def _validate_user_token(self, user_token, retry=True): """Authenticate user using PKI :param user_token: user's token id :param retry: Ignored, as it is not longer relevant :return uncrypted body of the token if the token is valid :raise InvalidUserToken if token is rejected :no longer raises ServiceError since it no longer makes RPC """ try: token_id = cms.cms_hash_token(user_token) cached = self._cache_get(token_id) if cached: return cached if cms.is_ans1_token(user_token): verified = self.verify_signed_token(user_token) data = json.loads(verified) else: data = self.verify_uuid_token(user_token, retry) self._cache_put(token_id, data) return data except Exception as e: self.LOG.debug('Token validation failure.', exc_info=True) self._cache_store_invalid(user_token) self.LOG.warn("Authorization failed for token %s", user_token) raise InvalidUserToken('Token authorization failed')
def _validate_user_token(self, user_token, retry=True): """Authenticate user using PKI :param user_token: user's token id :param retry: Ignored, as it is not longer relevant :return uncrypted body of the token if the token is valid :raise InvalidUserToken if token is rejected :no longer raises ServiceError since it no longer makes RPC """ token_id = None try: token_id = cms.cms_hash_token(user_token) cached = self._cache_get(token_id) if cached: return cached if cms.is_ans1_token(user_token): verified = self.verify_signed_token(user_token) data = jsonutils.loads(verified) else: data = self.verify_uuid_token(user_token, retry) expires = confirm_token_not_expired(data) self._cache_put(token_id, data, expires) return data except NetworkError: self.LOG.debug('Token validation failure.', exc_info=True) self.LOG.warn("Authorization failed for token %s", token_id) raise InvalidUserToken('Token authorization failed') except Exception: self.LOG.debug('Token validation failure.', exc_info=True) if token_id: self._cache_store_invalid(token_id) self.LOG.warn("Authorization failed for token %s", token_id) raise InvalidUserToken('Token authorization failed')
def _is_pki_token(self, token): """Determines if this is a pki-based token (pki or pkiz)""" return (keystone_cms.is_ans1_token(token) or keystone_cms.is_pkiz(token))
def _is_pki_token(self, token): """Determines if this is a pki-based token (pki or pkiz)""" if token is None: return False return (keystone_cms.is_ans1_token(token) or keystone_cms.is_pkiz(token))
def test_ans1_token(self): self.assertTrue(cms.is_ans1_token(self.examples.SIGNED_TOKEN_SCOPED)) self.assertFalse(cms.is_ans1_token('FOOBAR'))
def test_ans1_token(self): self.assertTrue(cms.is_ans1_token(client_fixtures.SIGNED_TOKEN_SCOPED)) self.assertFalse(cms.is_ans1_token('FOOBAR'))