Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

# vim: tabstop=4 shiftwidth=4 softtabstop=4 

 

# Copyright 2013 OpenStack LLC 

# 

# Licensed under the Apache License, Version 2.0 (the "License"); you may 

# not use this file except in compliance with the License. You may obtain 

# a copy of the License at 

# 

#      http://www.apache.org/licenses/LICENSE-2.0 

# 

# Unless required by applicable law or agreed to in writing, software 

# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

# License for the specific language governing permissions and limitations 

# under the License. 

 

from keystone.common import dependency 

from keystone import exception 

 

 

@dependency.requires('identity_api') 

class AuthMethodHandler(object): 

    """Abstract base class for an authentication plugin.""" 

 

    def __init__(self): 

        pass 

 

    def authenticate(self, context, auth_payload, auth_context): 

        """Authenticate user and return an authentication context. 

 

        :param context: keystone's request context 

        :auth_payload: the content of the authentication for a given method 

        :auth_context: user authentication context, a dictionary shared 

                       by all plugins. It contains "method_names" and "extras" 

                       by default. "method_names" is a list and "extras" is 

                       a dictionary. 

 

        If successful, plugin must set "user_id" in "auth_context". 

        "method_name" is used to convey any additional authentication methods 

        in case authentication is for re-scoping. For example, 

        if the authentication is for re-scoping, plugin must append the 

        previous method names into "method_names". Also, plugin may add 

        any additional information into "extras". Anything in "extras" 

        will be conveyed in the token's "extras" field. Here's an example of 

        "auth_context" on successful authentication. 

 

        {"user_id": "abc123", 

         "methods": ["password", "token"], 

         "extras": {}} 

 

        Plugins are invoked in the order in which they are specified in the 

        "methods" attribute of the "identity" object. 

        For example, with the following authentication request, 

 

        {"auth": { 

            "identity": { 

                "methods": ["custom-plugin", "password", "token"], 

                "token": { 

                    "id": "sdfafasdfsfasfasdfds" 

                }, 

                "custom-plugin": { 

                    "custom-data": "sdfdfsfsfsdfsf" 

                }, 

                "password": { 

                    "user": { 

                        "id": "s23sfad1", 

                        "password": "secrete" 

                    } 

                } 

            } 

        }} 

 

        plugins will be invoked in this order: 

 

        1. custom-plugin 

        2. password 

        3. token 

 

        :returns: None if authentication is successful. 

                  Authentication payload in the form of a dictionary for the 

                  next authentication step if this is a multi step 

                  authentication. 

        :raises: exception.Unauthorized for authentication failure 

        """ 

        raise exception.Unauthorized()