def switch_tenants(request, tenant_id): """ Swaps a user from one tenant to another using the unscoped token from Keystone to exchange scoped tokens for the new tenant. """ form, handled = LoginWithTenant.maybe_handle(request, initial={ 'tenant': tenant_id, 'username': request.user.username }) if handled: return handled unscoped_token = request.session.get('unscoped_token', None) if unscoped_token: try: token = api.token_create_scoped(request, tenant_id, unscoped_token) _set_session_data(request, token) user = users.User(users.get_user_from_request(request)) return shortcuts.redirect(Steer.get_user_home(user)) except exceptions.Unauthorized as e: messages.error(_("You are not authorized for that tenant.")) # FIXME(gabriel): we don't ship switch_tenants.html return shortcuts.render(request, 'switch_tenants.html', { 'to_tenant': tenant_id, 'form': form })
def switch_tenants(request, tenant_id): """ Swaps a user from one tenant to another using the unscoped token from Keystone to exchange scoped tokens for the new tenant. """ form, handled = LoginWithTenant.maybe_handle( request, initial={'tenant': tenant_id, 'username': request.user.username}) if handled: return handled unscoped_token = request.session.get('unscoped_token', None) if unscoped_token: try: token = api.token_create_scoped(request, tenant_id, unscoped_token) _set_session_data(request, token) user = users.User(users.get_user_from_request(request)) return shortcuts.redirect(Steer.get_user_home(user)) except exceptions.Unauthorized as e: messages.error(_("You are not authorized for that tenant.")) # FIXME(gabriel): we don't ship switch_tenants.html return shortcuts.render(request, 'switch_tenants.html', { 'to_tenant': tenant_id, 'form': form})
def login(request): """ Logs in a user and redirects them to the URL specified by :func:`steer.get_user_home`. """ if request.user.is_authenticated(): user = users.User(users.get_user_from_request(request)) return shortcuts.redirect(Steer.get_user_home(user)) form, handled = Login.maybe_handle(request) if handled: return handled # FIXME(gabriel): we don't ship a view named splash return shortcuts.render(request, 'splash.html', {'form': form})
def handle(self, request, data): try: if data.get('tenant', None): token = api.token_create(request, data.get('tenant'), data['username'], data['password']) tenants = api.tenant_list_for_token(request, token.id) tenant = None for t in tenants: if t.id == data.get('tenant'): tenant = t _set_session_data(request, token) user = users.get_user_from_request(request) return shortcuts.redirect(base.Steer.get_user_home(user)) elif data.get('username', None): try: token = api.token_create(request, '', data['username'], data['password']) except keystone_exceptions.Unauthorized: LOG.exception("Failed login attempt for %s." % data['username']) messages.error(request, _('Bad user name or password.'), extra_tags="login") return # Unscoped token request.session['unscoped_token'] = token.id request.user.username = data['username'] # Get the tenant list, and log in using first tenant # FIXME (anthony): add tenant chooser here? tenants = api.tenant_list_for_token(request, token.id) # Abort if there are no valid tenants for this user if not tenants: messages.error(request, _('No tenants present for user: %(user)s') % {"user": data['username']}, extra_tags="login") return # Create a token. # NOTE(gabriel): Keystone can return tenants that you're # authorized to administer but not to log into as a user, so in # the case of an Unauthorized error we should iterate through # the tenants until one succeeds or we've failed them all. while tenants: tenant = tenants.pop() try: token = api.token_create_scoped( request, tenant.id, token.id) break except api_exceptions.Unauthorized as e: token = None if token is None: raise exceptions.NotAuthorized( _("You are not authorized for any available tenants.")) _set_session_data(request, token) user = users.get_user_from_request(request) return shortcuts.redirect(base.Steer.get_user_home(user)) except api_exceptions.Unauthorized as e: msg = _('Error authenticating: %s') % e.message LOG.exception(msg) messages.error(request, msg, extra_tags="login") except api_exceptions.ApiException as e: messages.error(request, _('Error authenticating with keystone: %s') % e.message, extra_tags="login")
def handle(self, request, data): try: if data.get('tenant', None): token = api.token_create(request, data.get('tenant'), data['username'], data['password']) tenants = api.tenant_list_for_token(request, token.id) tenant = None for t in tenants: if t.id == data.get('tenant'): tenant = t _set_session_data(request, token) user = users.get_user_from_request(request) return shortcuts.redirect(base.Steer.get_user_home(user)) elif data.get('username', None): try: token = api.token_create(request, '', data['username'], data['password']) except keystone_exceptions.Unauthorized: LOG.exception("Failed login attempt for %s." % data['username']) messages.error(request, _('Bad user name or password.'), extra_tags="login") return # Unscoped token request.session['unscoped_token'] = token.id request.user.username = data['username'] # Get the tenant list, and log in using first tenant # FIXME (anthony): add tenant chooser here? tenants = api.tenant_list_for_token(request, token.id) # Abort if there are no valid tenants for this user if not tenants: messages.error(request, _('No tenants present for user: %(user)s') % {"user": data['username']}, extra_tags="login") return # Create a token. # NOTE(gabriel): Keystone can return tenants that you're # authorized to administer but not to log into as a user, so in # the case of an Unauthorized error we should iterate through # the tenants until one succeeds or we've failed them all. while tenants: tenant = tenants.pop() try: token = api.token_create_scoped(request, tenant.id, token.id) break except api_exceptions.Unauthorized as e: token = None if token is None: raise exceptions.NotAuthorized( _("You are not authorized for any available tenants.")) _set_session_data(request, token) user = users.get_user_from_request(request) return shortcuts.redirect(base.Steer.get_user_home(user)) except api_exceptions.Unauthorized as e: msg = _('Error authenticating: %s') % e.message LOG.exception(msg) messages.error(request, msg, extra_tags="login") except api_exceptions.ApiException as e: messages.error(request, _('Error authenticating with keystone: %s') % e.message, extra_tags="login")