def process_request(self, req): """Constructs an appropriate context from extracted auth information. Extract any authentication information in the request and construct an appropriate context from it. """ headers = req.headers environ = req.environ try: username = None password = None aws_creds = None if headers.get('X-Auth-User') is not None: username = headers.get('X-Auth-User') password = headers.get('X-Auth-Key') elif headers.get('X-Auth-EC2-Creds') is not None: aws_creds = headers.get('X-Auth-EC2-Creds') user_id = headers.get('X-User-Id') user_domain_id = headers.get('X_User_Domain_Id') token = headers.get('X-Auth-Token') project_name = headers.get('X-Project-Name') tenant_id = headers.get('X-Project-Id') project_domain_id = headers.get('X_Project_Domain_Id') region_name = headers.get('X-Region-Name') auth_url = headers.get('X-Auth-Url') roles = headers.get('X-Roles') if roles is not None: roles = roles.split(',') token_info = environ.get('keystone.token_info') auth_plugin = environ.get('keystone.token_auth') req_id = environ.get(oslo_request_id.ENV_REQUEST_ID) except Exception: raise exception.NotAuthenticated() req.context = self.make_context( auth_token=token, tenant=tenant_id, project_name=project_name, aws_creds=aws_creds, username=username, user=user_id, password=password, auth_url=auth_url, roles=roles, request_id=req_id, auth_token_info=token_info, region_name=region_name, auth_plugin=auth_plugin, user_domain_id=user_domain_id, project_domain_id=project_domain_id)
def process_request(self, req): """ Extract any authentication information in the request and construct an appropriate context from it. """ headers = req.headers environ = req.environ try: username = None password = None aws_creds = None if headers.get('X-Auth-User') is not None: username = headers.get('X-Auth-User') password = headers.get('X-Auth-Key') elif headers.get('X-Auth-EC2-Creds') is not None: aws_creds = headers.get('X-Auth-EC2-Creds') user_id = headers.get('X-User-Id') token = headers.get('X-Auth-Token') tenant = headers.get('X-Tenant-Name') tenant_id = headers.get('X-Tenant-Id') auth_url = headers.get('X-Auth-Url') roles = headers.get('X-Roles') if roles is not None: roles = roles.split(',') token_info = environ.get('keystone.token_info') except Exception: raise exception.NotAuthenticated() req.context = self.make_context(auth_token=token, tenant=tenant, tenant_id=tenant_id, aws_creds=aws_creds, username=username, user_id=user_id, password=password, auth_url=auth_url, roles=roles, auth_token_info=token_info)
def process_request(self, req): """ Extract any authentication information in the request and construct an appropriate context from it. A few scenarios exist: 1. If X-Auth-Token is passed in, then consult TENANT and ROLE headers to determine permissions. 2. An X-Auth-Token was passed in, but the Identity-Status is not confirmed. For now, just raising a NotAuthenticated exception. 3. X-Auth-Token is omitted. If we were using Keystone, then the tokenauth middleware would have rejected the request, so we must be using NoAuth. In that case, assume that is_admin=True. """ headers = req.headers try: """ This sets the username/password to the admin user because you need this information in order to perform token authentication. The real 'username' is the 'tenant'. We should also check here to see if X-Auth-Token is not set and in that case we should assign the user/pass directly as the real username/password and token as None. 'tenant' should still be the username. """ username = None password = None aws_creds = None aws_auth_uri = None if headers.get('X-Auth-User') is not None: username = headers.get('X-Auth-User') password = headers.get('X-Auth-Key') elif headers.get('X-Auth-EC2-Creds') is not None: aws_creds = headers.get('X-Auth-EC2-Creds') aws_auth_uri = headers.get('X-Auth-EC2-Url') token = headers.get('X-Auth-Token') service_user = headers.get('X-Admin-User') service_password = headers.get('X-Admin-Pass') service_tenant = headers.get('X-Admin-Tenant-Name') tenant = headers.get('X-Tenant-Name') tenant_id = headers.get('X-Tenant-Id') auth_url = headers.get('X-Auth-Url') roles = headers.get('X-Roles') except: raise exception.NotAuthenticated() req.context = self.make_context(auth_token=token, tenant=tenant, tenant_id=tenant_id, aws_creds=aws_creds, aws_auth_uri=aws_auth_uri, username=username, password=password, service_user=service_user, service_password=service_password, service_tenant=service_tenant, auth_url=auth_url, roles=roles, is_admin=True)