示例#1
0
 def _create_access_token(self, consumer, token):
     headers = {'Content-Type': 'application/json'}
     url = '/OS-OAUTH1/access_token'
     oreq = self._oauth_request(consumer=consumer,
                                token=token,
                                http_method='POST',
                                http_url=self.base_url + url)
     hmac = oauth1.SignatureMethod_HMAC_SHA1()
     oreq.sign_request(hmac, consumer, token)
     headers.update(oreq.to_header())
     return url, headers
示例#2
0
 def _get_oauth_token(self, consumer, token):
     headers = {'Content-Type': 'application/json'}
     body = {'auth': {'identity': {'methods': ['oauth1'], 'oauth1': {}}}}
     url = '/auth/tokens'
     oreq = self._oauth_request(consumer=consumer,
                                token=token,
                                http_method='POST',
                                http_url=self.base_url + url)
     hmac = oauth1.SignatureMethod_HMAC_SHA1()
     oreq.sign_request(hmac, consumer, token)
     headers.update(oreq.to_header())
     return url, headers, body
示例#3
0
 def _create_request_token(self, consumer, project_id):
     params = {'requested_project_id': project_id}
     headers = {'Content-Type': 'application/json'}
     url = '/OS-OAUTH1/request_token'
     oreq = self._oauth_request(consumer=consumer,
                                http_url=self.base_url + url,
                                http_method='POST',
                                parameters=params)
     hmac = oauth1.SignatureMethod_HMAC_SHA1()
     oreq.sign_request(hmac, consumer, None)
     headers.update(oreq.to_header())
     headers.update(params)
     return url, headers
示例#4
0
    def authenticate(self, context, auth_info, auth_context):
        """Turn a signed request with an access key into a keystone token."""
        headers = context['headers']
        oauth_headers = oauth.get_oauth_headers(headers)
        consumer_id = oauth_headers.get('oauth_consumer_key')
        access_token_id = oauth_headers.get('oauth_token')

        if not access_token_id:
            raise exception.ValidationError(attribute='oauth_token',
                                            target='request')

        acc_token = self.oauth_api.get_access_token(access_token_id)
        consumer = self.oauth_api._get_consumer(consumer_id)

        expires_at = acc_token['expires_at']
        if expires_at:
            now = timeutils.utcnow()
            expires = timeutils.normalize_time(
                timeutils.parse_isotime(expires_at))
            if now > expires:
                raise exception.Unauthorized(_('Access token is expired'))

        consumer_obj = oauth1.Consumer(key=consumer['id'],
                                       secret=consumer['secret'])
        acc_token_obj = oauth1.Token(key=acc_token['id'],
                                     secret=acc_token['access_secret'])

        url = oauth.rebuild_url(context['path'])
        oauth_request = oauth1.Request.from_request(
            http_method='POST',
            http_url=url,
            headers=context['headers'],
            query_string=context['query_string'])
        oauth_server = oauth1.Server()
        oauth_server.add_signature_method(oauth1.SignatureMethod_HMAC_SHA1())
        params = oauth_server.verify_request(oauth_request,
                                             consumer_obj,
                                             token=acc_token_obj)

        if len(params) != 0:
            msg = _('There should not be any non-oauth parameters')
            raise exception.Unauthorized(message=msg)

        auth_context['user_id'] = acc_token['authorizing_user_id']
        auth_context['access_token_id'] = access_token_id
        auth_context['project_id'] = acc_token['project_id']