예제 #1
0
    def authenticate(self, context, auth_payload, auth_context):
        if not auth_payload.get('id'):
            raise exception.ValidationError(attribute='id', target='token')

        scope = utils.get_scope(context)

        if scope.get('domain', {}).get('id'):
            raise exception.ForbiddenNotSecurity(
                'Token authentication with domain scoped authorization is not '
                'supported by the v3 API.')

        scope_project_id = scope.get('project', {}).get('id')
        if not scope_project_id:
            raise exception.ValidationError(attribute='project_id',
                                            target='scope')

        x_forwarded_for = utils.determine_x_forwarded_for_header(context)
        token_id = auth_payload['id']

        identity = v2.RackspaceIdentityToken.from_token(
            token_id,
            scope_project_id=scope_project_id,
            x_forwarded_for=x_forwarded_for)
        token_data = identity.authenticate()
        auth_context['user_id'] = token_data['access']['user']['id']
        auth_context[const.TOKEN_RESPONSE] = token_data
예제 #2
0
    def authenticate(self, context, auth_payload, auth_context):
        if not auth_payload.get('id'):
            raise exception.ValidationError(attribute='id', target='token')

        scope = utils.get_scope(context)

        if scope.get('domain', {}).get('id'):
            raise exception.ForbiddenNotSecurity(
                'Token authentication with domain scoped authorization is not '
                'supported by the v3 API.')

        scope_project_id = scope.get('project', {}).get('id')
        if not scope_project_id:
            raise exception.ValidationError(attribute='project_id',
                                            target='scope')

        x_forwarded_for = utils.determine_x_forwarded_for_header(context)
        token_id = auth_payload['id']

        identity = v2.RackspaceIdentityToken.from_token(
            token_id,
            scope_project_id=scope_project_id,
            x_forwarded_for=x_forwarded_for)
        token_data = identity.authenticate()
        auth_context['user_id'] = token_data['access']['user']['id']
        auth_context[const.TOKEN_RESPONSE] = token_data
예제 #3
0
    def authenticate(self, context, auth_payload, auth_context):
        """Try to authenticate against the identity backend."""
        self._validate_auth_data(auth_payload)

        user_domain_id = auth_payload['user'].get('domain', {}).get('id')
        user_domain_name = auth_payload['user'].get('domain', {}).get('name')

        scope = utils.get_scope(context)
        scope_domain_id = scope.get('domain', {}).get('id')
        scope_project_id = scope.get('project', {}).get('id')
        # TODO(dolph): if (domain_id and project_id), raise a 400

        username = auth_payload['user'].get('name')

        x_forwarded_for = utils.determine_x_forwarded_for_header(context)
        if not username:
            identity = v2.RackspaceIdentity.from_user_id(
                auth_payload['user']['id'],
                auth_payload['user']['password'],
                user_domain_id=user_domain_id,
                user_domain_name=user_domain_name,
                scope_domain_id=scope_domain_id,
                scope_project_id=scope_project_id,
                x_forwarded_for=x_forwarded_for)
        else:
            identity = v2.RackspaceIdentity.from_username(
                username,
                auth_payload['user']['password'],
                user_domain_id=user_domain_id,
                user_domain_name=user_domain_name,
                scope_domain_id=scope_domain_id,
                scope_project_id=scope_project_id,
                x_forwarded_for=x_forwarded_for)
        token_data = identity.authenticate()

        auth_context['user_id'] = token_data['access']['user']['id']
        auth_context[const.TOKEN_RESPONSE] = token_data