def authenticate(self, credentials): if not isinstance(credentials, auth.PasswordCredentials): raise fault.BadRequestFault("Expecting Password Credentials!") duser = db_api.user_get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") if duser.password != credentials.password: raise fault.UnauthorizedFault("Unauthorized") # # Look for an existing token, or create one, # TODO: Handle tenant/token search # # removing following code for multi-token """if not credentials.tenant_id: dtoken = db_api.token_for_user(duser.id) else: dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) """ # added following code dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) #--- if not dtoken or dtoken.expires < datetime.now(): dtoken = db_models.Token() dtoken.token_id = str(uuid.uuid4()) dtoken.user_id = duser.id if not duser.tenants: raise fault.IDMFault("Strange: user %s is not associated " "with a tenant!" % duser.id) user = db_api.user_get_by_tenant(duser.id, credentials.tenant_id) if not credentials.tenant_id or not user: raise fault.ForbiddenFault("Error: user %s is " "not associated " "with a tenant! %s" % (duser.id, credentials.tenant_id)) dtoken.tenant_id = credentials.tenant_id #removing following code for multi token """else: dtoken.tenant_id = duser.tenants[0].tenant_id""" dtoken.expires = datetime.now() + timedelta(days=1) db_api.token_create(dtoken) return self.__get_auth_data(dtoken, duser)
def authenticate(self, credentials): # Check credentials if not isinstance(credentials, auth.PasswordCredentials): raise fault.BadRequestFault("Expecting Password Credentials!") if not credentials.tenant_id: duser = db_api.user_get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") else: duser = db_api.user_get_by_tenant(credentials.username, credentials.tenant_id) if duser == None: raise fault.UnauthorizedFault("Unauthorized on this tenant") if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") if duser.password != credentials.password: raise fault.UnauthorizedFault("Unauthorized") # # Look for an existing token, or create one, # TODO: Handle tenant/token search # if not credentials.tenant_id: dtoken = db_api.token_for_user(duser.id) else: dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) tenant_id = None if credentials.tenant_id: tenant_id = credentials.tenant_id else: tenant_id = duser.tenant_id if not dtoken or dtoken.expires < datetime.now(): # Create new token dtoken = db_models.Token() dtoken.token_id = str(uuid.uuid4()) dtoken.user_id = duser.id if credentials.tenant_id: dtoken.tenant_id = credentials.tenant_id dtoken.expires = datetime.now() + timedelta(days=1) db_api.token_create(dtoken) #if tenant_id is passed in the call that tenant_id is passed else #user's default tenant_id is used. return self.__get_auth_data(dtoken, tenant_id)