def verify_token(self, user_token, retry=True):
"""Authenticate user token with identity server.
:param user_token: user's token id
:param retry: flag that forces the middleware to retry
user authentication when an indeterminate
response is received. Optional.
:returns: token object received from identity server on success
:raises exc.InvalidToken: if token is rejected
:raises exc.ServiceError: if unable to authenticate token
"""
user_token = _utils.safe_quote(user_token)
try:
response, data = self._request_strategy.verify_token(user_token)
except exceptions.NotFound as e:
self._LOG.warn(_LW('Authorization failed for token'))
self._LOG.warn(_LW('Identity response: %s'), e.response.text)
except exceptions.Unauthorized as e:
self._LOG.info(_LI('Identity server rejected authorization'))
self._LOG.warn(_LW('Identity response: %s'), e.response.text)
if retry:
self._LOG.info(_LI('Retrying validation'))
return self.verify_token(user_token, False)
except exceptions.HttpError as e:
self._LOG.error(
_LE('Bad response code while validating token: %s'),
e.http_status)
self._LOG.warn(_LW('Identity response: %s'), e.response.text)
else:
if response.status_code == 200:
return data
raise exc.InvalidToken()
def verify_token(self, user_token, retry=True):
"""Authenticate user token with identity server.
:param user_token: user's token id
:param retry: flag that forces the middleware to retry
user authentication when an indeterminate
response is received. Optional.
:returns: token object received from identity server on success
:raises exc.InvalidToken: if token is rejected
:raises exc.ServiceError: if unable to authenticate token
"""
user_token = _utils.safe_quote(user_token)
try:
response, data = self._request_strategy.verify_token(user_token)
except exceptions.NotFound as e:
self._LOG.warn(_LW('Authorization failed for token'))
self._LOG.warn(_LW('Identity response: %s'), e.response.text)
except exceptions.Unauthorized as e:
self._LOG.info(_LI('Identity server rejected authorization'))
self._LOG.warn(_LW('Identity response: %s'), e.response.text)
if retry:
self._LOG.info(_LI('Retrying validation'))
return self.verify_token(user_token, False)
except exceptions.HttpError as e:
self._LOG.error(
_LE('Bad response code while validating token: %s'),
e.http_status)
self._LOG.warn(_LW('Identity response: %s'), e.response.text)
else:
if response.status_code == 200:
return data
raise exc.InvalidToken()
def test_quoted_token(self):
self.assertEqual('foo%20bar', _utils.safe_quote('foo%20bar'))