def handle_scoped_token(context, auth_payload, auth_context, token_ref, federation_api, identity_api, token_provider_api): utils.validate_expiration(token_ref) token_audit_id = token_ref.audit_id identity_provider = token_ref.federation_idp_id protocol = token_ref.federation_protocol_id user_id = token_ref.user_id group_ids = token_ref.federation_group_ids send_notification = functools.partial( notifications.send_saml_audit_notification, 'authenticate', context, user_id, group_ids, identity_provider, protocol, token_audit_id) try: mapping = federation_api.get_mapping_from_idp_and_protocol( identity_provider, protocol) utils.validate_groups(group_ids, mapping['id'], identity_api) except Exception: # NOTE(topol): Diaper defense to catch any exception, so we can # send off failed authentication notification, raise the exception # after sending the notification send_notification(taxonomy.OUTCOME_FAILURE) raise else: send_notification(taxonomy.OUTCOME_SUCCESS) auth_context['user_id'] = user_id auth_context['group_ids'] = group_ids auth_context[federation.IDENTITY_PROVIDER] = identity_provider auth_context[federation.PROTOCOL] = protocol
def _handle_scoped_token(self, context, auth_payload): token_id = auth_payload['id'] token_ref = token_model.KeystoneToken( token_id=token_id, token_data=self.token_provider_api.validate_token(token_id)) utils.validate_expiration(token_ref) token_audit_id = token_ref.audit_id identity_provider = token_ref.federation_idp_id protocol = token_ref.federation_protocol_id user_id = token_ref['user']['id'] group_ids = token_ref.federation_group_ids send_notification = functools.partial( notifications.send_saml_audit_notification, 'authenticate', context, user_id, group_ids, identity_provider, protocol, token_audit_id) try: mapping = self.federation_api.get_mapping_from_idp_and_protocol( identity_provider, protocol) utils.validate_groups(group_ids, mapping['id'], self.identity_api) except Exception: # NOTE(topol): Diaper defense to catch any exception, so we can # send off failed authentication notification, raise the exception # after sending the notification send_notification(taxonomy.OUTCOME_FAILURE) raise else: send_notification(taxonomy.OUTCOME_SUCCESS) return { 'user_id': user_id, 'group_ids': group_ids, federation.IDENTITY_PROVIDER: identity_provider, federation.PROTOCOL: protocol }
def handle_scoped_token(context, auth_payload, auth_context, token_ref, federation_api, identity_api, token_provider_api): utils.validate_expiration(token_ref) token_audit_id = token_ref.audit_id identity_provider = token_ref.federation_idp_id protocol = token_ref.federation_protocol_id user_id = token_ref.user_id group_ids = token_ref.federation_group_ids send_notification = functools.partial( notifications.send_saml_audit_notification, 'authenticate', context, user_id, group_ids, identity_provider, protocol, token_audit_id) utils.assert_enabled_identity_provider(federation_api, identity_provider) try: mapping = federation_api.get_mapping_from_idp_and_protocol( identity_provider, protocol) utils.validate_groups(group_ids, mapping['id'], identity_api) except Exception: # NOTE(topol): Diaper defense to catch any exception, so we can # send off failed authentication notification, raise the exception # after sending the notification send_notification(taxonomy.OUTCOME_FAILURE) raise else: send_notification(taxonomy.OUTCOME_SUCCESS) auth_context['user_id'] = user_id auth_context['group_ids'] = group_ids auth_context[federation_constants.IDENTITY_PROVIDER] = identity_provider auth_context[federation_constants.PROTOCOL] = protocol
def _handle_scoped_token(self, auth_payload): token_ref = self.token_api.get_token(auth_payload['id']) utils.validate_expiration(token_ref) _federation = token_ref['user'][federation.FEDERATION] identity_provider = _federation['identity_provider']['id'] protocol = _federation['protocol']['id'] group_ids = [group['id'] for group in _federation['groups']] mapping = self.federation_api.get_mapping_from_idp_and_protocol( identity_provider, protocol) utils.validate_groups(group_ids, mapping['id'], self.identity_api) return {'user_id': token_ref['user_id'], 'group_ids': group_ids}
def _handle_scoped_token(self, auth_payload): token_ref = self.token_api.get_token(auth_payload['id']) utils.validate_expiration(token_ref) _federation = token_ref['user'][federation.FEDERATION] identity_provider = _federation['identity_provider']['id'] protocol = _federation['protocol']['id'] group_ids = [group['id'] for group in _federation['groups']] mapping = self.federation_api.get_mapping_from_idp_and_protocol( identity_provider, protocol) utils.validate_groups(group_ids, mapping['id'], self.identity_api) return { 'user_id': token_ref['user_id'], 'group_ids': group_ids }
def _handle_scoped_token(self, auth_payload): token_ref = token_model.KeystoneToken( token_id=auth_payload['id'], token_data=self.token_provider_api.validate_token( auth_payload['id'])) utils.validate_expiration(token_ref) mapping = self.federation_api.get_mapping_from_idp_and_protocol( token_ref.federation_idp_id, token_ref.federation_protocol_id) utils.validate_groups(token_ref.federation_group_ids, mapping['id'], self.identity_api) return { 'user_id': token_ref.user_id, 'group_ids': token_ref.federation_group_ids, federation.IDENTITY_PROVIDER: token_ref.federation_idp_id, federation.PROTOCOL: token_ref.federation_protocol_id }
def _handle_scoped_token(self, context, auth_payload): token_id = auth_payload['id'] token_ref = token_model.KeystoneToken( token_id=token_id, token_data=self.token_provider_api.validate_token( token_id)) utils.validate_expiration(token_ref) token_audit_id = token_ref.audit_id identity_provider = token_ref.federation_idp_id protocol = token_ref.federation_protocol_id user_id = token_ref.user_id group_ids = token_ref.federation_group_ids send_notification = functools.partial( notifications.send_saml_audit_notification, 'authenticate', context, user_id, group_ids, identity_provider, protocol, token_audit_id) try: mapping = self.federation_api.get_mapping_from_idp_and_protocol( identity_provider, protocol) utils.validate_groups(group_ids, mapping['id'], self.identity_api) except Exception: # NOTE(topol): Diaper defense to catch any exception, so we can # send off failed authentication notification, raise the exception # after sending the notification send_notification(taxonomy.OUTCOME_FAILURE) raise else: send_notification(taxonomy.OUTCOME_SUCCESS) return { 'user_id': user_id, 'group_ids': group_ids, federation.IDENTITY_PROVIDER: identity_provider, federation.PROTOCOL: protocol }