn(bToken)

        self.mox.ReplayAll()

        res = self.client.post(reverse('auth_login'), form_data)

        self.assertRedirectsNoFollow(res, reverse('dash_overview'))

        self.mox.VerifyAll()
Exemple #10
0
def tenants(request):
    if not request.user or not request.user.is_authenticated():
        return {}

    try:
        return {'tenants': api.tenant_list_for_token(request,
                                                     request.user.token)}
    except api_exceptions.BadRequest, e:
        messages.error(request, _("Unable to retrieve tenant list from\
                                  keystone: %s") % e.message)
        return {'tenants': []}
Exemple #11
0
def tenants(request):
    if not request.user or not request.user.is_authenticated():
        return {}

    try:
        try:
            tenants = api.tenant_list_for_token_and_region(request, 
                       api.token_for_region(request),
                       request.session.get('region', None))
        except api.ServiceCatalogException, e:
            tenants = api.tenant_list_for_token(request, request.user.token)
        return {'tenants': tenants }
Exemple #12
0
def tenants(request):
    if not request.user or not request.user.is_authenticated():
        return {}

    try:
        try:
            tenants = api.tenant_list_for_token_and_region(
                request, api.token_for_region(request),
                request.session.get('region', None))
        except api.ServiceCatalogException, e:
            tenants = api.tenant_list_for_token(request, request.user.token)
        return {'tenants': tenants}
Exemple #13
0
    def test_login_no_tenants(self):
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'
        TOKEN_ID = 1

        form_data = {
            'method': 'Login',
            'password': self.PASSWORD,
            'username': self.TEST_USER
        }

        self.mox.StubOutWithMock(api, 'token_create')
        aToken = api.Token(id=TOKEN_ID,
                           user={'roles': [{
                               'name': 'fake'
                           }]},
                           serviceCatalog={})
        api.token_create(IsA(http.HttpRequest), "", self.TEST_USER,
                         self.PASSWORD).AndReturn(aToken)

        aTenant = self.mox.CreateMock(api.Token)
        aTenant.id = NEW_TENANT_ID
        aTenant.name = NEW_TENANT_NAME

        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
                                  AndReturn([])

        self.mox.StubOutWithMock(messages, 'error')
        messages.error(IsA(http.HttpRequest), IsA(unicode))

        self.mox.ReplayAll()

        res = self.client.post(reverse('auth_login'), form_data)

        self.assertTemplateUsed(res, 'splash.html')

        self.mox.VerifyAll()
Exemple #14
0
    def test_login(self):
        NEW_TENANT_ID = '6'
        NEW_TENANT_NAME = 'FAKENAME'
        TOKEN_ID = 1

        form_data = {'method': 'Login',
                    'password': self.PASSWORD,
                    'username': self.TEST_USER}

        self.mox.StubOutWithMock(api, 'token_create_with_region')
        aToken = self.mox.CreateMock(api.Token)
        aToken.id = TOKEN_ID
        aToken.user = { 'roles': [{'name': 'fake'}]}
        aToken.serviceCatalog = {}
        api.token_create_with_region(IsA(http.HttpRequest), "", self.TEST_USER,
                         self.PASSWORD).AndReturn(aToken)

        aTenant = self.mox.CreateMock(api.Token)
        aTenant.id = NEW_TENANT_ID
        aTenant.name = NEW_TENANT_NAME

        self.mox.StubOutWithMock(api, 'tenant_list_for_token')
        api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\
                                  AndReturn([aTenant])

        self.mox.StubOutWithMock(api, 'token_create_scoped_with_token_and_region')
        api.token_create_scoped_with_token_and_region(IsA(http.HttpRequest), aTenant.id,
                         aToken.id).AndReturn(aToken)


        self.mox.ReplayAll()

        res = self.client.post(reverse('auth_login'), form_data)

        self.assertRedirectsNoFollow(res, reverse('dash_containers', args=[NEW_TENANT_ID]))

        self.mox.VerifyAll()
        self.mox.UnsetStubs()
Exemple #15
0
 def get_first_tenant_for_user():
     for t in api.tenant_list_for_token(request, token.id):
         # FIXME (anthony)
         # keystone does the annoying 'always return everything
         # for admin users thing' which causes the following
         # annoying code block to exist (until that is fixed)
         if is_admin(token):
             for u in api.users_list_for_token_and_tenant(
                                     request, token.id, t.id):
                 if u.name == data['username']:
                     return t
         else:
             return t
     return None
Exemple #16
0
 def get_first_tenant_for_user():
     tenants = api.tenant_list_for_token(request, token.id)
     return tenants[0] if len(tenants) else None
Exemple #17
0
    def handle(self, request, data):

        def is_admin(token):
            for role in token.user['roles']:
                if role['name'].lower() == 'admin':
                    return True
            return False

        try:
            if data.get('tenant'):
                token = api.token_create(request,
                                         data.get('tenant'),
                                         data['username'],
                                         data['password'])

                tenants = api.tenant_list_for_token(request, token.id)
                tenant = None
                for t in tenants:
                    if t.id == data.get('tenant'):
                        tenant = t
            else:
                token = api.token_create(request,
                                         '',
                                         data['username'],
                                         data['password'])

                # Unscoped token
                request.session['unscoped_token'] = token.id
                request.user.username = data['username']

                def get_first_tenant_for_user():
                    tenants = api.tenant_list_for_token(request, token.id)
                    return tenants[0] if len(tenants) else None

                # Get the tenant list, and log in using first tenant
                # FIXME (anthony): add tenant chooser here?
                tenant = get_first_tenant_for_user()

                # Abort if there are no valid tenants for this user
                if not tenant:
                    messages.error(request,
                                   _('No tenants present for user: %(user)s') %
                                    {"user": data['username']})
                    return

                # Create a token
                token = api.token_create_scoped(request, tenant.id, token.id)


            request.session['admin'] = is_admin(token)
            request.session['serviceCatalog'] = token.serviceCatalog

            LOG.info('Login form for user "%s". Service Catalog data:\n%s' %
                     (data['username'], token.serviceCatalog))

            request.session['tenant'] = tenant.name
            request.session['tenant_id'] = tenant.id
            request.session['token'] = token.id
            request.session['user'] = data['username']

            return shortcuts.redirect('dash_overview')

        except api_exceptions.Unauthorized as e:
            msg = _('Error authenticating: %s') % e.message
            LOG.exception(msg)
            messages.error(request, msg)
        except api_exceptions.ApiException as e:
            messages.error(request,
                           _('Error authenticating with keystone: %s') %
                           e.message)
Exemple #18
0
    def handle(self, request, data):
        try:
            if data.get('tenant'):
                token = api.token_create(request,
                                         data.get('tenant'),
                                         data['username'],
                                         data['password'])

                tenants = api.tenant_list_for_token(request, token.id)
                tenant = None
                for t in tenants:
                    if t.id == data.get('tenant'):
                        tenant = t
            else:
                token = api.token_create(request,
                                         '',
                                         data['username'],
                                         data['password'])

                # Unscoped token
                request.session['unscoped_token'] = token.id
                request.user.username = data['username']

                # Get the tenant list, and log in using first tenant
                # FIXME (anthony): add tenant chooser here?
                tenants = api.tenant_list_for_token(request, token.id)

                # Abort if there are no valid tenants for this user
                if not tenants:
                    messages.error(request,
                                   _('No tenants present for user: %(user)s') %
                                    {"user": data['username']})
                    return

                # Create a token.
                # NOTE(gabriel): Keystone can return tenants that you're
                # authorized to administer but not to log into as a user, so in
                # the case of an Unauthorized error we should iterate through
                # the tenants until one succeeds or we've failed them all.
                while tenants:
                    tenant = tenants.pop()
                    try:
                        token = api.token_create_scoped(request,
                                                        tenant.id,
                                                        token.id)
                        break
                    except exceptions.Unauthorized as e:
                        token = None
                if token is None:
                    raise exceptions.Unauthorized(
                        _("You are not authorized for any available tenants."))

            LOG.info('Login form for user "%s". Service Catalog data:\n%s' %
                     (data['username'], token.serviceCatalog))
            _set_session_data(request, token)

            return shortcuts.redirect('dash_overview')

        except api_exceptions.Unauthorized as e:
            msg = _('Error authenticating: %s') % e.message
            LOG.exception(msg)
            messages.error(request, msg)
        except api_exceptions.ApiException as e:
            messages.error(request,
                           _('Error authenticating with keystone: %s') %
                           e.message)
Exemple #19
0
    def handle(self, request, data):

        def is_admin(token):
            for role in token.user['roles']:
                if role['name'].lower() == 'admin':
                    return True
            return False

        try:
            if data.get('tenant'):
                token = api.token_create(request,
                                         data.get('tenant'),
                                         data['username'],
                                         data['password'])

                tenants = api.tenant_list_for_token(request, token.id)
                tenant = None
                for t in tenants:
                    if t.id == data.get('tenant'):
                        tenant = t
            else:
                # We are logging in without tenant
                token = api.token_create(request,
                                         '',
                                         data['username'],
                                         data['password'])

                # Unscoped token
                request.session['unscoped_token'] = token.id

                def get_first_tenant_for_user():
                    for t in api.tenant_list_for_token(request, token.id):
                        # FIXME (anthony)
                        # keystone does the annoying 'always return everything
                        # for admin users thing' which causes the following
                        # annoying code block to exist (until that is fixed)
                        if is_admin(token):
                            for u in api.users_list_for_token_and_tenant(
                                                    request, token.id, t.id):
                                if u.name == data['username']:
                                    return t
                        else:
                            return t
                    return None

                # Get the tenant list, and log in using first tenant
                # FIXME (anthony): add tenant chooser here?
                tenant = get_first_tenant_for_user()

                # Create a token
                token = api.token_create_scoped_with_token(request,
                                         data.get('tenant', tenant.id),
                                         token.id)

            request.session['admin'] = is_admin(token)
            request.session['serviceCatalog'] = token.serviceCatalog

            LOG.info('Login form for user "%s". Service Catalog data:\n%s' %
                     (data['username'], token.serviceCatalog))

            request.session['tenant'] = tenant.name
            request.session['tenant_id'] = tenant.id
            request.session['token'] = token.id
            request.session['user'] = data['username']

            return shortcuts.redirect('dash_overview')

        except api_exceptions.Unauthorized as e:
            msg = 'Error authenticating: %s' % e.message
            LOG.error(msg, exc_info=True)
            messages.error(request, msg)
        except api_exceptions.ApiException as e:
            messages.error(request, 'Error authenticating with keystone: %s' %
                                     e.message)