예제 #1
0
파일: service.py 프로젝트: juvvadi/keystone
    def authenticate(self, credentials):
        if not isinstance(credentials, auth.PasswordCredentials):
            raise fault.BadRequestFault("Expecting Password Credentials!")

        duser = db_api.user_get(credentials.username)
        if duser == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not duser.enabled:
            raise fault.UserDisabledFault("Your account has been disabled")
        if duser.password != credentials.password:
            raise fault.UnauthorizedFault("Unauthorized")

        #
        # Look for an existing token, or create one,
        # TODO: Handle tenant/token search
        #
        # removing following code for multi-token
        """if not credentials.tenant_id:
            dtoken = db_api.token_for_user(duser.id)
        else:
            dtoken = db_api.token_for_user_tenant(duser.id,
                                                  credentials.tenant_id)
        """
        # added following code

        dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id)
        #---
        if not dtoken or dtoken.expires < datetime.now():
            dtoken = db_models.Token()
            dtoken.token_id = str(uuid.uuid4())
            dtoken.user_id = duser.id

            if not duser.tenants:
                raise fault.IDMFault("Strange: user %s is not associated "
                                     "with a tenant!" % duser.id)
            user = db_api.user_get_by_tenant(duser.id, credentials.tenant_id)

            if not credentials.tenant_id or not user:
                raise fault.ForbiddenFault("Error: user %s is "
                                     "not associated "
                                     "with a tenant! %s" % (duser.id,
                                                    credentials.tenant_id))
            dtoken.tenant_id = credentials.tenant_id
            #removing following code for multi token
            """else:
                dtoken.tenant_id = duser.tenants[0].tenant_id"""
            dtoken.expires = datetime.now() + timedelta(days=1)
            db_api.token_create(dtoken)

        return self.__get_auth_data(dtoken, duser)
예제 #2
0
def main():
    usage = "usage: %prog tenant_id"
    parser = optparse.OptionParser(usage)
    options, args = parser.parse_args()
    if len(args) != 1:
        parser.error("Incorrect number of arguments")
    else:
        tenant_id = args[0]
        try:
            u = db_api.user_get_by_tenant(tenant_id)
            if u == None:
                raise IndexError("Users not found")
            for row in u:
                print row
        except Exception, e:
            print 'Error getting users for tenant', tenant_id, ':', str(e)
예제 #3
0
    def authenticate(self, credentials):
        # Check credentials
        if not isinstance(credentials, auth.PasswordCredentials):
            raise fault.BadRequestFault("Expecting Password Credentials!")

        if not credentials.tenant_id:
            duser = db_api.user_get(credentials.username)
            if duser == None:
                raise fault.UnauthorizedFault("Unauthorized")
        else:
            duser = db_api.user_get_by_tenant(credentials.username,
                                              credentials.tenant_id)
            if duser == None:
                raise fault.UnauthorizedFault("Unauthorized on this tenant")

        if not duser.enabled:
            raise fault.UserDisabledFault("Your account has been disabled")
        if duser.password != credentials.password:
            raise fault.UnauthorizedFault("Unauthorized")

        #
        # Look for an existing token, or create one,
        # TODO: Handle tenant/token search
        #
        if not credentials.tenant_id:
            dtoken = db_api.token_for_user(duser.id)
        else:
            dtoken = db_api.token_for_user_tenant(duser.id,
                                                  credentials.tenant_id)
        tenant_id = None
        if credentials.tenant_id:
            tenant_id = credentials.tenant_id
        else:
            tenant_id = duser.tenant_id

        if not dtoken or dtoken.expires < datetime.now():
            # Create new token
            dtoken = db_models.Token()
            dtoken.token_id = str(uuid.uuid4())
            dtoken.user_id = duser.id
            if credentials.tenant_id:
                dtoken.tenant_id = credentials.tenant_id
            dtoken.expires = datetime.now() + timedelta(days=1)
            db_api.token_create(dtoken)
        #if tenant_id is passed in the call that tenant_id is passed else
        #user's default tenant_id is used.
        return self.__get_auth_data(dtoken, tenant_id)
예제 #4
0
파일: service.py 프로젝트: slashk/keystone
    def delete_user(self, admin_token, user_id, tenant_id):
        self.__validate_token(admin_token)
        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")

        duser = db_api.user_get(user_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be found")
        duser = db_api.user_get_by_tenant(user_id, tenant_id)
        if not duser:
            raise fault.ItemNotFoundFault("The user could not be "
                                        "found under given tenant")

        db_api.user_delete_tenant(user_id, tenant_id)
        return None
예제 #5
0
파일: service.py 프로젝트: juvvadi/keystone
    def create_user(self, admin_token, tenant_id, user):
        self.__validate_token(admin_token)
        print "@" * 80
        print tenant_id
        print user
        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")

        if not isinstance(user, users.User):
            raise fault.BadRequestFault("Expecting a User")

        if user.user_id == None:
            raise fault.BadRequestFault("Expecting a unique User Id")

        if db_api.user_get_by_tenant(user.user_id,tenant_id) != None:
            raise fault.UserConflictFault(
                "An user with that id already exists in the given tenant")

        if db_api.user_get(user.user_id) != None:
            raise fault.UserConflictFault(
                "An user with that id already exists")

        if db_api.user_get_email(user.email) != None:
            raise fault.EmailConflictFault(
                "Email already exists")


        duser = db_models.User()
        duser.id = user.user_id
        duser.password = user.password
        duser.email = user.email
        duser.enabled = user.enabled
        db_api.user_create(duser)

        duser_tenant = db_models.UserTenantAssociation()
        duser_tenant.user_id = user.user_id
        duser_tenant.tenant_id = tenant_id
        db_api.user_tenant_create(duser_tenant)
        return user
예제 #6
0
    def __get_auth_data(self, dtoken, duser):
        """return AuthData object for a token/user pair"""

        token = auth.Token(dtoken.expires, dtoken.token_id)

        gs = []
        for ug in duser.groups:
            dgroup = db_api.group_get(ug.group_id)
            gs.append(auth.Group(dgroup.id, dgroup.tenant_id))
        groups = auth.Groups(gs, [])
        if len(duser.tenants) == 0:
            raise fault.IDMFault("Strange: user %s is not associated "
                                 "with a tenant!" % duser.id)
        if not dtoken.tenant_id and \
            db_api.user_get_by_tenant(duser.id, dtoken.tenant_id):
            raise fault.IDMFault("Error: user %s is not associated "
                                 "with a tenant! %s" % (duser.id,
                                                dtoken.tenant_id))

        user = auth.User(duser.id, dtoken.tenant_id, groups)
        return auth.AuthData(token, user)
예제 #7
0
파일: service.py 프로젝트: juvvadi/keystone
    def add_user_tenant(self, admin_token, user_id, tenant_id):
        self.__validate_token(admin_token)

        dtenant = db_api.tenant_get(tenant_id)
        if dtenant == None:
            raise fault.UnauthorizedFault("Unauthorized")
        if not dtenant.enabled:
            raise fault.TenantDisabledFault("Your account has been disabled")
        if user_id == None:
            raise fault.BadRequestFault("Expecting a unique User Id")

        if db_api.user_get(user_id) is None:
            raise fault.ItemNotFoundFault(
                "user does not exists")

        if db_api.user_get_by_tenant(user_id,tenant_id) != None:
            raise fault.UserConflictFault(
                "An user with that id already exists in the given tenant")

        duser_tenant = db_models.UserTenantAssociation()
        duser_tenant.user_id = user_id
        duser_tenant.tenant_id = tenant_id
        db_api.user_tenant_create(duser_tenant)
        return None