def get_user(self, user_id): """ Just returns the user of a given ID. """ try: keystone = KeystoneBackend() keystone.request = self.request except: return None return keystone.get_user(user_id)
def get_user(request): try: user_id = request.session[auth.SESSION_KEY] backend_path = request.session[auth.BACKEND_SESSION_KEY] backend = auth.load_backend(backend_path) backend.request = request user = backend.get_user(user_id) or AnonymousUser() LOG.debug("user %s", user) request.session.set_expiry(settings.SESSION_TIMEOUT) LOG.debug("setting expiry to :%s", settings.SESSION_TIMEOUT) except KeyError: shib_header = None for possible_header in settings.SHIB_HEADERS: if possible_header in request.META and request.META.get( possible_header): shib_header = possible_header break if shib_header is not None: LOG.debug("Shibboleth header is set") LOG.debug("username %s", request.META.get(shib_header)) keystone = KeystoneBackend() try: user = keystone.authenticate( password='******', username=request.META.get(shib_header), auth_url=settings.OPENSTACK_KEYSTONE_URL, request=request) user.backend = 'openstack_auth.backend.KeystoneBackend' login(request, user) except (keystone_exceptions.Unauthorized, KeystoneAuthException): user = UnregisteredUser('Shibboleth', request.META.get(shib_header)) else: user = AnonymousUser() return user
def get_user(request): try: user_id = request.session[auth.SESSION_KEY] backend_path = request.session[auth.BACKEND_SESSION_KEY] backend = auth.load_backend(backend_path) backend.request = request user = backend.get_user(user_id) or AnonymousUser() request.session.set_expiry(settings.SESSION_TIMEOUT) except KeyError: shib_header = None for possible_header in settings.SHIB_HEADERS: if possible_header in request.META and request.META.get( possible_header): shib_header = possible_header break if shib_header is not None: LOG.debug("Shibboleth header is set") LOG.debug("username %s", request.META.get(shib_header)) keystone = KeystoneBackend() try: user = keystone.authenticate(password=settings.TUKEY_PASSWORD, username="******" % request.META.get(shib_header), auth_url=settings.OPENSTACK_KEYSTONE_URL, request=request) user.backend = 'openstack_auth.backend.KeystoneBackend' user.identifier = request.META.get(shib_header) login(request, user) except (keystone_exceptions.Unauthorized, KeystoneAuthException): user = UnregisteredUser('Shibboleth', request.META.get(shib_header)) else: user = AnonymousUser() return user
def authenticate(self, code=None, group=None, openid=None, provider=None, request=None): """ Reads in a code and asks Provider if it's valid and what user it points to. """ keystone = KeystoneBackend() self.keystone = keystone try: profile_handle = getattr(self, '_get_%s_profile' % provider) except AttributeError: LOG.warn("Need to define _get_%s_profile function." % provider) return user_profile = profile_handle(code=code, openid=openid, request=request) if not user_profile: return if not user_profile['valid']: msg = "Failed to login, you are not in %s group: %s" % (provider, group) messages.error(request, msg) return external_id = user_profile['user_id'] external_email = user_profile['user_email'] access_token = user_profile['access_token'] username = "******" % (provider, external_id) tenant_name = username password = "" try: # Try and find existing user external_user = ExternalProfile.objects.get(external_id=external_id) user = external_user.user # Update access_token external_user.access_token = access_token password = external_user.password external_user.save() LOG.info("User: %s exists" % username) except ExternalProfile.DoesNotExist: LOG.info("User: %s not exists, creating..." % username) # No existing user try: user = User.objects.create_user(username, external_email) except IntegrityError: # Username already exists, make it unique existing_user = User.objects.get(username=username) existing_user.delete() user = User.objects.create_user(username, external_email) user.save() password = "".join([random.choice( string.ascii_lowercase + string.digits) for i in range(8)]) try: # Create the UserProfile external_user = ExternalProfile(user=user, external_id=external_id, access_token=access_token, password=password) keystone_admin = self._admin_client() tenant = keystone_admin.tenants.create(tenant_name, "Auto created account", True) user = keystone_admin.users.create(tenant_name, password, external_email, tenant.id, True) member_user_role = settings.MEMBER_USER_ROLE keystone_admin.roles.add_user_role(user.id, member_user_role, tenant.id) external_user.tenant_id = tenant.id external_user.save() except Exception as e: LOG.warn("Error creating user: %s, error: %s" % (username, e)) return try: user = keystone.authenticate(request=request, username=username, password=password, tenant=None, auth_url=settings.OPENSTACK_KEYSTONE_URL) return user except Exception as e: messages.error(request, "Failed to login: %s" % e)
def authenticate(self, token=None, request=None): """ Reads in a Facebook code and asks Facebook if it's valid and what user it points to. """ logger.error('test') keystone = KeystoneBackend() self.keystone = keystone # Get a legit access token from Facebook access_token, fb_profile = self.facebook_get_token_profile( token, request) if not access_token: # No access token means failed auth to FB msg = _("Facebook login invalid or Token Expired") messages.error(request, msg) logger.error(msg) return None facebook_id = fb_profile['id'] # verify TryStack group membership if not self.facebook_trystack_group_member(access_token): msg = _( "Facebook id %s is not a member of the TryStack Facebook group" % facebook_id) messages.error(request, msg) logger.error(msg) return None #### If we got here then auth and group membership are valid #### time to ensure the user exists and get a token # create user and tenant if they don't exist username = tenant_name = "facebook%s" % facebook_id password = "".join([ random.choice(string.ascii_lowercase + string.digits) for i in range(8) ]) if not self.keystone_user_exists(username): tenant = self.add_keystone_user(settings, tenant_name, password, fb_profile) else: tenant = self.get_keystone_tenant(tenant_name) # get a keystone token for the user (requires the custom auth filter) d = '{"auth":{"%s": "customer-x", "passwordCredentials": {"username": "******", "password": "******"}}}' % ( username, username) url = "%s/tokens/" % self.keystone_get_endpoint('keystone', 'adminurl') headers = { 'Content-Type': 'application/json; charset=UTF-8', 'X-Auth-Token': settings.ADMIN_TOKEN } resp, content = Http().request(uri=url, method="POST", headers=headers, body=d) # load the token, create a new client based on the token auth_json = json.loads(content)['access'] client = keystone_client.Client( username=username, tenant_name=username, token=auth_json['token']['id'], auth_url=settings.OPENSTACK_KEYSTONE_URL) # use the client and token to create a Token object token = Token(auth_ref=client.auth_ref) # generate a django user (this is how openstack_auth.backend does it too) user = create_user_from_token(request, token, settings.OPENSTACK_KEYSTONE_URL) #client.service_catalog.url_for(endpoint_type='publicURL')) return user
def authenticate(self, code=None, group=None, openid=None, provider=None, request=None): """ Reads in a code and asks Provider if it's valid and what user it points to. """ keystone = KeystoneBackend() self.keystone = keystone try: profile_handle = getattr(self, '_get_%s_profile' % provider) except AttributeError: LOG.warn("Need to define _get_%s_profile function." % provider) return user_profile = profile_handle(code=code, openid=openid, request=request) if not user_profile: return if not user_profile['valid']: msg = "Failed to login, you are not in %s group: %s" % (provider, group) messages.error(request, msg) return external_id = user_profile['user_id'] external_email = user_profile['user_email'] access_token = user_profile['access_token'] username = "******" % (provider, external_id) tenant_name = username password = "" try: # Try and find existing user external_user = ExternalProfile.objects.get( external_id=external_id) user = external_user.user # Update access_token external_user.access_token = access_token password = external_user.password external_user.save() LOG.info("User: %s exists" % username) except ExternalProfile.DoesNotExist: LOG.info("User: %s not exists, creating..." % username) # No existing user try: user = User.objects.create_user(username, external_email) except IntegrityError: # Username already exists, make it unique existing_user = User.objects.get(username=username) existing_user.delete() user = User.objects.create_user(username, external_email) user.save() password = "".join([ random.choice(string.ascii_lowercase + string.digits) for i in range(8) ]) try: # Create the UserProfile external_user = ExternalProfile(user=user, external_id=external_id, access_token=access_token, password=password) keystone_admin = self._admin_client() tenant = keystone_admin.tenants.create(tenant_name, "Auto created account", True) user = keystone_admin.users.create(tenant_name, password, external_email, tenant.id, True) member_user_role = settings.MEMBER_USER_ROLE keystone_admin.roles.add_user_role(user.id, member_user_role, tenant.id) external_user.tenant_id = tenant.id external_user.save() except Exception as e: LOG.warn("Error creating user: %s, error: %s" % (username, e)) return try: user = keystone.authenticate( request=request, username=username, password=password, tenant=None, auth_url=settings.OPENSTACK_KEYSTONE_URL) return user except Exception as e: messages.error(request, "Failed to login: %s" % e)
def authenticate(self, token=None, openid=None, request=None): """ Reads in a Sina/Tencent code and asks Sina/Tencent if it's valid and what user it points to. """ keystone = KeystoneBackend() self.keystone = keystone # Sina weibo does not need `openid` if not openid: user_profile = self._get_sina_profile(token=token, request=request) else: user_profile = self._get_tencent_profile(token=token, openid=openid, request=request) if not user_profile: return if not user_profile['valid']: return external_id = user_profile['user_id'] external_email = user_profile['user_email'] access_token = user_profile['access_token'] if not openid: username = "******" % external_id tenant_name = "sina_%s" % external_id else: username = "******" % external_id tenant_name = "tencent_%s" % external_id password = "" try: # Try and find existing user external_user = ExternalProfile.objects.get(external_id=external_id) user = external_user.user # Update access_token external_user.access_token = access_token password = external_user.password external_user.save() except ExternalProfile.DoesNotExist: # No existing user try: try: user = User.objects.create_user(username, external_email) except IntegrityError: # Username already exists, make it unique existing_user = User.objects.get(username=username) existing_user.delete() user = User.objects.create_user(username, external_email) user.save() password = "".join([random.choice( string.ascii_lowercase + string.digits) for i in range(8)]) # Create the UserProfile external_user = ExternalProfile(user=user, external_id=external_id, access_token=access_token, password=password) keystone_admin = self._admin_client() tenant = keystone_admin.tenants.create(tenant_name, "Auto created account", True) user = keystone_admin.users.create(tenant_name, password, external_email, tenant.id, True) member_user_role = settings.MEMBER_USER_ROLE keystone_admin.roles.add_user_role(user.id, member_user_role, tenant.id) external_user.tenant_id = tenant.id external_user.save() except: external_user.delete() try: user = keystone.authenticate(request=request, username=username, password=password, tenant=None, auth_url=settings.OPENSTACK_KEYSTONE_URL) return user except Exception as e: messages.error(request, "Failed to login: %s" % e)
def authenticate(self, token=None, request=None): """ Reads in a Facebook code and asks Facebook if it's valid and what user it points to. """ keystone = KeystoneBackend() self.keystone = keystone args = { 'client_id': settings.FACEBOOK_APP_ID, 'client_secret': settings.FACEBOOK_APP_SECRET, 'redirect_uri': request.build_absolute_uri( reverse('horizon.facebook.views.authentication_callback')), 'code': token, } # Get a legit access token target = urllib.urlopen( 'https://graph.facebook.com/oauth/access_token?' + urllib.urlencode(args)).read() response = cgi.parse_qs(target) if 'access_token' not in response: messages.error( request, _("Token Expired, please login again.")) return None access_token = response['access_token'][-1] # Read the user's profile information fb_profile = urllib.urlopen( 'https://graph.facebook.com/me?access_token=%s' % access_token) fb_profile = json.load(fb_profile) tenant_id = None password = "" try: # Try and find existing user fb_user = FacebookProfile.objects.get(facebook_id=fb_profile['id']) user = fb_user.user # Update access_token fb_user.access_token = access_token password = fb_user.password tenant_id = fb_user.tenant_id fb_user.save() except FacebookProfile.DoesNotExist: # No existing user try: facebook_id = fb_profile['id'] username = "******" % facebook_id try: user = User.objects.create_user(username, fb_profile['email']) except IntegrityError: # Username already exists, make it unique existing_user = User.objects.get(username=username) existing_user.delete() user = User.objects.create_user(username, fb_profile['email']) user.save() password = "".join([random.choice( string.ascii_lowercase + string.digits) for i in range(8)]) # Create the FacebookProfile fb_user = FacebookProfile(user=user, facebook_id=fb_profile['id'], access_token=access_token, password=password) tenant_name = "facebook%s" % fb_profile['id'] if not self.keystone_user_exists(username): tenant = self.add_keystone_user(settings, tenant_name, password, fb_profile) else: tenant = self.get_keystone_tenant(settings, tenant_name) fb_user.tenant_id = tenant.id tenant_id = fb_user.tenant_id fb_user.save() except Exception, e: messages.error(request, e) fb_user.delete()