def django_user_model(): """ MongoEngine user model as defined in AUTH_USER_MODEL Overrides the default pytest-django fixture """ return get_user_document()
def logout(request): msg = 'Logging out user "%(username)s".' % \ {'username': request.user.username} LOG.info(msg) try: user = get_user_document().objects(username=request.user.username).first() if request.user.hp_attr: hp_clouds = Hpclouddata.objects.all() for hp_cloud in hp_clouds: delete_token(endpoint=hp_cloud.endpoint,token_id=hp_cloud.token.id) hp = Hpclouddata.objects(id = hp_cloud.id).first() hp.delete() user.hp_attr = None user.hpname = None if request.user.token and request.user.endpoint: delete_token(endpoint=request.user.endpoint, token_id=request.user.token.id) user.token = None user.authorized_tenants = None user.service_catalog = None user.services_region = None user.project_name = None user.tenant_name = None user.tenant_id = None user.project_id = None user.endpoint = None user.openstackname = None else: LOG.debug("User token not deleted") user.is_superuser = False user.save() except: LOG.debug("User token not deleted") return django_logout(request)
def contribute_to_class(self, model, name): super(MappUserManager, self).contribute_to_class(model, name) self.dj_model = self.model self.model = get_user_document() self.dj_model.USERNAME_FIELD = self.model.USERNAME_FIELD self.dj_model.REQUIRED_FIELDS = self.model.REQUIRED_FIELDS """
def handle(self, request, data): user = get_user_document().objects(username=request.user.username).first() cnext_clouds = sum([[y.cloudid for y in i.policy if y.cloudid.platform == "Cnext"] for i in request.user.roles], []) for cloud in cnext_clouds: if str(cloud.id) == str(data['account_name']): user.cnextpublickey = cloud["cloud_meta"]["publickey"] user.cnextprivatekey = cloud["cloud_meta"]["privatekey"] user.cnextendpoint = cloud["cloud_meta"]["endpoint"] user.cnextname = cloud["name"] user.save() return True return False
def user_field(user, field, *args): """ Gets or sets (optional) user model fields. No-op if fields do not exist. """ if field and hasattr(user, field): if args: # Setter v = args[0] if v: User = get_user_document() v = v[0:User._meta.get_field(field).max_length] setattr(user, field, v) else: # Getter return getattr(user, field)
def handle(self, request, data): user = get_user_document().objects(username=request.user.username).first() hp_clouds = sum( [[y.cloudid for y in i.policy if y.cloudid.platform == "Hpcloud"] for i in request.user.roles], [] ) for cloud in hp_clouds: if str(cloud.id) == str(data["account_name"]): hpclouds = Hpclouddata.objects.all() for hpcloud in hpclouds: if hpcloud.hpcloudid.id == cloud.id: user.hp_attr = hpcloud user.hpname = cloud["name"] user.save() return True return False
def email_address_exists(email, exclude_user=None): emailaddresses = EmailAddress.objects if exclude_user: emailaddresses = emailaddresses.exclude(user=exclude_user) ret = emailaddresses.filter(email__iexact=email).first() if not ret: email_field = app_settings.USER_MODEL_EMAIL_FIELD if email_field: users = get_user_document().objects if exclude_user: users = users.exclude(pk=exclude_user.pk) ret = users.filter(**{email_field+'__iexact': email}).first() return ret
def handle(self, request, data): user = get_user_document().objects( username=request.user.username).first() aws_clouds = sum( [[y.cloudid for y in i.policy if y.cloudid.platform == "Amazon"] for i in request.user.roles], []) for cloud in aws_clouds: if str(cloud.id) == str(data['account_name']): user.awspublickey = cloud["cloud_meta"]["publickey"] user.awsprivatekey = cloud["cloud_meta"]["privatekey"] user.awsendpoint = cloud["cloud_meta"]["endpoint"] user.awsname = cloud["name"] user.save() return True return False
def handle(self, request, data): user = get_user_document().objects( username=request.user.username).first() hp_clouds = sum( [[y.cloudid for y in i.policy if y.cloudid.platform == "Hpcloud"] for i in request.user.roles], []) for cloud in hp_clouds: if str(cloud.id) == str(data['account_name']): hpclouds = Hpclouddata.objects.all() for hpcloud in hpclouds: if hpcloud.hpcloudid.id == cloud.id: user.hp_attr = hpcloud user.hpname = cloud["name"] user.save() return True return False
def _get_user_model(): """ Get the User Document class user for MongoEngine authentication. Use the model defined in SOCIAL_AUTH_USER_MODEL if defined, or defaults to MongoEngine's configured user document class. """ custom_model = getattr(settings, setting_name('USER_MODEL'), None) if custom_model: return module_member(custom_model) try: # Custom user model support with MongoEngine 0.8 from mongoengine.django.mongo_auth.models import get_user_document return get_user_document() except ImportError: return module_member('mongoengine.django.auth.User')
def _get_user_model(): """ Get the User Document class user for MongoEngine authentication. Use the model defined in SOCIAL_AUTH_USER_MODEL if defined, or defaults to MongoEngine's configured user document class. """ custom_model = getattr(settings, setting_name('USER_MODEL'), None) if custom_model: return module_member(custom_model) try: # Custom user model support with MongoEngine 0.8 from mongoengine.django.mongo_auth.models import get_user_document return get_user_document() except ImportError: return module_member('mongoengine.django.auth.User')
def switch_cnext_tenants(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME): """ Switches an authenticated user from one project to another. """ LOG.debug('Switching to tenant %s for user "%s".' % (tenant_id, request.user.username)) user = get_user_document().objects(username=request.user.username).first() cnext_tenant = tenantclouds.objects(id=tenant_id).first() user.cnextpublickey = cnext_tenant["cloud_meta"]["publickey"] user.cnextprivatekey = cnext_tenant["cloud_meta"]["privatekey"] user.cnextendpoint = cnext_tenant["cloud_meta"]["endpoint"] user.cnextname = cnext_tenant["name"] user.save() redirect_to = request.REQUEST.get(redirect_field_name, '') if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL return shortcuts.redirect(redirect_to)
def switch_cnext_tenants(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME): """ Switches an authenticated user from one project to another. """ LOG.debug('Switching to tenant %s for user "%s".' % (tenant_id, request.user.username)) user = get_user_document().objects(username=request.user.username).first() cnext_tenant = tenantclouds.objects(id=tenant_id).first() user.cnextpublickey = cnext_tenant["cloud_meta"]["publickey"] user.cnextprivatekey = cnext_tenant["cloud_meta"]["privatekey"] user.cnextendpoint = cnext_tenant["cloud_meta"]["endpoint"] user.cnextname = cnext_tenant["name"] user.save() redirect_to = request.REQUEST.get(redirect_field_name, '') if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL return shortcuts.redirect(redirect_to)
def handle(self, request, data): user = get_user_document().objects(username=request.user.username).first() openstack_clouds = sum([[y.cloudid for y in i.policy if y.cloudid.platform == "Openstack"] for i in request.user.roles], []) for cloud in openstack_clouds: if str(cloud.id) == str(data['account_name']): os_cloud = tenantclouds.objects(id = cloud.id).first() openstack_user = openstack_authenticate.authenticate(user_domain_name=None, username=os_cloud.cloud_meta['publickey'], password=encode_decode(os_cloud.cloud_meta['privatekey'],'decode'), auth_url= os_cloud.cloud_meta['endpoint']) utoken = openstack_user.token if utoken: delete_token(user.endpoint,user.token.id) otoken = trail.DocToken(user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog ) user.token = otoken user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id user.endpoint = os_cloud.cloud_meta['endpoint'] + "" user.openstackname = os_cloud.name user.save() return True return False
def logout(request): msg = 'Logging out user "%(username)s".' % \ {'username': request.user.username} LOG.info(msg) try: user = get_user_document().objects( username=request.user.username).first() if request.user.hp_attr: hp_clouds = Hpclouddata.objects.all() for hp_cloud in hp_clouds: delete_token(endpoint=hp_cloud.endpoint, token_id=hp_cloud.token.id) hp = Hpclouddata.objects(id=hp_cloud.id).first() hp.delete() user.hp_attr = None user.hpname = None if request.user.token and request.user.endpoint: delete_token(endpoint=request.user.endpoint, token_id=request.user.token.id) user.token = None user.authorized_tenants = None user.service_catalog = None user.services_region = None user.project_name = None user.tenant_name = None user.tenant_id = None user.project_id = None user.endpoint = None user.openstackname = None else: LOG.debug("User token not deleted") user.is_superuser = False user.save() except: LOG.debug("User token not deleted") return django_logout(request)
def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME): """ Switches an authenticated user from one project to another. """ LOG.debug('Switching to tenant %s for user "%s".' % (tenant_id, request.user.username)) insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) endpoint = request.user.endpoint try: if get_keystone_version() >= 3: endpoint = endpoint.replace('v2.0', 'v3') client = get_keystone_client().Client(tenant_id=tenant_id, token=request.user.token.id, auth_url=endpoint, insecure=insecure, debug=settings.DEBUG) auth_ref = client.auth_ref msg = 'Project switch successful for user "%(username)s".' % \ {'username': request.user.username} LOG.info(msg) except keystone_exceptions.ClientException: msg = 'Project switch failed for user "%(username)s".' % \ {'username': request.user.username} LOG.warning(msg) auth_ref = None LOG.exception('An error occurred while switching sessions.') # Ensure the user-originating redirection url is safe. # Taken from django.contrib.auth.views.login() redirect_to = request.REQUEST.get(redirect_field_name, '') if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if auth_ref: old_endpoint = request.session['region_endpoint'] old_token = request.user.token if old_token and old_endpoint and old_token.id != auth_ref.auth_token: delete_token(endpoint=old_endpoint, token_id=old_token.id) openstack_user = create_user_from_token(request, Token(auth_ref), endpoint) user = get_user_document().objects(username=request.user.username).first() utoken = openstack_user.token otoken = trail.DocToken(user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog ) user.token = otoken user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id role_perms = set(["openstack.roles.%s" % role['name'].lower() for role in otoken.roles]) if "openstack.roles.admin" in role_perms: user.is_superuser = True else: user.is_superuser = False user.save() set_session_from_user(request, user) return shortcuts.redirect(redirect_to)
def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME): """ Switches an authenticated user from one project to another. """ LOG.debug('Switching to tenant %s for user "%s".' % (tenant_id, request.user.username)) insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) endpoint = request.user.endpoint try: if get_keystone_version() >= 3: endpoint = endpoint.replace('v2.0', 'v3') client = get_keystone_client().Client(tenant_id=tenant_id, token=request.user.token.id, auth_url=endpoint, insecure=insecure, debug=settings.DEBUG) auth_ref = client.auth_ref msg = 'Project switch successful for user "%(username)s".' % \ {'username': request.user.username} LOG.info(msg) except keystone_exceptions.ClientException: msg = 'Project switch failed for user "%(username)s".' % \ {'username': request.user.username} LOG.warning(msg) auth_ref = None LOG.exception('An error occurred while switching sessions.') # Ensure the user-originating redirection url is safe. # Taken from django.contrib.auth.views.login() redirect_to = request.REQUEST.get(redirect_field_name, '') if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if auth_ref: old_endpoint = request.session['region_endpoint'] old_token = request.user.token if old_token and old_endpoint and old_token.id != auth_ref.auth_token: delete_token(endpoint=old_endpoint, token_id=old_token.id) openstack_user = create_user_from_token(request, Token(auth_ref), endpoint) user = get_user_document().objects( username=request.user.username).first() utoken = openstack_user.token otoken = trail.DocToken(user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog) user.token = otoken user.authorized_tenants = [ remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants ] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id role_perms = set([ "openstack.roles.%s" % role['name'].lower() for role in otoken.roles ]) if "openstack.roles.admin" in role_perms: user.is_superuser = True else: user.is_superuser = False user.save() set_session_from_user(request, user) return shortcuts.redirect(redirect_to)
def authenticate(self, request=None,username=None, password=None): try: get_user_document().objects(username=username.lower()).first() except Exception, e: print e
def get_user(self, user_id): return get_user_document().objects.with_id(user_id)
def handle(self, request, data): user = get_user_document().objects( username=request.user.username).first() user.awsendpoint = str(data['region_name']) user.save() return True
def get_user_model(self): return get_user_document()
def get_user_model(self): return get_user_document()
def action(self, request, obj_id): cloud = tenantclouds.objects(id=obj_id).first() roles = roledetail.objects(tenantid=request.user.tenantid) for role in roles: list1 = [] for a in role.policy: if (str(a.cloudid.id) == str(obj_id)): pass else: list1.append(a) roledetail.objects(id=role.id).update(set__policy=list1) user = get_user_document().objects( username=request.user.username).first() if cloud.platform == "Openstack": if user.openstackname == cloud.name: clouds = sum([[ y.cloudid for y in i.policy if y.cloudid.platform == "Openstack" ] for i in user.roles], []) if clouds: openstack_user = openstack_authenticate.authenticate( user_domain_name=None, username=clouds[0]["cloud_meta"]["publickey"], password=encode_decode( clouds[0]["cloud_meta"]["privatekey"], "decode"), auth_url=clouds[0]["cloud_meta"]["endpoint"]) utoken = openstack_user.token if utoken: delete_token(user.endpoint, user.token.id) otoken = trail.DocToken( user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog) user.token = otoken user.authorized_tenants = [ remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants ] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id user.endpoint = clouds[0]["cloud_meta"]["endpoint"] + "" user.openstackname = clouds[0]["name"] else: delete_token(user.endpoint, user.token.id) user.authorized_tenants = [] user.service_catalog = [] user.services_region = None user.project_name = None user.tenant_name = None user.tenant_id = None user.project_id = None user.endpoint = None user.token = None user.openstackname = None if cloud.platform == "Cnext": if user.cnextname == cloud.name: clouds = sum([[ y.cloudid for y in i.policy if y.cloudid.platform == "Cnext" ] for i in user.roles], []) if clouds: user.cnextpublickey = clouds[0]["cloud_meta"]["publickey"] user.cnextprivatekey = encode_decode( clouds[0]["cloud_meta"]["privatekey"], "encode") user.cnextendpoint = clouds[0]["cloud_meta"]["endpoint"] user.cnextname = clouds[0]["name"] else: user.cnextpublickey = "" user.cnextprivatekey = "" user.cnextendpoint = "" user.cnextname = "" if cloud.platform == "Hpcloud": hp_clouds = Hpclouddata.objects.all() for hp_cloud in hp_clouds: if hp_cloud.hpcloudid.id == cloud.id: if hp_cloud.id == request.user.hp_attr.id: clouds = sum([[ y.cloudid for y in i.policy if y.cloudid.platform == "Hpcloud" ] for i in user.roles], []) if clouds: hpclouds = Hpclouddata.objects.all() for hpcloud in hpclouds: if hpcloud.hpcloudid.id != cloud.id: user.hp_attr = hpcloud hpcloudobj = tenantclouds.objects( id=hpcloud.hpcloudid.id).first() user.hpname = hpcloudobj.name else: user.hp_attr = None user.hpname = None hp = Hpclouddata.objects(id=hp_cloud.id).first() hp.delete() else: hp = Hpclouddata.objects(id=hp_cloud.id).first() hp.delete() if cloud.platform == "Amazon": if user.awsname == cloud.name: clouds = sum([[ y.cloudid for y in i.policy if y.cloudid.platform == "Amazon" ] for i in user.roles], []) if clouds: user.awspublickey = clouds[0]["cloud_meta"]["publickey"] user.awsprivatekey = encode_decode( clouds[0]["cloud_meta"]["privatekey"], "encode") user.awsendpoint = clouds[0]["cloud_meta"]["endpoint"] user.awsname = clouds[0]["name"] else: user.awspublickey = "" user.awsprivatekey = "" user.awsendpoint = "" user.awsname = "" user.save() cloud.delete()
def action(self, request, obj_id): cloud = tenantclouds.objects(id = obj_id).first() roles = roledetail.objects(tenantid=request.user.tenantid) for role in roles: list1 = [] for a in role.policy: if (str(a.cloudid.id) == str(obj_id)): pass else: list1.append(a) roledetail.objects(id=role.id).update(set__policy=list1) user = get_user_document().objects(username=request.user.username).first() if cloud.platform == "Openstack": if user.openstackname == cloud.name: clouds = sum([[y.cloudid for y in i.policy if y.cloudid.platform == "Openstack"] for i in user.roles], []) if clouds: openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=clouds[0]["cloud_meta"]["publickey"], password=encode_decode(clouds[0]["cloud_meta"]["privatekey"],"decode"), auth_url= clouds[0]["cloud_meta"]["endpoint"]) utoken = openstack_user.token if utoken: delete_token(user.endpoint,user.token.id) otoken = trail.DocToken(user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog ) user.token = otoken user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id user.endpoint = clouds[0]["cloud_meta"]["endpoint"] + "" user.openstackname = clouds[0]["name"] else: delete_token(user.endpoint,user.token.id) user.authorized_tenants = [] user.service_catalog = [] user.services_region = None user.project_name = None user.tenant_name = None user.tenant_id = None user.project_id = None user.endpoint = None user.token = None user.openstackname = None if cloud.platform =="Cnext": if user.cnextname == cloud.name: clouds = sum([[y.cloudid for y in i.policy if y.cloudid.platform == "Cnext"] for i in user.roles], []) if clouds: user.cnextpublickey = clouds[0]["cloud_meta"]["publickey"] user.cnextprivatekey = encode_decode(clouds[0]["cloud_meta"]["privatekey"],"encode") user.cnextendpoint = clouds[0]["cloud_meta"]["endpoint"] user.cnextname = clouds[0]["name"] else: user.cnextpublickey = "" user.cnextprivatekey = "" user.cnextendpoint = "" user.cnextname = "" if cloud.platform == "Hpcloud": hp_clouds = Hpclouddata.objects.all() for hp_cloud in hp_clouds: if hp_cloud.hpcloudid.id == cloud.id: if hp_cloud.id == request.user.hp_attr.id: clouds = sum([[y.cloudid for y in i.policy if y.cloudid.platform == "Hpcloud"] for i in user.roles], []) if clouds: hpclouds = Hpclouddata.objects.all() for hpcloud in hpclouds: if hpcloud.hpcloudid.id != cloud.id: user.hp_attr = hpcloud hpcloudobj = tenantclouds.objects(id = hpcloud.hpcloudid.id).first() user.hpname = hpcloudobj.name else: user.hp_attr = None user.hpname = None hp = Hpclouddata.objects(id = hp_cloud.id).first() hp.delete() else: hp = Hpclouddata.objects(id = hp_cloud.id).first() hp.delete() if cloud.platform =="Amazon": if user.awsname == cloud.name: clouds = sum([[y.cloudid for y in i.policy if y.cloudid.platform == "Amazon"] for i in user.roles], []) if clouds: user.awspublickey = clouds[0]["cloud_meta"]["publickey"] user.awsprivatekey = encode_decode(clouds[0]["cloud_meta"]["privatekey"],"encode") user.awsendpoint = clouds[0]["cloud_meta"]["endpoint"] user.awsname = clouds[0]["name"] else: user.awspublickey = "" user.awsprivatekey = "" user.awsendpoint = "" user.awsname = "" user.save() cloud.delete()
def test_get_user_document(self): self.assertEqual(get_user_document(), User)
def authenticate(self, request=None, username=None, password=None): try: get_user_document().objects(username=username.lower()).first() except Exception, e: print e
class CloudMongoBackend(object): 'To check permission seperate backend' """Authenticate using MongoEngine and mongoengine.django.auth.User. """ supports_object_permissions = False supports_anonymous_user = False supports_inactive_user = False DEFAULT_IDENTITY_PORT = "" #":5000/v2.0" def authenticate(self, request=None, username=None, password=None): try: get_user_document().objects(username=username.lower()).first() except Exception, e: print e user = get_user_document().objects(username=username.lower()).first() if user: if password and user.check_password(password): if not user.status: msg = _("Your Account is Not Activated. \n" "Please Activate Account, and Login") LOG.debug(msg) raise KeystoneAuthException(msg) if user.roles == []: msg = _("You do not have any permission to perform") LOG.debug(msg) raise KeystoneAuthException(msg) backend = auth.get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) else: msg = _("Please Login with " "Correct Password.") LOG.debug(msg) raise KeystoneAuthException(msg) cloud = [] cloud1 = [] cloud2 = [] cloud1 = sum([[ y.cloudid for y in i.policy if y.cloudid.platform == "Cnext" ] for i in user.roles], []) cloud2 = sum([[ y.cloudid for y in i.policy if y.cloudid.platform == "Amazon" ] for i in user.roles], []) cloud3 = sum([[ y.cloudid for y in i.policy if y.cloudid.platform == "Hpcloud" ] for i in user.roles], []) cloud = sum([[ y.cloudid for y in i.policy if y.cloudid.platform == "Openstack" ] for i in user.roles], []) if cloud: try: cloud_endpoint = cloud[0]["cloud_meta"]["endpoint"] cloud_accesskey = cloud[0]["cloud_meta"]["publickey"] cloud_privatekey = trail.encode_decode( cloud[0]["cloud_meta"]["privatekey"], "decode") ##Getting openstack user object by calling keystone client ## openstack_user = authenticate(user_domain_name=None, username=cloud_accesskey, password=cloud_privatekey, auth_url=cloud_endpoint + self.DEFAULT_IDENTITY_PORT) utoken = openstack_user.token otoken = trail.DocToken( user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog) user.token = otoken user.authorized_tenants = [ remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants ] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id user.endpoint = cloud_endpoint + self.DEFAULT_IDENTITY_PORT user.openstackname = cloud[0]["name"] msg = _("Successfully user token created in " "Mongodb.") LOG.debug(msg) except: pass if cloud1: user.cnextpublickey = cloud1[0]["cloud_meta"]["publickey"] user.cnextprivatekey = cloud1[0]["cloud_meta"]["privatekey"] user.cnextendpoint = cloud1[0]["cloud_meta"]["endpoint"] user.cnextname = cloud1[0]["name"] if cloud2: user.awspublickey = cloud2[0]["cloud_meta"]["publickey"] user.awsprivatekey = cloud2[0]["cloud_meta"]["privatekey"] user.awsendpoint = cloud2[0]["cloud_meta"]["endpoint"] user.awsname = cloud2[0]["name"] if cloud3: try: for x in range(len(cloud3)): cloud_endpoint = cloud3[x]["cloud_meta"]["endpoint"] cloud_accesskey = cloud3[x]["cloud_meta"]["publickey"] cloud_privatekey = trail.encode_decode( cloud3[x]["cloud_meta"]["privatekey"], "decode") ##Getting openstack user object by calling keystone client ## openstack_user = authenticate( user_domain_name=None, username=cloud_accesskey, password=cloud_privatekey, auth_url=cloud_endpoint + self.DEFAULT_IDENTITY_PORT) utoken = openstack_user.token otoken = trail.DocToken( user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog) hp = trail.Hpclouddata(token = otoken,\ authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants],\ service_catalog = openstack_user.service_catalog,\ services_region = openstack_user.services_region,\ project_name = openstack_user.project_name,\ tenant_name = openstack_user.tenant_name,\ tenant_id = openstack_user.tenant_id,\ project_id = openstack_user.project_id,\ endpoint = cloud_endpoint + "",\ hpcloudid = cloud3[x]["id"] ) hp.save() if x == 0: user.hp_attr = hp user.hpname = cloud3[x]["name"] msg = _("Successfully user token created in " "Mongodb.") LOG.debug(msg) except: pass user.save() return user else: msg = _("Invalid Credentials.") LOG.debug(msg) raise KeystoneAuthException(msg) return None
def get_user(self, user_id): return get_user_document().objects.with_id(user_id)
def handle(self, request, context): cloud_id = context.get('cloud_id', None) username = context.get('publickey', None) cloudname = context.get('cloudname', None) platform = context.get('platform', None) password = context.get('secretkey', None) endpoint = context.get('endpoint', None) cloud_type = context.get('cloud_type', None) if (username == '') & (password == ''): username = context.get('publickey', None) password = context.get('secretkey', None) get_user_document().objects(username=request.user.username).first() user = get_user_document().objects( username=request.user.username).first() try: if platform == "Cnext": httpInst = httplib2.Http() httpInst.add_credentials(name = username, \ password = password) url = endpoint + "/api/instance?resourceType=vm" resp, body = httpInst.request(url) if resp.status == 200: cloud = tenantclouds(name=cloudname, cloud_type=cloud_type, platform=platform, cloud_meta={ "publickey": username, "privatekey": encode_decode(password, "encode"), "endpoint": endpoint }, tenantid=request.user.tenantid.id, cloudid=cloud_id) cloud.save() roles = roledetail.objects( tenantid=request.user.tenantid.id) allowed_action = actions.objects.first().allowed for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = { "cloudid": cloud.id, "provider": "ALL", "region": "ALL", "allowed": allowed_action } roledetail.objects(id=role.id).update( push__policy=i) else: pass if user.cnextname == "" or user.cnextname is None: user.cnextpublickey = username user.cnextprivatekey = encode_decode( password, "encode") user.cnextendpoint = endpoint user.cnextname = cloudname user.save() refresh_session_policies(request, request.user) return True else: return False elif platform == "Openstack": openstack_user = openstack_authenticate.authenticate( user_domain_name=None, username=username, password=password, auth_url=endpoint) utoken = openstack_user.token if utoken: cloud = tenantclouds(name=cloudname, cloud_type=cloud_type, platform=platform, cloud_meta={ "publickey": username, "privatekey": encode_decode(password, "encode"), "endpoint": endpoint }, tenantid=request.user.tenantid.id, cloudid=cloud_id) cloud.save() allowed_action = actions.objects.first().allowed roles = roledetail.objects( tenantid=request.user.tenantid.id) for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = { "cloudid": cloud.id, "provider": "", "region": "", "allowed": allowed_action } roledetail.objects(id=role.id).update( push__policy=i) if user.openstackname == "" or user.openstackname is None: otoken = trail.DocToken( user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog) user.token = otoken user.authorized_tenants = [ remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants ] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id user.endpoint = endpoint + "" user.openstackname = cloudname msg = _("Successfully user token created in " "Mongodb.") user.save() LOG.debug(msg) else: delete_token(endpoint, utoken.id) refresh_session_policies(request, request.user) return True else: return False elif platform == "Hpcloud": openstack_user = openstack_authenticate.authenticate( user_domain_name=None, username=username, password=password, auth_url=endpoint) utoken = openstack_user.token if utoken: cloud = tenantclouds(name=cloudname, cloud_type=cloud_type, platform=platform, cloud_meta={ "publickey": username, "privatekey": encode_decode(password, "encode"), "endpoint": endpoint }, tenantid=request.user.tenantid.id, cloudid=cloud_id) cloud.save() allowed_action = actions.objects.first().allowed roles = roledetail.objects( tenantid=request.user.tenantid.id) for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = { "cloudid": cloud.id, "provider": "", "region": "", "allowed": allowed_action } roledetail.objects(id=role.id).update( push__policy=i) otoken = trail.DocToken( user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog) hp = trail.Hpclouddata(token = otoken,\ authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants],\ service_catalog = openstack_user.service_catalog,\ services_region = openstack_user.services_region,\ project_name = openstack_user.project_name,\ tenant_name = openstack_user.tenant_name,\ tenant_id = openstack_user.tenant_id,\ project_id = openstack_user.project_id,\ endpoint = endpoint + "",\ hpcloudid = cloud.id ) hp.save() if user.hp_attr == "" or user.hp_attr is None: user.hp_attr = hp user.hpname = cloudname user.save() msg = _("Successfully user token created in " "Mongodb.") LOG.debug(msg) refresh_session_policies(request, request.user) return True else: return False elif platform == "Amazon": status = test(endpoint, username, password) if status == True: cloud = tenantclouds(name=cloudname, cloud_type=cloud_type, platform=platform, cloud_meta={ "publickey": username, "privatekey": encode_decode(password, "encode"), "endpoint": endpoint }, tenantid=request.user.tenantid.id, cloudid=cloud_id) cloud.save() roles = roledetail.objects( tenantid=request.user.tenantid.id) allowed_action = actions.objects.first().allowed for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = { "cloudid": cloud.id, "provider": "ALL", "region": "ALL", "allowed": allowed_action } roledetail.objects(id=role.id).update( push__policy=i) else: pass if user.awsname == "" or user.awsname is None: user.awspublickey = username user.awsprivatekey = encode_decode(password, "encode") user.awsendpoint = endpoint user.awsname = cloudname user.save() refresh_session_policies(request, request.user) return True else: return False else: cloud = tenantclouds(name=cloudname, cloud_type=cloud_type, platform=platform, cloud_meta={ "publickey": username, "privatekey": encode_decode(password, "encode"), "endpoint": endpoint }, tenantid=request.user.tenantid.id) cloud.save() roles = roledetail.objects(tenantid=request.user.tenantid.id) for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = { "cloudid": cloud.id, "provider": [], "region": [], "allowed": [ "Create Instance", "Delete Instance", "Create KP and SG", "Delete KP and SG", "Start Instance", "Stop Instance", "Create Volume", "Delete Volume", "Attach and Dettach Volume" ] } roledetail.objects(id=role.id).update(push__policy=i) return True except Exception, e: messages.error(request, _(e.message)) LOG.error(e.message)
def test_get_user_document(self): self.assertEqual(get_user_document(), User)
def handle(self, request, context): cloud_id = context.get('cloud_id', None) username = context.get('publickey', None) cloudname = context.get('cloudname', None) platform = context.get('platform', None) password = context.get('secretkey', None) endpoint = context.get('endpoint', None) cloud_type = context.get('cloud_type', None) if (username == '') & (password == ''): username = context.get('publickey', None) password = context.get('secretkey', None) get_user_document().objects(username=request.user.username).first() user = get_user_document().objects(username=request.user.username).first() try: if platform == "Cnext": httpInst = httplib2.Http() httpInst.add_credentials(name = username, \ password = password) url = endpoint + "/api/instance?resourceType=vm" resp, body = httpInst.request(url) if resp.status == 200 : cloud = tenantclouds(name = cloudname,cloud_type = cloud_type, platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint}, tenantid=request.user.tenantid.id, cloudid=cloud_id) cloud.save() roles = roledetail.objects(tenantid = request.user.tenantid.id) allowed_action = actions.objects.first().allowed for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = {"cloudid":cloud.id,"provider":"ALL","region":"ALL","allowed": allowed_action} roledetail.objects(id = role.id).update(push__policy=i) else: pass if user.cnextname == "" or user.cnextname is None: user.cnextpublickey = username user.cnextprivatekey = encode_decode(password,"encode") user.cnextendpoint = endpoint user.cnextname = cloudname user.save() refresh_session_policies(request, request.user) return True else: return False elif platform == "Openstack": openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=username, password=password, auth_url= endpoint) utoken = openstack_user.token if utoken: cloud = tenantclouds(name = cloudname,cloud_type = cloud_type, platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint}, tenantid=request.user.tenantid.id, cloudid=cloud_id) cloud.save() allowed_action = actions.objects.first().allowed roles = roledetail.objects(tenantid = request.user.tenantid.id) for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = {"cloudid":cloud.id,"provider":"","region":"","allowed":allowed_action} roledetail.objects(id = role.id).update(push__policy=i) if user.openstackname == "" or user.openstackname is None: otoken = trail.DocToken(user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog ) user.token = otoken user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id user.endpoint = endpoint + "" user.openstackname = cloudname msg = _("Successfully user token created in " "Mongodb.") user.save() LOG.debug(msg) else: delete_token(endpoint,utoken.id) refresh_session_policies(request, request.user) return True else: return False elif platform == "Hpcloud": openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=username, password=password, auth_url= endpoint) utoken = openstack_user.token if utoken: cloud = tenantclouds(name = cloudname,cloud_type = cloud_type, platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint}, tenantid=request.user.tenantid.id, cloudid=cloud_id) cloud.save() allowed_action = actions.objects.first().allowed roles = roledetail.objects(tenantid = request.user.tenantid.id) for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = {"cloudid":cloud.id,"provider":"","region":"","allowed":allowed_action} roledetail.objects(id = role.id).update(push__policy=i) otoken = trail.DocToken(user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog ) hp = trail.Hpclouddata(token = otoken,\ authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants],\ service_catalog = openstack_user.service_catalog,\ services_region = openstack_user.services_region,\ project_name = openstack_user.project_name,\ tenant_name = openstack_user.tenant_name,\ tenant_id = openstack_user.tenant_id,\ project_id = openstack_user.project_id,\ endpoint = endpoint + "",\ hpcloudid = cloud.id ) hp.save() if user.hp_attr == "" or user.hp_attr is None: user.hp_attr = hp user.hpname = cloudname user.save() msg = _("Successfully user token created in " "Mongodb.") LOG.debug(msg) refresh_session_policies(request, request.user) return True else: return False elif platform == "Amazon": status = test(endpoint,username,password) if status == True: cloud = tenantclouds(name = cloudname,cloud_type = cloud_type, platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint}, tenantid=request.user.tenantid.id, cloudid=cloud_id) cloud.save() roles = roledetail.objects(tenantid = request.user.tenantid.id) allowed_action = actions.objects.first().allowed for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = {"cloudid":cloud.id,"provider":"ALL","region":"ALL","allowed": allowed_action} roledetail.objects(id = role.id).update(push__policy=i) else: pass if user.awsname == "" or user.awsname is None: user.awspublickey = username user.awsprivatekey = encode_decode(password,"encode") user.awsendpoint = endpoint user.awsname = cloudname user.save() refresh_session_policies(request, request.user) return True else: return False else: cloud = tenantclouds(name = cloudname,cloud_type = cloud_type, platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint}, tenantid=request.user.tenantid.id) cloud.save() roles = roledetail.objects(tenantid = request.user.tenantid.id) for role in roles: if role.roletype == "Tenant Admin" and role.name == "Tenant Admin": i = {"cloudid":cloud.id,"provider":[],"region":[],"allowed":[ "Create Instance" , "Delete Instance" , "Create KP and SG" , "Delete KP and SG" , "Start Instance" , "Stop Instance" , "Create Volume" , "Delete Volume" , "Attach and Dettach Volume"]} roledetail.objects(id = role.id).update(push__policy=i) return True except Exception,e: messages.error(request,_(e.message)) LOG.error(e.message)
from datetime import datetime import binascii import os from mongoengine import Document, StringField, DateTimeField, ReferenceField from mongoengine.django.mongo_auth.models import get_user_document AUTH_USER_MODEL = get_user_document() class Token(Document): key = StringField(max_length=40, primary_key=True) user = ReferenceField(AUTH_USER_MODEL) created = DateTimeField(default=datetime.now()) def save(self, *args, **kwargs): if not self.key: self.key = self.generate_key() return super(Token, self).save(*args, **kwargs) def generate_key(self): return binascii.hexlify(os.urandom(20)).decode() def __str__(self): return self.key
import datetime from django.utils.six.moves import urllib_parse from django.utils.six.moves.urllib_request import urlopen, Request from django.contrib.auth.backends import ModelBackend from django.conf import settings from uuid import uuid4 from django_cas_ng.signals import cas_user_authenticated is_mongo_backend = getattr(settings, 'CAS_MONGO_BACKEND', True) if is_mongo_backend: from mongoengine.django.mongo_auth.models import get_user_document User = get_user_document() else: from django.contrib.auth import get_user_model User = get_user_model() __all__ = ['CASBackend'] def _verify_cas1(ticket, service): """Verifies CAS 1.0 authentication ticket. Returns username on success and None on failure. """ params = [('ticket', ticket), ('service', service)] url = (urllib_parse.urljoin(settings.CAS_SERVER_URL, 'validate') + '?' +
def handle(self, request, data): user = get_user_document().objects(username=request.user.username).first() user.awsendpoint = str(data['region_name']) user.save() return True
import datetime from django.utils.six.moves import urllib_parse from django.utils.six.moves.urllib_request import urlopen, Request from django.contrib.auth.backends import ModelBackend from django.conf import settings from uuid import uuid4 from django_cas_ng.signals import cas_user_authenticated is_mongo_backend = getattr(settings, 'CAS_MONGO_BACKEND', True) if is_mongo_backend: from mongoengine.django.mongo_auth.models import get_user_document User = get_user_document() else: from django.contrib.auth import get_user_model User = get_user_model() __all__ = ['CASBackend'] def _verify_cas1(ticket, service): """Verifies CAS 1.0 authentication ticket. Returns username on success and None on failure. """ params = [('ticket', ticket), ('service', service)] url = (urllib_parse.urljoin(settings.CAS_SERVER_URL, 'validate') + '?' +
from mongoengine import * from allauth.account import app_settings from mongoengine.django.mongo_auth.models import get_user_document from mongoengine.django.utils import datetime_now from django.utils.translation import ugettext_lazy as _ USER_DOCUMENT = get_user_document() from django.utils import timezone from moe_auth.auth import managers from django.utils.crypto import get_random_string from allauth.account import signals from allauth.utils import build_absolute_uri from allauth.account.adapter import get_adapter from django.core.urlresolvers import reverse import string def _simple_domain_name_validator(value): """ Validates that the given value contains no whitespaces to prevent common typos. """ if not value: return False checks = ((s in value) for s in string.whitespace) if any(checks): return False return True # raise ValidationError( # _("The domain name cannot contain any spaces or tabs."), # code='invalid', # )
def handle(self, request, context): id = context.get('id', None) username = context.get('username', None) cloudname = context.get('cloudname', None) password = context.get('password', None) endpoint = context.get('endpoint', None) if (username == '') & (password == ''): username = context.get('publickey', None) password = context.get('secretkey', None) try: user = get_user_document().objects(username=request.user.username).first() cloud = tenantclouds.objects(id = id).first() if cloud.platform =="Amazon": status = test(endpoint,username,password) if status == True: if user.awsname == cloud.name: user.awspublickey = username user.awsprivatekey = trail.encode_decode(password,"encode") user.awsendpoint = endpoint user.awsname = cloudname else: return False if cloud.platform =="Cnext": httpInst = httplib2.Http() httpInst.add_credentials(name = username, \ password = password) url = endpoint + ":8130/apiv2/instance" resp, body = httpInst.request(url) if resp.status == 200 : if user.cnextname == cloud.name: user.cnextpublickey = username user.cnextprivatekey = trail.encode_decode(password,"encode") user.cnextendpoint = endpoint user.cnextname = cloudname else: return False if cloud.platform =="Hpcloud": openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=username, password=password, auth_url= endpoint) utoken = openstack_user.token if utoken: hp = Hpclouddata.objects(id = request.user.hp_attr.id).first() hpcloud = tenantclouds.objects(id = hp.hpcloudid.id).first() if hpcloud.name == cloud.name: otoken = trail.DocToken(user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog ) hp.token = otoken hp.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants] hp.service_catalog = openstack_user.service_catalog hp.services_region = openstack_user.services_region hp.project_name = openstack_user.project_name hp.tenant_name = openstack_user.tenant_name hp.tenant_id = openstack_user.tenant_id hp.project_id = openstack_user.project_id hp.endpoint = endpoint hp.save() user.hpname = cloudname else: return False if cloud.platform =="Openstack": openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=username, password=password, auth_url= endpoint) utoken = openstack_user.token if utoken: if user.openstackname == cloud.name: delete_token(user.endpoint,user.token.id) otoken = trail.DocToken(user=utoken.user, user_domain_id=utoken.user_domain_id, id=utoken.id, project=utoken.project, tenant=utoken.project, domain=utoken.domain, roles=utoken.roles, serviceCatalog=utoken.serviceCatalog ) user.token = otoken user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants] user.service_catalog = openstack_user.service_catalog user.services_region = openstack_user.services_region user.project_name = openstack_user.project_name user.tenant_name = openstack_user.tenant_name user.tenant_id = openstack_user.tenant_id user.project_id = openstack_user.project_id user.endpoint = endpoint + "" user.openstackname = cloudname else: delete_token(endpoint,utoken.id) else: return False clouds = tenantclouds.objects(id = id).update(set__name = cloudname,set__cloud_meta ={"publickey":username,"privatekey":trail.encode_decode(password,"encode"),"endpoint":endpoint}) user.save() refresh_session_policies(request, request.user) return True except Exception,e: messages.error(request,_(e.message)) LOG.error(e.message)