예제 #1
0
    def test_validate_client_token(self):
        test_redis = get_auth_redis_client()
        self.assertIsNotNone(test_redis)
        retval, token = validate_client_token(
            test_redis, url='http://mockurl',
            tenant='tenant-id', cache_key='cache-key')
        self.assertFalse(retval)
        self.assertIsNone(token)

        with mock.patch.object(test_redis, 'get',
                side_effect=side_effect_redis_getdata):
            retval, token = validate_client_token(
                test_redis,
                url='http://mockurl',
                tenant='tenant-id',
                cache_key='cache-key')
            self.assertTrue(retval)
            self.assertEqual(token, 'the-token')

        with mock.patch.object(test_redis, 'get',
                side_effect=side_effect_redis_getdata_expired):
            retval, token = validate_client_token(
                test_redis,
                url='http://mockurl',
                tenant='tenant-id',
                cache_key='cache-key')
            self.assertFalse(retval)
            self.assertIsNone(token)

        with mock.patch.object(test_redis, 'get',
                side_effect=side_effect_exception):
            retval, token = validate_client_token(
                test_redis, url='http://mockurl',
                tenant='tenant-id', cache_key='cache-key')
            self.assertFalse(retval)
            self.assertIsNone(token)

        with mock.patch.object(test_redis, 'get',
                side_effect=side_effect_redis_getdata):
            with mock.patch.object(dateutil.parser, 'parse',
                    side_effect=side_effect_exception):
                retval, token = validate_client_token(test_redis,
                    url='http://mockurl',
                    tenant='tenant-id',
                    cache_key='cache-key')
            self.assertFalse(retval)
            self.assertIsNone(token)
예제 #2
0
    def middleware(env, start_response):

        # Inject transaction-id into the response headers.
        def transactionhook(status, headers, exc_info=None):
            transaction = context.RequestContext()
            setattr(local.store, 'context', transaction)
            stealth.context.transaction = transaction
            headers.append(('Transaction-ID', str(
                stealth.context.transaction.request_id)))
            return start_response(status, headers, exc_info)

        try:
            project_id = env['HTTP_X_PROJECT_ID']
            token = ''
            cache_key = ''
            valid = False

            if 'HTTP_X_AUTH_TOKEN' in env:
                cache_key = env['HTTP_X_AUTH_TOKEN']

            # Validate the input cache_key.
            valid, token = token_validation.validate_client_token(redis_client,
                auth_url, project_id, cache_key)
            if valid:
                env['X-AUTH-TOKEN'] = token
                env.pop('HTTP_X_AUTH_TOKEN', cache_key)
                return app(env, transactionhook)

            # Validate the client with the impersonation token
            valid, usertoken, cache_key = \
                token_validation.validate_client_impersonation(
                    redis_client, auth_url, project_id, Admintoken)
            if valid and usertoken and usertoken['token']:

                # Inject cahce_key as the auth token into the response headers.
                def custom_start_response(status, headers, exc_info=None):
                    headers.append(('HTTP_X_AUTH_TOKEN', str(cache_key)))
                    return transactionhook(status, headers, exc_info)

                token = usertoken['token']
                env['X-AUTH-TOKEN'] = token
                LOG.debug(('Middleware: Auth Token validated.'))
                return app(env, custom_start_response)

            else:
                # Validation failed for some reason, just error out as a 401
                LOG.error(('Middleware: Auth Token validation failed.'))
                return _http_unauthorized(start_response)
        except (KeyError, LookupError):
            # Header failure, error out with 412
            LOG.error(('Middleware: Missing required headers.'))
            return _http_precondition_failed(start_response)
예제 #3
0
    def auth(self, req, resp):

        try:
            auth_token = None
            valid = False
            cache_key = None

            project_id = req.headers['X-PROJECT-ID']

            if 'X-AUTH-TOKEN' in req.headers:
                cache_key = req.headers['X-AUTH-TOKEN']

            valid, auth_token = token_validation.validate_client_token(
                self.redis_client,
                self.auth_url, project_id, cache_key)

            if not valid:
                valid, usertoken, cache_key =\
                    token_validation.validate_client_impersonation(
                        self.redis_client, self.auth_url, project_id,
                        self.Admintoken)

                if not valid:
                    # Validation failed for some reason,
                    # just error out as a 401
                    LOG.error('Auth Token validation failed.')
                    return False, 'Auth Token validation failed.'

                # WHY NOT? else if usertoken and usertoken['token']:
                auth_token = usertoken['token']

            #
            # auth_token here is the real auth token from Keystone,
            # It can be replaced in the user requests and forward
            # to the service providers.
            #
            # req.headers['X-AUTH-TOKEN'] = auth_token
            #

            # validate the client and fill out the request it's valid
            LOG.debug('Auth Token validated.')
            # Return only generated hmac values back to the users.
            return True, cache_key

        except (KeyError, LookupError):
            # Header failure, error out with 412
            LOG.error('Missing required headers.')
            return False, 'Missing required headers.'
예제 #4
0
    def auth(env, start_response):
        try:
            project_id = env['HTTP_X_PROJECT_ID']
            token = ''
            cache_key = ''
            valid = False

            if 'HTTP_X_AUTH_TOKEN' in env:
                cache_key = env['HTTP_X_AUTH_TOKEN']

            valid, token = token_validation.validate_client_token(redis_client,
                auth_url, project_id, cache_key)
            if valid:
                LOG.debug(('App: Auth Token validated.'))
                start_response('204 No Content',
                    [])
                return []

            # validate the client and fill out the env
            valid, usertoken, cache_key = \
                token_validation.validate_client_impersonation(
                    redis_client, auth_url, project_id, Admintoken)
            if valid and usertoken and usertoken['token']:
                token = usertoken['token']
                # env['X-AUTH-TOKEN'] = token
                LOG.debug(('App: Auth Token validated.'))
                start_response('204 No Content',
                    [('X-AUTH-TOKEN', cache_key)])
                return []

            # Validation failed. Error out as a 401
            LOG.error(('App: Auth Token validation failed.'))
            return _http_unauthorized(start_response)

        except (KeyError, LookupError):
            # Header failure, error out with 412
            LOG.error(('App: Missing required headers.'))
            return _http_precondition_failed(start_response)