Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

# vim: tabstop=4 shiftwidth=4 softtabstop=4 

 

# Copyright 2013 OpenStack LLC 

# 

# Licensed under the Apache License, Version 2.0 (the "License"); you may 

# not use this file except in compliance with the License. You may obtain 

# a copy of the License at 

# 

#      http://www.apache.org/licenses/LICENSE-2.0 

# 

# Unless required by applicable law or agreed to in writing, software 

# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

# License for the specific language governing permissions and limitations 

# under the License. 

 

from keystone import auth 

from keystone.common import logging 

from keystone import exception 

from keystone import token 

 

 

METHOD_NAME = 'token' 

 

LOG = logging.getLogger(__name__) 

 

 

class Token(auth.AuthMethodHandler): 

    def __init__(self): 

        self.token_api = token.Manager() 

 

    def authenticate(self, context, auth_payload, user_context): 

        try: 

35            if 'id' not in auth_payload: 

                raise exception.ValidationError(attribute='id', 

                                                target=METHOD_NAME) 

            token_id = auth_payload['id'] 

            token_ref = self.token_api.get_token(context, token_id) 

            user_context.setdefault( 

                'user_id', token_ref['token_data']['token']['user']['id']) 

            # to support Grizzly-3 to Grizzly-RC1 transition 

            expires_at = token_ref['token_data']['token'].get( 

                'expires_at', token_ref['token_data']['token'].get('expires')) 

            user_context.setdefault('expires_at', expires_at) 

            user_context['extras'].update( 

                token_ref['token_data']['token']['extras']) 

            user_context['method_names'].extend( 

                token_ref['token_data']['token']['methods']) 

50            if 'trust' in token_ref['token_data']: 

                raise exception.Forbidden() 

        except AssertionError as e: 

            LOG.error(e) 

            raise exception.Unauthorized(e)