def _populate_token(self, token_data, expires=None): if not expires: expires = token_module.default_expire_time() if not isinstance(expires, unicode): expires = timeutils.isotime(expires) token_data['expires'] = expires token_data['issued_at'] = timeutils.strtime()
def _populate_token_dates(self, token_data, expires=None, trust=None): if not expires: expires = token.default_expire_time() if not isinstance(expires, basestring): expires = timeutils.isotime(expires, subsecond=True) token_data['expires_at'] = expires token_data['issued_at'] = timeutils.isotime(subsecond=True)
def create_token(self, token_id, data): token_id = token.unique_id(token_id) data_copy = copy.deepcopy(data) if 'expires' not in data: data_copy['expires'] = token.default_expire_time() self.db.set('token-%s' % token_id, data_copy) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): token_id = token.unique_id(token_id) data_copy = copy.deepcopy(data) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if 'trust_id' in data and data['trust_id'] is None: data_copy.pop('trust_id') self.db.set('token-%s' % token_id, data_copy) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) data_copy["id"] = token_id if not data_copy.get("expires"): data_copy["expires"] = token.default_expire_time() if not data_copy.get("user_id"): data_copy["user_id"] = data_copy["user"]["id"] self.db.set("token-%s" % token_id, data_copy) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) data_copy['id'] = token_id if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] self.db.set('token-%s' % token_id, data_copy) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() token_ref = TokenModel.from_dict(data_copy) token_ref.id = token.unique_id(token_id) token_ref.valid = True session = self.get_session() with session.begin(): session.add(token_ref) session.flush() return token_ref.to_dict()
def test_revoked_token_in_list(self): user_id = uuid.uuid4().hex expires_at = token.default_expire_time() sample = self._blank_event() sample['user_id'] = unicode(user_id) sample['expires_at'] = unicode(timeutils.isotime(expires_at)) before_time = timeutils.utcnow() self.revoke_api.revoke_by_expiration(user_id, expires_at) resp = self.get('/OS-REVOKE/events') events = resp.json_body['events'] self.assertEqual(len(events), 1) self.assertReportedEventMatchesRecorded(events[0], sample, before_time)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] token_ref = TokenModel.from_dict(data_copy) token_ref.valid = True session = db_session.get_session() with session.begin(): session.add(token_ref) return token_ref.to_dict()
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] token_ref = TokenModel.from_dict(data_copy) token_ref.valid = True session = sql.get_session() with session.begin(): session.add(token_ref) return token_ref.to_dict()
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) if not data_copy.get("expires"): data_copy["expires"] = token.default_expire_time() if not data_copy.get("user_id"): data_copy["user_id"] = data_copy["user"]["id"] token_ref = TokenModel.from_dict(data_copy) token_ref.valid = True session = self.get_session() with session.begin(): session.add(token_ref) session.flush() return token_ref.to_dict()
def format_token(cls, token_ref, roles_ref=None, catalog_ref=None): user_ref = token_ref['user'] metadata_ref = token_ref['metadata'] if roles_ref is None: roles_ref = [] expires = token_ref.get('expires', token.default_expire_time()) if expires is not None: if not isinstance(expires, unicode): expires = timeutils.isotime(expires) o = { 'access': { 'token': { 'id': token_ref['id'], 'expires': expires, 'issued_at': timeutils.strtime() }, 'user': { 'id': user_ref['id'], 'name': user_ref['name'], 'username': user_ref['name'], 'roles': roles_ref, 'roles_links': metadata_ref.get('roles_links', []) } } } if 'bind' in token_ref: o['access']['token']['bind'] = token_ref['bind'] if 'tenant' in token_ref and token_ref['tenant']: token_ref['tenant']['enabled'] = True o['access']['token']['tenant'] = token_ref['tenant'] if catalog_ref is not None: o['access']['serviceCatalog'] = V2TokenDataHelper.format_catalog( catalog_ref) if metadata_ref: if 'is_admin' in metadata_ref: o['access']['metadata'] = { 'is_admin': metadata_ref['is_admin'] } else: o['access']['metadata'] = {'is_admin': 0} if 'roles' in metadata_ref: o['access']['metadata']['roles'] = metadata_ref['roles'] if CONF.trust.enabled and 'trust_id' in metadata_ref: o['access']['trust'] = { 'trustee_user_id': metadata_ref['trustee_user_id'], 'id': metadata_ref['trust_id'] } return o
def format_token(cls, token_ref, roles_ref=None, catalog_ref=None): user_ref = token_ref['user'] metadata_ref = token_ref['metadata'] if roles_ref is None: roles_ref = [] expires = token_ref.get('expires', token.default_expire_time()) if expires is not None: if not isinstance(expires, six.text_type): expires = timeutils.isotime(expires) o = {'access': {'token': {'id': token_ref['id'], 'expires': expires, 'issued_at': timeutils.strtime() }, 'user': {'id': user_ref['id'], 'name': user_ref['name'], 'username': user_ref['name'], 'roles': roles_ref, 'roles_links': metadata_ref.get('roles_links', []) } } } if 'bind' in token_ref: o['access']['token']['bind'] = token_ref['bind'] if 'tenant' in token_ref and token_ref['tenant']: token_ref['tenant']['enabled'] = True o['access']['token']['tenant'] = token_ref['tenant'] if catalog_ref is not None: o['access']['serviceCatalog'] = V2TokenDataHelper.format_catalog( catalog_ref) if metadata_ref: if 'is_admin' in metadata_ref: o['access']['metadata'] = {'is_admin': metadata_ref['is_admin']} else: o['access']['metadata'] = {'is_admin': 0} if 'roles' in metadata_ref: o['access']['metadata']['roles'] = metadata_ref['roles'] if CONF.trust.enabled and 'trust_id' in metadata_ref: o['access']['trust'] = {'trustee_user_id': metadata_ref['trustee_user_id'], 'id': metadata_ref['trust_id'] } # Kerberos #o['access']['kerberos'] = token_ref['kerberos'] return o
def create_token(self, token_id, data): """Create a token by id and data. It is assumed the caller has performed data validation on the "data" parameter. """ data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token_id) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] # NOTE(morganfainberg): for ease of manipulating the data without # concern about the backend, always store the value(s) in the # index as the isotime (string) version so this is where the string is # built. expires_str = timeutils.isotime(data_copy['expires'], subsecond=True) self._set_key(ptk, data_copy) user_id = data['user']['id'] user_key = self._prefix_user_id(user_id) self._update_user_token_list(user_key, token_id, expires_str) if CONF.trust.enabled and data.get('trust_id'): # NOTE(morganfainberg): If trusts are enabled and this is a trust # scoped token, we add the token to the trustee list as well. This # allows password changes of the trustee to also expire the token. # There is no harm in placing the token in multiple lists, as # _list_tokens is smart enough to handle almost any case of # valid/invalid/expired for a given token. token_data = data_copy['token_data'] if data_copy['token_version'] == token.provider.V2: trustee_user_id = token_data['access']['trust'][ 'trustee_user_id'] elif data_copy['token_version'] == token.provider.V3: trustee_user_id = token_data['OS-TRUST:trust'][ 'trustee_user_id'] else: raise token.provider.UnsupportedTokenVersionException( _('Unknown token version %s') % data_copy.get('token_version')) trustee_key = self._prefix_user_id(trustee_user_id) self._update_user_token_list(trustee_key, token_id, expires_str) return data_copy
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token_id) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] kwargs = {} if data_copy['expires'] is not None: expires_ts = utils.unixtime(data_copy['expires']) kwargs['time'] = expires_ts self.client.set(ptk, data_copy, **kwargs) if 'id' in data['user']: user_id = data['user']['id'] user_key = self._prefix_user_id(user_id) # Append the new token_id to the token-index-list stored in the # user-key within memcache. self._update_user_list_with_cas(user_key, token_id, data_copy) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token_id) if not data_copy.get("expires"): data_copy["expires"] = token.default_expire_time() if not data_copy.get("user_id"): data_copy["user_id"] = data_copy["user"]["id"] kwargs = {} if data_copy["expires"] is not None: expires_ts = utils.unixtime(data_copy["expires"]) kwargs["time"] = expires_ts self.client.set(ptk, data_copy, **kwargs) if "id" in data["user"]: token_data = jsonutils.dumps(token_id) user_id = data["user"]["id"] user_key = self._prefix_user_id(user_id) # Append the new token_id to the token-index-list stored in the # user-key within memcache. self._update_user_list_with_cas(user_key, token_data) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token.unique_id(token_id)) if 'expires' not in data_copy: data_copy['expires'] = token.default_expire_time() kwargs = {} if data_copy['expires'] is not None: expires_ts = utils.unixtime(data_copy['expires']) kwargs['time'] = expires_ts self.client.set(ptk, data_copy, **kwargs) if 'id' in data['user']: token_data = jsonutils.dumps(token_id) user_id = data['user']['id'] user_key = self._prefix_user_id(user_id) if not self.client.append(user_key, ',%s' % token_data): if not self.client.add(user_key, token_data): if not self.client.append(user_key, ',%s' % token_data): msg = _('Unable to add token user list.') raise exception.UnexpectedError(msg) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token_id) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] kwargs = {} if data_copy['expires'] is not None: expires_ts = utils.unixtime(data_copy['expires']) kwargs['time'] = expires_ts self.client.set(ptk, data_copy, **kwargs) if 'id' in data['user']: token_data = jsonutils.dumps(token_id) user_id = data['user']['id'] user_key = self._prefix_user_id(user_id) # Append the new token_id to the token-index-list stored in the # user-key within memcache. self._update_user_list_with_cas(user_key, token_data) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token.unique_id(token_id)) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] kwargs = {} if data_copy['expires'] is not None: expires_ts = utils.unixtime(data_copy['expires']) kwargs['time'] = expires_ts self.client.set(ptk, data_copy, **kwargs) if 'id' in data['user']: token_data = jsonutils.dumps(token_id) user_id = data['user']['id'] user_key = self._prefix_user_id(user_id) if not self.client.append(user_key, ',%s' % token_data): if not self.client.add(user_key, token_data): if not self.client.append(user_key, ',%s' % token_data): msg = _('Unable to add token user list.') raise exception.UnexpectedError(msg) return copy.deepcopy(data_copy)
def format_token(cls, token_ref, roles_ref=None, catalog_ref=None): user_ref = token_ref["user"] metadata_ref = token_ref["metadata"] if roles_ref is None: roles_ref = [] expires = token_ref.get("expires", token.default_expire_time()) if expires is not None: if not isinstance(expires, six.text_type): expires = timeutils.isotime(expires) o = { "access": { "token": {"id": token_ref["id"], "expires": expires, "issued_at": timeutils.strtime()}, "user": { "id": user_ref["id"], "name": user_ref["name"], "username": user_ref["name"], "roles": roles_ref, "roles_links": metadata_ref.get("roles_links", []), }, } } if "bind" in token_ref: o["access"]["token"]["bind"] = token_ref["bind"] if "tenant" in token_ref and token_ref["tenant"]: token_ref["tenant"]["enabled"] = True o["access"]["token"]["tenant"] = token_ref["tenant"] if catalog_ref is not None: o["access"]["serviceCatalog"] = V2TokenDataHelper.format_catalog(catalog_ref) if metadata_ref: if "is_admin" in metadata_ref: o["access"]["metadata"] = {"is_admin": metadata_ref["is_admin"]} else: o["access"]["metadata"] = {"is_admin": 0} if "roles" in metadata_ref: o["access"]["metadata"]["roles"] = metadata_ref["roles"] if CONF.trust.enabled and "trust_id" in metadata_ref: o["access"]["trust"] = {"trustee_user_id": metadata_ref["trustee_user_id"], "id": metadata_ref["trust_id"]} return o