コード例 #1
0
    def test_validate_client_impersonation(self, m):
        test_redis = get_auth_redis_client()

        m.post('http://mockurl/tokens', text='\
            {"access": {"token": {"id": "the-token", \
            "expires": "2025-09-04T14:09:20.236Z"}}}')
        token_data = AdminToken(url='http://mockurl', tenant='tenant-id',
            passwd='passwd', token='thetoken')
        self.assertIsNone(token_data.token_data)

        m.get('http://mockurl/tenants/tenant-id/users', text='\
            {"users": [{"id": "the-user-id"}]}')
        m.get('http://mockurl/users/the-user-id/RAX-AUTH/admins', text='\
            {"users": [{"username": "******"}]}')
        m.post('http://mockurl/RAX-AUTH/impersonation-tokens', text='\
            {"access": {"token": {"id": "the-token",\
             "expires": "2025-09-04T14:09:20.236Z"}}}')
        retval, token, cache_key = validate_client_impersonation(test_redis,
            url='http://mockurl', tenant='tenant-id', admintoken=token_data)
        self.assertTrue(retval)
        self.assertIsNotNone(cache_key)
        self.assertEqual(token["expires"], "2025-09-04T14:09:20.236Z")
        self.assertEqual(token["tenant"], "tenant-id")
        self.assertEqual(token["token"], "the-token")

        m.post('http://mockurl/RAX-AUTH/impersonation-tokens', status_code=404)
        retval, token, cache_key = validate_client_impersonation(test_redis,
            url='http://mockurl', tenant='tenant-id', admintoken=token_data)
        self.assertFalse(retval)
        self.assertIsNone(token)
        self.assertIsNone(cache_key)
コード例 #2
0
ファイル: auth_middleware.py プロジェクト: TheSriram/stealth
    def middleware(env, start_response):

        # Inject transaction-id into the response headers.
        def transactionhook(status, headers, exc_info=None):
            transaction = context.RequestContext()
            setattr(local.store, 'context', transaction)
            stealth.context.transaction = transaction
            headers.append(('Transaction-ID', str(
                stealth.context.transaction.request_id)))
            return start_response(status, headers, exc_info)

        try:
            project_id = env['HTTP_X_PROJECT_ID']
            token = ''
            cache_key = ''
            valid = False

            if 'HTTP_X_AUTH_TOKEN' in env:
                cache_key = env['HTTP_X_AUTH_TOKEN']

            # Validate the input cache_key.
            valid, token = token_validation.validate_client_token(redis_client,
                auth_url, project_id, cache_key)
            if valid:
                env['X-AUTH-TOKEN'] = token
                env.pop('HTTP_X_AUTH_TOKEN', cache_key)
                return app(env, transactionhook)

            # Validate the client with the impersonation token
            valid, usertoken, cache_key = \
                token_validation.validate_client_impersonation(
                    redis_client, auth_url, project_id, Admintoken)
            if valid and usertoken and usertoken['token']:

                # Inject cahce_key as the auth token into the response headers.
                def custom_start_response(status, headers, exc_info=None):
                    headers.append(('HTTP_X_AUTH_TOKEN', str(cache_key)))
                    return transactionhook(status, headers, exc_info)

                token = usertoken['token']
                env['X-AUTH-TOKEN'] = token
                LOG.debug(('Middleware: Auth Token validated.'))
                return app(env, custom_start_response)

            else:
                # Validation failed for some reason, just error out as a 401
                LOG.error(('Middleware: Auth Token validation failed.'))
                return _http_unauthorized(start_response)
        except (KeyError, LookupError):
            # Header failure, error out with 412
            LOG.error(('Middleware: Missing required headers.'))
            return _http_precondition_failed(start_response)
コード例 #3
0
ファイル: auth_endpoint.py プロジェクト: TheSriram/stealth
    def auth(self, req, resp):

        try:
            auth_token = None
            valid = False
            cache_key = None

            project_id = req.headers['X-PROJECT-ID']

            if 'X-AUTH-TOKEN' in req.headers:
                cache_key = req.headers['X-AUTH-TOKEN']

            valid, auth_token = token_validation.validate_client_token(
                self.redis_client,
                self.auth_url, project_id, cache_key)

            if not valid:
                valid, usertoken, cache_key =\
                    token_validation.validate_client_impersonation(
                        self.redis_client, self.auth_url, project_id,
                        self.Admintoken)

                if not valid:
                    # Validation failed for some reason,
                    # just error out as a 401
                    LOG.error('Auth Token validation failed.')
                    return False, 'Auth Token validation failed.'

                # WHY NOT? else if usertoken and usertoken['token']:
                auth_token = usertoken['token']

            #
            # auth_token here is the real auth token from Keystone,
            # It can be replaced in the user requests and forward
            # to the service providers.
            #
            # req.headers['X-AUTH-TOKEN'] = auth_token
            #

            # validate the client and fill out the request it's valid
            LOG.debug('Auth Token validated.')
            # Return only generated hmac values back to the users.
            return True, cache_key

        except (KeyError, LookupError):
            # Header failure, error out with 412
            LOG.error('Missing required headers.')
            return False, 'Missing required headers.'
コード例 #4
0
ファイル: auth_app.py プロジェクト: TheSriram/stealth
    def auth(env, start_response):
        try:
            project_id = env['HTTP_X_PROJECT_ID']
            token = ''
            cache_key = ''
            valid = False

            if 'HTTP_X_AUTH_TOKEN' in env:
                cache_key = env['HTTP_X_AUTH_TOKEN']

            valid, token = token_validation.validate_client_token(redis_client,
                auth_url, project_id, cache_key)
            if valid:
                LOG.debug(('App: Auth Token validated.'))
                start_response('204 No Content',
                    [])
                return []

            # validate the client and fill out the env
            valid, usertoken, cache_key = \
                token_validation.validate_client_impersonation(
                    redis_client, auth_url, project_id, Admintoken)
            if valid and usertoken and usertoken['token']:
                token = usertoken['token']
                # env['X-AUTH-TOKEN'] = token
                LOG.debug(('App: Auth Token validated.'))
                start_response('204 No Content',
                    [('X-AUTH-TOKEN', cache_key)])
                return []

            # Validation failed. Error out as a 401
            LOG.error(('App: Auth Token validation failed.'))
            return _http_unauthorized(start_response)

        except (KeyError, LookupError):
            # Header failure, error out with 412
            LOG.error(('App: Missing required headers.'))
            return _http_precondition_failed(start_response)