Exemplo n.º 1
0
 def _populate_token(self, token_data, expires=None):
     if not expires:
         expires = token_module.default_expire_time()
     if not isinstance(expires, unicode):
         expires = timeutils.isotime(expires)
     token_data['expires'] = expires
     token_data['issued_at'] = timeutils.strtime()
Exemplo n.º 2
0
 def _populate_token_dates(self, token_data, expires=None, trust=None):
     if not expires:
         expires = token.default_expire_time()
     if not isinstance(expires, basestring):
         expires = timeutils.isotime(expires, subsecond=True)
     token_data['expires_at'] = expires
     token_data['issued_at'] = timeutils.isotime(subsecond=True)
Exemplo n.º 3
0
 def _populate_token_dates(self, token_data, expires=None, trust=None):
     if not expires:
         expires = token.default_expire_time()
     if not isinstance(expires, basestring):
         expires = timeutils.isotime(expires, subsecond=True)
     token_data['expires_at'] = expires
     token_data['issued_at'] = timeutils.isotime(subsecond=True)
Exemplo n.º 4
0
 def create_token(self, token_id, data):
     token_id = token.unique_id(token_id)
     data_copy = copy.deepcopy(data)
     if 'expires' not in data:
         data_copy['expires'] = token.default_expire_time()
     self.db.set('token-%s' % token_id, data_copy)
     return copy.deepcopy(data_copy)
Exemplo n.º 5
0
 def create_token(self, token_id, data):
     token_id = token.unique_id(token_id)
     data_copy = copy.deepcopy(data)
     if not data_copy.get('expires'):
         data_copy['expires'] = token.default_expire_time()
     if 'trust_id' in data and data['trust_id'] is None:
         data_copy.pop('trust_id')
     self.db.set('token-%s' % token_id, data_copy)
     return copy.deepcopy(data_copy)
Exemplo n.º 6
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     data_copy["id"] = token_id
     if not data_copy.get("expires"):
         data_copy["expires"] = token.default_expire_time()
     if not data_copy.get("user_id"):
         data_copy["user_id"] = data_copy["user"]["id"]
     self.db.set("token-%s" % token_id, data_copy)
     return copy.deepcopy(data_copy)
Exemplo n.º 7
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     data_copy['id'] = token_id
     if not data_copy.get('expires'):
         data_copy['expires'] = token.default_expire_time()
     if not data_copy.get('user_id'):
         data_copy['user_id'] = data_copy['user']['id']
     self.db.set('token-%s' % token_id, data_copy)
     return copy.deepcopy(data_copy)
Exemplo n.º 8
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     data_copy['id'] = token_id
     if not data_copy.get('expires'):
         data_copy['expires'] = token.default_expire_time()
     if not data_copy.get('user_id'):
         data_copy['user_id'] = data_copy['user']['id']
     self.db.set('token-%s' % token_id, data_copy)
     return copy.deepcopy(data_copy)
Exemplo n.º 9
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     if not data_copy.get('expires'):
         data_copy['expires'] = token.default_expire_time()
     token_ref = TokenModel.from_dict(data_copy)
     token_ref.id = token.unique_id(token_id)
     token_ref.valid = True
     session = self.get_session()
     with session.begin():
         session.add(token_ref)
         session.flush()
     return token_ref.to_dict()
Exemplo n.º 10
0
 def test_revoked_token_in_list(self):
     user_id = uuid.uuid4().hex
     expires_at = token.default_expire_time()
     sample = self._blank_event()
     sample['user_id'] = unicode(user_id)
     sample['expires_at'] = unicode(timeutils.isotime(expires_at))
     before_time = timeutils.utcnow()
     self.revoke_api.revoke_by_expiration(user_id, expires_at)
     resp = self.get('/OS-REVOKE/events')
     events = resp.json_body['events']
     self.assertEqual(len(events), 1)
     self.assertReportedEventMatchesRecorded(events[0], sample, before_time)
 def test_revoked_token_in_list(self):
     user_id = uuid.uuid4().hex
     expires_at = token.default_expire_time()
     sample = self._blank_event()
     sample['user_id'] = unicode(user_id)
     sample['expires_at'] = unicode(timeutils.isotime(expires_at))
     before_time = timeutils.utcnow()
     self.revoke_api.revoke_by_expiration(user_id, expires_at)
     resp = self.get('/OS-REVOKE/events')
     events = resp.json_body['events']
     self.assertEqual(len(events), 1)
     self.assertReportedEventMatchesRecorded(events[0], sample, before_time)
Exemplo n.º 12
0
    def create_token(self, token_id, data):
        data_copy = copy.deepcopy(data)
        if not data_copy.get('expires'):
            data_copy['expires'] = token.default_expire_time()
        if not data_copy.get('user_id'):
            data_copy['user_id'] = data_copy['user']['id']

        token_ref = TokenModel.from_dict(data_copy)
        token_ref.valid = True
        session = db_session.get_session()
        with session.begin():
            session.add(token_ref)
        return token_ref.to_dict()
Exemplo n.º 13
0
    def create_token(self, token_id, data):
        data_copy = copy.deepcopy(data)
        if not data_copy.get('expires'):
            data_copy['expires'] = token.default_expire_time()
        if not data_copy.get('user_id'):
            data_copy['user_id'] = data_copy['user']['id']

        token_ref = TokenModel.from_dict(data_copy)
        token_ref.valid = True
        session = sql.get_session()
        with session.begin():
            session.add(token_ref)
        return token_ref.to_dict()
Exemplo n.º 14
0
    def create_token(self, token_id, data):
        data_copy = copy.deepcopy(data)
        if not data_copy.get("expires"):
            data_copy["expires"] = token.default_expire_time()
        if not data_copy.get("user_id"):
            data_copy["user_id"] = data_copy["user"]["id"]

        token_ref = TokenModel.from_dict(data_copy)
        token_ref.valid = True
        session = self.get_session()
        with session.begin():
            session.add(token_ref)
            session.flush()
        return token_ref.to_dict()
Exemplo n.º 15
0
 def format_token(cls, token_ref, roles_ref=None, catalog_ref=None):
     user_ref = token_ref['user']
     metadata_ref = token_ref['metadata']
     if roles_ref is None:
         roles_ref = []
     expires = token_ref.get('expires', token.default_expire_time())
     if expires is not None:
         if not isinstance(expires, unicode):
             expires = timeutils.isotime(expires)
     o = {
         'access': {
             'token': {
                 'id': token_ref['id'],
                 'expires': expires,
                 'issued_at': timeutils.strtime()
             },
             'user': {
                 'id': user_ref['id'],
                 'name': user_ref['name'],
                 'username': user_ref['name'],
                 'roles': roles_ref,
                 'roles_links': metadata_ref.get('roles_links', [])
             }
         }
     }
     if 'bind' in token_ref:
         o['access']['token']['bind'] = token_ref['bind']
     if 'tenant' in token_ref and token_ref['tenant']:
         token_ref['tenant']['enabled'] = True
         o['access']['token']['tenant'] = token_ref['tenant']
     if catalog_ref is not None:
         o['access']['serviceCatalog'] = V2TokenDataHelper.format_catalog(
             catalog_ref)
     if metadata_ref:
         if 'is_admin' in metadata_ref:
             o['access']['metadata'] = {
                 'is_admin': metadata_ref['is_admin']
             }
         else:
             o['access']['metadata'] = {'is_admin': 0}
     if 'roles' in metadata_ref:
         o['access']['metadata']['roles'] = metadata_ref['roles']
     if CONF.trust.enabled and 'trust_id' in metadata_ref:
         o['access']['trust'] = {
             'trustee_user_id': metadata_ref['trustee_user_id'],
             'id': metadata_ref['trust_id']
         }
     return o
Exemplo n.º 16
0
    def format_token(cls, token_ref, roles_ref=None, catalog_ref=None):
        user_ref = token_ref['user']
        metadata_ref = token_ref['metadata']
        if roles_ref is None:
            roles_ref = []
        expires = token_ref.get('expires', token.default_expire_time())
        if expires is not None:
            if not isinstance(expires, six.text_type):
                expires = timeutils.isotime(expires)
        o = {'access': {'token': {'id': token_ref['id'],
                                  'expires': expires,
                                  'issued_at': timeutils.strtime()
                                  },
                        'user': {'id': user_ref['id'],
                                 'name': user_ref['name'],
                                 'username': user_ref['name'],
                                 'roles': roles_ref,
                                 'roles_links': metadata_ref.get('roles_links',
                                                                 [])
                                 }
                        }
             }
        if 'bind' in token_ref:
            o['access']['token']['bind'] = token_ref['bind']
        if 'tenant' in token_ref and token_ref['tenant']:
            token_ref['tenant']['enabled'] = True
            o['access']['token']['tenant'] = token_ref['tenant']
        if catalog_ref is not None:
            o['access']['serviceCatalog'] = V2TokenDataHelper.format_catalog(
                catalog_ref)
        if metadata_ref:
            if 'is_admin' in metadata_ref:
                o['access']['metadata'] = {'is_admin':
                                           metadata_ref['is_admin']}
            else:
                o['access']['metadata'] = {'is_admin': 0}
        if 'roles' in metadata_ref:
            o['access']['metadata']['roles'] = metadata_ref['roles']
        if CONF.trust.enabled and 'trust_id' in metadata_ref:
            o['access']['trust'] = {'trustee_user_id':
                                    metadata_ref['trustee_user_id'],
                                    'id': metadata_ref['trust_id']
                                    }
	# Kerberos 
	#o['access']['kerberos'] = token_ref['kerberos']

        return o
Exemplo n.º 17
0
    def create_token(self, token_id, data):
        """Create a token by id and data.

        It is assumed the caller has performed data validation on the "data"
        parameter.
        """
        data_copy = copy.deepcopy(data)
        ptk = self._prefix_token_id(token_id)
        if not data_copy.get('expires'):
            data_copy['expires'] = token.default_expire_time()
        if not data_copy.get('user_id'):
            data_copy['user_id'] = data_copy['user']['id']

        # NOTE(morganfainberg): for ease of manipulating the data without
        # concern about the backend, always store the value(s) in the
        # index as the isotime (string) version so this is where the string is
        # built.
        expires_str = timeutils.isotime(data_copy['expires'], subsecond=True)

        self._set_key(ptk, data_copy)
        user_id = data['user']['id']
        user_key = self._prefix_user_id(user_id)
        self._update_user_token_list(user_key, token_id, expires_str)
        if CONF.trust.enabled and data.get('trust_id'):
            # NOTE(morganfainberg): If trusts are enabled and this is a trust
            # scoped token, we add the token to the trustee list as well.  This
            # allows password changes of the trustee to also expire the token.
            # There is no harm in placing the token in multiple lists, as
            # _list_tokens is smart enough to handle almost any case of
            # valid/invalid/expired for a given token.
            token_data = data_copy['token_data']
            if data_copy['token_version'] == token.provider.V2:
                trustee_user_id = token_data['access']['trust'][
                    'trustee_user_id']
            elif data_copy['token_version'] == token.provider.V3:
                trustee_user_id = token_data['OS-TRUST:trust'][
                    'trustee_user_id']
            else:
                raise token.provider.UnsupportedTokenVersionException(
                    _('Unknown token version %s') %
                    data_copy.get('token_version'))

            trustee_key = self._prefix_user_id(trustee_user_id)
            self._update_user_token_list(trustee_key, token_id, expires_str)

        return data_copy
Exemplo n.º 18
0
    def create_token(self, token_id, data):
        """Create a token by id and data.

        It is assumed the caller has performed data validation on the "data"
        parameter.
        """
        data_copy = copy.deepcopy(data)
        ptk = self._prefix_token_id(token_id)
        if not data_copy.get('expires'):
            data_copy['expires'] = token.default_expire_time()
        if not data_copy.get('user_id'):
            data_copy['user_id'] = data_copy['user']['id']

        # NOTE(morganfainberg): for ease of manipulating the data without
        # concern about the backend, always store the value(s) in the
        # index as the isotime (string) version so this is where the string is
        # built.
        expires_str = timeutils.isotime(data_copy['expires'], subsecond=True)

        self._set_key(ptk, data_copy)
        user_id = data['user']['id']
        user_key = self._prefix_user_id(user_id)
        self._update_user_token_list(user_key, token_id, expires_str)
        if CONF.trust.enabled and data.get('trust_id'):
            # NOTE(morganfainberg): If trusts are enabled and this is a trust
            # scoped token, we add the token to the trustee list as well.  This
            # allows password changes of the trustee to also expire the token.
            # There is no harm in placing the token in multiple lists, as
            # _list_tokens is smart enough to handle almost any case of
            # valid/invalid/expired for a given token.
            token_data = data_copy['token_data']
            if data_copy['token_version'] == token.provider.V2:
                trustee_user_id = token_data['access']['trust'][
                    'trustee_user_id']
            elif data_copy['token_version'] == token.provider.V3:
                trustee_user_id = token_data['OS-TRUST:trust'][
                    'trustee_user_id']
            else:
                raise token.provider.UnsupportedTokenVersionException(
                    _('Unknown token version %s') %
                    data_copy.get('token_version'))

            trustee_key = self._prefix_user_id(trustee_user_id)
            self._update_user_token_list(trustee_key, token_id, expires_str)

        return data_copy
Exemplo n.º 19
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     ptk = self._prefix_token_id(token_id)
     if not data_copy.get('expires'):
         data_copy['expires'] = token.default_expire_time()
     if not data_copy.get('user_id'):
         data_copy['user_id'] = data_copy['user']['id']
     kwargs = {}
     if data_copy['expires'] is not None:
         expires_ts = utils.unixtime(data_copy['expires'])
         kwargs['time'] = expires_ts
     self.client.set(ptk, data_copy, **kwargs)
     if 'id' in data['user']:
         user_id = data['user']['id']
         user_key = self._prefix_user_id(user_id)
         # Append the new token_id to the token-index-list stored in the
         # user-key within memcache.
         self._update_user_list_with_cas(user_key, token_id, data_copy)
     return copy.deepcopy(data_copy)
Exemplo n.º 20
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     ptk = self._prefix_token_id(token_id)
     if not data_copy.get("expires"):
         data_copy["expires"] = token.default_expire_time()
     if not data_copy.get("user_id"):
         data_copy["user_id"] = data_copy["user"]["id"]
     kwargs = {}
     if data_copy["expires"] is not None:
         expires_ts = utils.unixtime(data_copy["expires"])
         kwargs["time"] = expires_ts
     self.client.set(ptk, data_copy, **kwargs)
     if "id" in data["user"]:
         token_data = jsonutils.dumps(token_id)
         user_id = data["user"]["id"]
         user_key = self._prefix_user_id(user_id)
         # Append the new token_id to the token-index-list stored in the
         # user-key within memcache.
         self._update_user_list_with_cas(user_key, token_data)
     return copy.deepcopy(data_copy)
Exemplo n.º 21
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     ptk = self._prefix_token_id(token.unique_id(token_id))
     if 'expires' not in data_copy:
         data_copy['expires'] = token.default_expire_time()
     kwargs = {}
     if data_copy['expires'] is not None:
         expires_ts = utils.unixtime(data_copy['expires'])
         kwargs['time'] = expires_ts
     self.client.set(ptk, data_copy, **kwargs)
     if 'id' in data['user']:
         token_data = jsonutils.dumps(token_id)
         user_id = data['user']['id']
         user_key = self._prefix_user_id(user_id)
         if not self.client.append(user_key, ',%s' % token_data):
             if not self.client.add(user_key, token_data):
                 if not self.client.append(user_key, ',%s' % token_data):
                     msg = _('Unable to add token user list.')
                     raise exception.UnexpectedError(msg)
     return copy.deepcopy(data_copy)
Exemplo n.º 22
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     ptk = self._prefix_token_id(token_id)
     if not data_copy.get('expires'):
         data_copy['expires'] = token.default_expire_time()
     if not data_copy.get('user_id'):
         data_copy['user_id'] = data_copy['user']['id']
     kwargs = {}
     if data_copy['expires'] is not None:
         expires_ts = utils.unixtime(data_copy['expires'])
         kwargs['time'] = expires_ts
     self.client.set(ptk, data_copy, **kwargs)
     if 'id' in data['user']:
         token_data = jsonutils.dumps(token_id)
         user_id = data['user']['id']
         user_key = self._prefix_user_id(user_id)
         # Append the new token_id to the token-index-list stored in the
         # user-key within memcache.
         self._update_user_list_with_cas(user_key, token_data)
     return copy.deepcopy(data_copy)
Exemplo n.º 23
0
 def create_token(self, token_id, data):
     data_copy = copy.deepcopy(data)
     ptk = self._prefix_token_id(token.unique_id(token_id))
     if not data_copy.get('expires'):
         data_copy['expires'] = token.default_expire_time()
     if not data_copy.get('user_id'):
         data_copy['user_id'] = data_copy['user']['id']
     kwargs = {}
     if data_copy['expires'] is not None:
         expires_ts = utils.unixtime(data_copy['expires'])
         kwargs['time'] = expires_ts
     self.client.set(ptk, data_copy, **kwargs)
     if 'id' in data['user']:
         token_data = jsonutils.dumps(token_id)
         user_id = data['user']['id']
         user_key = self._prefix_user_id(user_id)
         if not self.client.append(user_key, ',%s' % token_data):
             if not self.client.add(user_key, token_data):
                 if not self.client.append(user_key, ',%s' % token_data):
                     msg = _('Unable to add token user list.')
                     raise exception.UnexpectedError(msg)
     return copy.deepcopy(data_copy)
Exemplo n.º 24
0
 def format_token(cls, token_ref, roles_ref=None, catalog_ref=None):
     user_ref = token_ref["user"]
     metadata_ref = token_ref["metadata"]
     if roles_ref is None:
         roles_ref = []
     expires = token_ref.get("expires", token.default_expire_time())
     if expires is not None:
         if not isinstance(expires, six.text_type):
             expires = timeutils.isotime(expires)
     o = {
         "access": {
             "token": {"id": token_ref["id"], "expires": expires, "issued_at": timeutils.strtime()},
             "user": {
                 "id": user_ref["id"],
                 "name": user_ref["name"],
                 "username": user_ref["name"],
                 "roles": roles_ref,
                 "roles_links": metadata_ref.get("roles_links", []),
             },
         }
     }
     if "bind" in token_ref:
         o["access"]["token"]["bind"] = token_ref["bind"]
     if "tenant" in token_ref and token_ref["tenant"]:
         token_ref["tenant"]["enabled"] = True
         o["access"]["token"]["tenant"] = token_ref["tenant"]
     if catalog_ref is not None:
         o["access"]["serviceCatalog"] = V2TokenDataHelper.format_catalog(catalog_ref)
     if metadata_ref:
         if "is_admin" in metadata_ref:
             o["access"]["metadata"] = {"is_admin": metadata_ref["is_admin"]}
         else:
             o["access"]["metadata"] = {"is_admin": 0}
     if "roles" in metadata_ref:
         o["access"]["metadata"]["roles"] = metadata_ref["roles"]
     if CONF.trust.enabled and "trust_id" in metadata_ref:
         o["access"]["trust"] = {"trustee_user_id": metadata_ref["trustee_user_id"], "id": metadata_ref["trust_id"]}
     return o