def test_login_no_tenants(self): NEW_TENANT_ID = '6' NEW_TENANT_NAME = 'FAKENAME' TOKEN_ID = 1 form_data = {'method': 'Login', 'password': self.PASSWORD, 'username': self.TEST_USER} self.mox.StubOutWithMock(api, 'token_create') aToken = self.mox.CreateMock(api.Token) aToken.id = TOKEN_ID aToken.user = { 'roles': [{'name': 'fake'}]} aToken.serviceCatalog = {} api.token_create(IsA(http.HttpRequest), "", self.TEST_USER, self.PASSWORD).AndReturn(aToken) aTenant = self.mox.CreateMock(api.Token) aTenant.id = NEW_TENANT_ID aTenant.name = NEW_TENANT_NAME self.mox.StubOutWithMock(api, 'tenant_list_for_token') api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\ AndReturn([]) self.mox.StubOutWithMock(messages, 'error') messages.error(IsA(http.HttpRequest), IsA(unicode)) self.mox.ReplayAll() res = self.client.post(reverse('auth_login'), form_data) self.assertTemplateUsed(res, 'splash.html') self.mox.VerifyAll()
def test_gakunin_login_by_email(self): TOKEN_ID = 1 NEW_TENANT_ID = '6' NEW_TENANT_NAME = 'FAKENAME' key = {} key['wsgi.url_scheme'] = 'https' key['email'] = '*****@*****.**' aToken = self.mox.CreateMock(api.Token) aToken.id = TOKEN_ID aToken.user = { 'roles': [{'name': 'fake'}]} aToken.serviceCatalog = {} self.mox.StubOutWithMock(api, 'token_create_by_email') api.token_create_by_email(IsA(http.HttpRequest), '*****@*****.**').AndReturn(aToken) aTenant = self.mox.CreateMock(api.Token) aTenant.id = NEW_TENANT_ID aTenant.name = NEW_TENANT_NAME self.mox.StubOutWithMock(api, 'tenant_list_for_token') api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\ AndReturn([aTenant]) self.mox.ReplayAll() res = self.client.get(reverse('gakunin_login'), **key ) self.assertEqual(res._headers['location'], ('Location', 'https://testserver:80/auth/login/')) #self.assertRedirectsNoFollow(res, reverse('auth_login')) self.mox.VerifyAll() self.mox.UnsetStubs()
def auth_with_token(request, data, token_id, tenant_id = None, region=None, show_error=False): try: try: tenants = api.tenant_list_for_token_and_region(request, token_id, region) except api.ServiceCatalogException, e: tenants = api.tenant_list_for_token(request, token_id) if tenant_id: for t in tenants: if t.id == tenant_id: tenant = t else: tenant = tenants[0] if len(tenants) else None # Abort if there are no valid tenants for this user if not tenant: messages.error(request, 'No tenants present for user: %s' % data['username']) return # Create a token LOG.info('tokencreate') token = api.token_create_scoped_with_token_and_region(request, tenant.id, token_id, region) # set tanent info for region set_tenant_for_region(request, tenant, region) return token
def auth_with_token(request, data, token_id, tenant_id=None, region=None, show_error=False): try: try: tenants = api.tenant_list_for_token_and_region( request, token_id, region) except api.ServiceCatalogException, e: tenants = api.tenant_list_for_token(request, token_id) if tenant_id: for t in tenants: if t.id == tenant_id: tenant = t else: tenant = tenants[0] if len(tenants) else None # Abort if there are no valid tenants for this user if not tenant: messages.error( request, 'No tenants present for user: %s' % data['username']) return # Create a token LOG.info('tokencreate') token = api.token_create_scoped_with_token_and_region( request, tenant.id, token_id, region) # set tanent info for region set_tenant_for_region(request, tenant, region) return token
def handle(self, request, data): def is_admin(token): for role in token.user["roles"]: if role["name"].lower() == "admin": return True return False try: if data.get("tenant"): token = api.token_create(request, data.get("tenant"), data["username"], data["password"]) tenants = api.tenant_list_for_token(request, token.id) tenant = None for t in tenants: if t.id == data.get("tenant"): tenant = t else: token = api.token_create(request, "", data["username"], data["password"]) # Unscoped token request.session["unscoped_token"] = token.id request.user.username = data["username"] def get_first_tenant_for_user(): tenants = api.tenant_list_for_token(request, token.id) return tenants[0] if len(tenants) else None # Get the tenant list, and log in using first tenant # FIXME (anthony): add tenant chooser here? tenant = get_first_tenant_for_user() # Abort if there are no valid tenants for this user if not tenant: messages.error(request, "No tenants present for user: %s" % data["username"]) return # Create a token token = api.token_create_scoped(request, tenant.id, token.id) request.session["admin"] = is_admin(token) request.session["serviceCatalog"] = token.serviceCatalog LOG.info('Login form for user "%s". Service Catalog data:\n%s' % (data["username"], token.serviceCatalog)) request.session["tenant"] = tenant.name request.session["tenant_id"] = tenant.id request.session["token"] = token.id request.session["user"] = data["username"] return shortcuts.redirect("dash_overview") except api_exceptions.Unauthorized as e: msg = "Error authenticating: %s" % e.message LOG.exception(msg) messages.error(request, msg) except api_exceptions.ApiException as e: messages.error(request, "Error authenticating with keystone: %s" % e.message)
def test_login(self): NEW_TENANT_ID = '6' NEW_TENANT_NAME = 'FAKENAME' TOKEN_ID = 1 form_data = {'method': 'Login', 'password': self.PASSWORD, 'username': self.TEST_USER} self.mox.StubOutWithMock(api, 'token_create') class FakeToken(object): id = TOKEN_ID, user = {"id": "1", "roles": [{"id": "1", "name": "fake"}], "name": "user"} serviceCatalog = {} tenant = None aToken = api.Token(FakeToken()) bToken = aToken api.token_create(IsA(http.HttpRequest), "", self.TEST_USER, self.PASSWORD).AndReturn(aToken) aTenant = self.mox.CreateMock(api.Token) aTenant.id = NEW_TENANT_ID aTenant.name = NEW_TENANT_NAME bToken.tenant = {'id': aTenant.id, 'name': aTenant.name} self.mox.StubOutWithMock(api, 'tenant_list_for_token') api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\ AndReturn([aTenant]) self.mox.StubOutWithMock(api, 'token_create_scoped') api.token_create_scoped(IsA(http.HttpRequest), aTenant.id, aToken.id).AndReturn(bToken) self.mox.ReplayAll() res = self.client.post(reverse('auth_login'), form_data) self.assertRedirectsNoFollow(res, reverse('dash_overview')) self.mox.VerifyAll()
def test_switch_tenants(self): NEW_TENANT_ID = '6' NEW_TENANT_NAME = 'FAKENAME' TOKEN_ID = 1 self.setActiveUser(self.TEST_TOKEN, self.TEST_USER, self.TEST_TENANT, False, self.TEST_SERVICE_CATALOG) form_data = {'method': 'LoginWithTenant', 'password': self.PASSWORD, 'tenant': NEW_TENANT_ID, 'username': self.TEST_USER} self.mox.StubOutWithMock(api, 'token_create_with_region') #self.mox.StubOutWithMock(api, 'token_create') aTenant = self.mox.CreateMock(api.Token) aTenant.id = NEW_TENANT_ID aTenant.name = NEW_TENANT_NAME aToken = self.mox.CreateMock(api.Token) aToken.id = TOKEN_ID aToken.user = { 'roles': [{'name': 'fake'}]} aToken.serviceCatalog = {} api.token_create_with_region(IsA(http.HttpRequest), NEW_TENANT_ID, self.TEST_USER, self.PASSWORD).AndReturn(aToken) self.mox.StubOutWithMock(api, 'tenant_list_for_token') api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\ AndReturn([aTenant]) self.mox.ReplayAll() res = self.client.post(reverse('auth_switch', args=[NEW_TENANT_ID]), form_data) self.assertRedirectsNoFollow(res, reverse('dash_containers', args=[NEW_TENANT_ID])) self.assertEqual(self.client.session['tenant'], NEW_TENANT_NAME) self.mox.VerifyAll() self.mox.UnsetStubs()
def test_switch_tenants(self): NEW_TENANT_ID = '6' NEW_TENANT_NAME = 'FAKENAME' TOKEN_ID = 1 self.setActiveUser(self.TEST_TOKEN, self.TEST_USER, self.TEST_TENANT, False, self.TEST_SERVICE_CATALOG) form_data = { 'method': 'LoginWithTenant', 'password': self.PASSWORD, 'tenant': NEW_TENANT_ID, 'username': self.TEST_USER } self.mox.StubOutWithMock(api, 'token_create') aTenant = self.mox.CreateMock(api.Token) aTenant.id = NEW_TENANT_ID aTenant.name = NEW_TENANT_NAME aToken = self.mox.CreateMock(api.Token) aToken.id = TOKEN_ID aToken.user = {'roles': [{'name': 'fake'}]} aToken.serviceCatalog = {} api.token_create(IsA(http.HttpRequest), NEW_TENANT_ID, self.TEST_USER, self.PASSWORD).AndReturn(aToken) self.mox.StubOutWithMock(api, 'tenant_list_for_token') api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\ AndReturn([aTenant]) self.mox.ReplayAll() res = self.client.post(reverse('auth_switch', args=[NEW_TENANT_ID]), form_data) self.assertRedirectsNoFollow(res, reverse('dash_overview')) self.assertEqual(self.client.session['tenant'], NEW_TENANT_NAME) self.mox.VerifyAll()
def test_login(self): NEW_TENANT_ID = '6' NEW_TENANT_NAME = 'FAKENAME' TOKEN_ID = 1 form_data = { 'method': 'Login', 'password': self.PASSWORD, 'username': self.TEST_USER } self.mox.StubOutWithMock(api, 'token_create') aToken = api.Token(id=TOKEN_ID, user={'roles': [{ 'name': 'fake' }]}, serviceCatalog={}) bToken = aToken api.token_create(IsA(http.HttpRequest), "", self.TEST_USER, self.PASSWORD).AndReturn(aToken) aTenant = self.mox.CreateMock(api.Token) aTenant.id = NEW_TENANT_ID aTenant.name = NEW_TENANT_NAME self.mox.StubOutWithMock(api, 'tenant_list_for_token') api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\ AndReturn([aTenant]) bToken.tenant_id = aTenant.id self.mox.StubOutWithMock(api, 'token_create_scoped') api.token_create_scoped(IsA(http.HttpRequest), aTenant.id, aToken.id).AndReturn(bToken) self.mox.ReplayAll() res = self.client.post(reverse('auth_login'), form_data) self.assertRedirectsNoFollow(res, reverse('dash_overview')) self.mox.VerifyAll()
def tenants(request): if not request.user or not request.user.is_authenticated(): return {} try: return {'tenants': api.tenant_list_for_token(request, request.user.token)} except api_exceptions.BadRequest, e: messages.error(request, _("Unable to retrieve tenant list from\ keystone: %s") % e.message) return {'tenants': []}
def tenants(request): if not request.user or not request.user.is_authenticated(): return {} try: try: tenants = api.tenant_list_for_token_and_region(request, api.token_for_region(request), request.session.get('region', None)) except api.ServiceCatalogException, e: tenants = api.tenant_list_for_token(request, request.user.token) return {'tenants': tenants }
def tenants(request): if not request.user or not request.user.is_authenticated(): return {} try: try: tenants = api.tenant_list_for_token_and_region( request, api.token_for_region(request), request.session.get('region', None)) except api.ServiceCatalogException, e: tenants = api.tenant_list_for_token(request, request.user.token) return {'tenants': tenants}
def test_login_no_tenants(self): NEW_TENANT_ID = '6' NEW_TENANT_NAME = 'FAKENAME' TOKEN_ID = 1 form_data = { 'method': 'Login', 'password': self.PASSWORD, 'username': self.TEST_USER } self.mox.StubOutWithMock(api, 'token_create') aToken = api.Token(id=TOKEN_ID, user={'roles': [{ 'name': 'fake' }]}, serviceCatalog={}) api.token_create(IsA(http.HttpRequest), "", self.TEST_USER, self.PASSWORD).AndReturn(aToken) aTenant = self.mox.CreateMock(api.Token) aTenant.id = NEW_TENANT_ID aTenant.name = NEW_TENANT_NAME self.mox.StubOutWithMock(api, 'tenant_list_for_token') api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\ AndReturn([]) self.mox.StubOutWithMock(messages, 'error') messages.error(IsA(http.HttpRequest), IsA(unicode)) self.mox.ReplayAll() res = self.client.post(reverse('auth_login'), form_data) self.assertTemplateUsed(res, 'splash.html') self.mox.VerifyAll()
def test_login(self): NEW_TENANT_ID = '6' NEW_TENANT_NAME = 'FAKENAME' TOKEN_ID = 1 form_data = {'method': 'Login', 'password': self.PASSWORD, 'username': self.TEST_USER} self.mox.StubOutWithMock(api, 'token_create_with_region') aToken = self.mox.CreateMock(api.Token) aToken.id = TOKEN_ID aToken.user = { 'roles': [{'name': 'fake'}]} aToken.serviceCatalog = {} api.token_create_with_region(IsA(http.HttpRequest), "", self.TEST_USER, self.PASSWORD).AndReturn(aToken) aTenant = self.mox.CreateMock(api.Token) aTenant.id = NEW_TENANT_ID aTenant.name = NEW_TENANT_NAME self.mox.StubOutWithMock(api, 'tenant_list_for_token') api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).\ AndReturn([aTenant]) self.mox.StubOutWithMock(api, 'token_create_scoped_with_token_and_region') api.token_create_scoped_with_token_and_region(IsA(http.HttpRequest), aTenant.id, aToken.id).AndReturn(aToken) self.mox.ReplayAll() res = self.client.post(reverse('auth_login'), form_data) self.assertRedirectsNoFollow(res, reverse('dash_containers', args=[NEW_TENANT_ID])) self.mox.VerifyAll() self.mox.UnsetStubs()
def get_first_tenant_for_user(): for t in api.tenant_list_for_token(request, token.id): # FIXME (anthony) # keystone does the annoying 'always return everything # for admin users thing' which causes the following # annoying code block to exist (until that is fixed) if is_admin(token): for u in api.users_list_for_token_and_tenant( request, token.id, t.id): if u.name == data['username']: return t else: return t return None
def get_first_tenant_for_user(): tenants = api.tenant_list_for_token(request, token.id) return tenants[0] if len(tenants) else None
def handle(self, request, data): def is_admin(token): for role in token.user['roles']: if role['name'].lower() == 'admin': return True return False try: if data.get('tenant'): token = api.token_create(request, data.get('tenant'), data['username'], data['password']) tenants = api.tenant_list_for_token(request, token.id) tenant = None for t in tenants: if t.id == data.get('tenant'): tenant = t else: token = api.token_create(request, '', data['username'], data['password']) # Unscoped token request.session['unscoped_token'] = token.id request.user.username = data['username'] def get_first_tenant_for_user(): tenants = api.tenant_list_for_token(request, token.id) return tenants[0] if len(tenants) else None # Get the tenant list, and log in using first tenant # FIXME (anthony): add tenant chooser here? tenant = get_first_tenant_for_user() # Abort if there are no valid tenants for this user if not tenant: messages.error(request, _('No tenants present for user: %(user)s') % {"user": data['username']}) return # Create a token token = api.token_create_scoped(request, tenant.id, token.id) request.session['admin'] = is_admin(token) request.session['serviceCatalog'] = token.serviceCatalog LOG.info('Login form for user "%s". Service Catalog data:\n%s' % (data['username'], token.serviceCatalog)) request.session['tenant'] = tenant.name request.session['tenant_id'] = tenant.id request.session['token'] = token.id request.session['user'] = data['username'] return shortcuts.redirect('dash_overview') except api_exceptions.Unauthorized as e: msg = _('Error authenticating: %s') % e.message LOG.exception(msg) messages.error(request, msg) except api_exceptions.ApiException as e: messages.error(request, _('Error authenticating with keystone: %s') % e.message)
def handle(self, request, data): try: if data.get('tenant'): token = api.token_create(request, data.get('tenant'), data['username'], data['password']) tenants = api.tenant_list_for_token(request, token.id) tenant = None for t in tenants: if t.id == data.get('tenant'): tenant = t else: token = api.token_create(request, '', data['username'], data['password']) # Unscoped token request.session['unscoped_token'] = token.id request.user.username = data['username'] # Get the tenant list, and log in using first tenant # FIXME (anthony): add tenant chooser here? tenants = api.tenant_list_for_token(request, token.id) # Abort if there are no valid tenants for this user if not tenants: messages.error(request, _('No tenants present for user: %(user)s') % {"user": data['username']}) return # Create a token. # NOTE(gabriel): Keystone can return tenants that you're # authorized to administer but not to log into as a user, so in # the case of an Unauthorized error we should iterate through # the tenants until one succeeds or we've failed them all. while tenants: tenant = tenants.pop() try: token = api.token_create_scoped(request, tenant.id, token.id) break except exceptions.Unauthorized as e: token = None if token is None: raise exceptions.Unauthorized( _("You are not authorized for any available tenants.")) LOG.info('Login form for user "%s". Service Catalog data:\n%s' % (data['username'], token.serviceCatalog)) _set_session_data(request, token) return shortcuts.redirect('dash_overview') except api_exceptions.Unauthorized as e: msg = _('Error authenticating: %s') % e.message LOG.exception(msg) messages.error(request, msg) except api_exceptions.ApiException as e: messages.error(request, _('Error authenticating with keystone: %s') % e.message)
def handle(self, request, data): def is_admin(token): for role in token.user['roles']: if role['name'].lower() == 'admin': return True return False try: if data.get('tenant'): token = api.token_create(request, data.get('tenant'), data['username'], data['password']) tenants = api.tenant_list_for_token(request, token.id) tenant = None for t in tenants: if t.id == data.get('tenant'): tenant = t else: # We are logging in without tenant token = api.token_create(request, '', data['username'], data['password']) # Unscoped token request.session['unscoped_token'] = token.id def get_first_tenant_for_user(): for t in api.tenant_list_for_token(request, token.id): # FIXME (anthony) # keystone does the annoying 'always return everything # for admin users thing' which causes the following # annoying code block to exist (until that is fixed) if is_admin(token): for u in api.users_list_for_token_and_tenant( request, token.id, t.id): if u.name == data['username']: return t else: return t return None # Get the tenant list, and log in using first tenant # FIXME (anthony): add tenant chooser here? tenant = get_first_tenant_for_user() # Create a token token = api.token_create_scoped_with_token(request, data.get('tenant', tenant.id), token.id) request.session['admin'] = is_admin(token) request.session['serviceCatalog'] = token.serviceCatalog LOG.info('Login form for user "%s". Service Catalog data:\n%s' % (data['username'], token.serviceCatalog)) request.session['tenant'] = tenant.name request.session['tenant_id'] = tenant.id request.session['token'] = token.id request.session['user'] = data['username'] return shortcuts.redirect('dash_overview') except api_exceptions.Unauthorized as e: msg = 'Error authenticating: %s' % e.message LOG.error(msg, exc_info=True) messages.error(request, msg) except api_exceptions.ApiException as e: messages.error(request, 'Error authenticating with keystone: %s' % e.message)