def authenticate(self, context, auth_payload, auth_context):
if not auth_payload.get('id'):
raise exception.ValidationError(attribute='id', target='token')
scope = utils.get_scope(context)
if scope.get('domain', {}).get('id'):
raise exception.ForbiddenNotSecurity(
'Token authentication with domain scoped authorization is not '
'supported by the v3 API.')
scope_project_id = scope.get('project', {}).get('id')
if not scope_project_id:
raise exception.ValidationError(attribute='project_id',
target='scope')
x_forwarded_for = utils.determine_x_forwarded_for_header(context)
token_id = auth_payload['id']
identity = v2.RackspaceIdentityToken.from_token(
token_id,
scope_project_id=scope_project_id,
x_forwarded_for=x_forwarded_for)
token_data = identity.authenticate()
auth_context['user_id'] = token_data['access']['user']['id']
auth_context[const.TOKEN_RESPONSE] = token_data
def authenticate(self, context, auth_payload, auth_context):
if not auth_payload.get('id'):
raise exception.ValidationError(attribute='id', target='token')
scope = utils.get_scope(context)
if scope.get('domain', {}).get('id'):
raise exception.ForbiddenNotSecurity(
'Token authentication with domain scoped authorization is not '
'supported by the v3 API.')
scope_project_id = scope.get('project', {}).get('id')
if not scope_project_id:
raise exception.ValidationError(attribute='project_id',
target='scope')
x_forwarded_for = utils.determine_x_forwarded_for_header(context)
token_id = auth_payload['id']
identity = v2.RackspaceIdentityToken.from_token(
token_id,
scope_project_id=scope_project_id,
x_forwarded_for=x_forwarded_for)
token_data = identity.authenticate()
auth_context['user_id'] = token_data['access']['user']['id']
auth_context[const.TOKEN_RESPONSE] = token_data
def authenticate(self, context, auth_payload, auth_context):
"""Try to authenticate against the identity backend."""
self._validate_auth_data(auth_payload)
user_domain_id = auth_payload['user'].get('domain', {}).get('id')
user_domain_name = auth_payload['user'].get('domain', {}).get('name')
scope = utils.get_scope(context)
scope_domain_id = scope.get('domain', {}).get('id')
scope_project_id = scope.get('project', {}).get('id')
# TODO(dolph): if (domain_id and project_id), raise a 400
username = auth_payload['user'].get('name')
x_forwarded_for = utils.determine_x_forwarded_for_header(context)
if not username:
identity = v2.RackspaceIdentity.from_user_id(
auth_payload['user']['id'],
auth_payload['user']['password'],
user_domain_id=user_domain_id,
user_domain_name=user_domain_name,
scope_domain_id=scope_domain_id,
scope_project_id=scope_project_id,
x_forwarded_for=x_forwarded_for)
else:
identity = v2.RackspaceIdentity.from_username(
username,
auth_payload['user']['password'],
user_domain_id=user_domain_id,
user_domain_name=user_domain_name,
scope_domain_id=scope_domain_id,
scope_project_id=scope_project_id,
x_forwarded_for=x_forwarded_for)
token_data = identity.authenticate()
auth_context['user_id'] = token_data['access']['user']['id']
auth_context[const.TOKEN_RESPONSE] = token_data