def _create_access_token(self, consumer, token): headers = {'Content-Type': 'application/json'} url = '/OS-OAUTH1/access_token' oreq = self._oauth_request(consumer=consumer, token=token, http_method='POST', http_url=self.base_url + url) hmac = oauth1.SignatureMethod_HMAC_SHA1() oreq.sign_request(hmac, consumer, token) headers.update(oreq.to_header()) return url, headers
def _get_oauth_token(self, consumer, token): headers = {'Content-Type': 'application/json'} body = {'auth': {'identity': {'methods': ['oauth1'], 'oauth1': {}}}} url = '/auth/tokens' oreq = self._oauth_request(consumer=consumer, token=token, http_method='POST', http_url=self.base_url + url) hmac = oauth1.SignatureMethod_HMAC_SHA1() oreq.sign_request(hmac, consumer, token) headers.update(oreq.to_header()) return url, headers, body
def _create_request_token(self, consumer, project_id): params = {'requested_project_id': project_id} headers = {'Content-Type': 'application/json'} url = '/OS-OAUTH1/request_token' oreq = self._oauth_request(consumer=consumer, http_url=self.base_url + url, http_method='POST', parameters=params) hmac = oauth1.SignatureMethod_HMAC_SHA1() oreq.sign_request(hmac, consumer, None) headers.update(oreq.to_header()) headers.update(params) return url, headers
def authenticate(self, context, auth_info, auth_context): """Turn a signed request with an access key into a keystone token.""" headers = context['headers'] oauth_headers = oauth.get_oauth_headers(headers) consumer_id = oauth_headers.get('oauth_consumer_key') access_token_id = oauth_headers.get('oauth_token') if not access_token_id: raise exception.ValidationError(attribute='oauth_token', target='request') acc_token = self.oauth_api.get_access_token(access_token_id) consumer = self.oauth_api._get_consumer(consumer_id) expires_at = acc_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Access token is expired')) consumer_obj = oauth1.Consumer(key=consumer['id'], secret=consumer['secret']) acc_token_obj = oauth1.Token(key=acc_token['id'], secret=acc_token['access_secret']) url = oauth.rebuild_url(context['path']) oauth_request = oauth1.Request.from_request( http_method='POST', http_url=url, headers=context['headers'], query_string=context['query_string']) oauth_server = oauth1.Server() oauth_server.add_signature_method(oauth1.SignatureMethod_HMAC_SHA1()) params = oauth_server.verify_request(oauth_request, consumer_obj, token=acc_token_obj) if len(params) != 0: msg = _('There should not be any non-oauth parameters') raise exception.Unauthorized(message=msg) auth_context['user_id'] = acc_token['authorizing_user_id'] auth_context['access_token_id'] = access_token_id auth_context['project_id'] = acc_token['project_id']