validate_token returns AccessInfo
The keystoneclient token validation methods return AccessInfo instances. Clean up the code structure by keeping the AccessInfo as it is rather than converting it right away. Further work will utilize the AccessInfo in other parts of auth_token directly rather than converting it. Change-Id: I9f9c6f7bf0b99f6d37e3bf41ebe0c50cbe54e0db
This commit is contained in:
Brant Knudson
parent
49023e3514
commit
468addb411
@ -725,6 +725,8 @@ class AuthProtocol(object):
|
||||
# and needs to be checked.
|
||||
self._revocations.check(token_hashes)
|
||||
|
||||
auth_ref = access.AccessInfo.factory(body=data,
|
||||
auth_token=token)
|
||||
else:
|
||||
verified = None
|
||||
|
||||
@ -743,10 +745,17 @@ class AuthProtocol(object):
|
||||
|
||||
if verified is not None:
|
||||
data = jsonutils.loads(verified)
|
||||
auth_ref = access.AccessInfo.factory(body=data,
|
||||
auth_token=token)
|
||||
else:
|
||||
data = self._identity_server.verify_token(token)
|
||||
|
||||
auth_ref = access.AccessInfo.factory(body=data, auth_token=token)
|
||||
auth_ref = self._identity_server.verify_token(token)
|
||||
if auth_ref:
|
||||
if auth_ref.version == 'v2.0':
|
||||
data = {'access': auth_ref}
|
||||
else: # it's v3.
|
||||
data = {'token': auth_ref}
|
||||
else:
|
||||
data = None
|
||||
|
||||
# 0 seconds of validity means is it valid right now.
|
||||
if auth_ref.will_expire_soon(stale_duration=0):
|
||||
|
||||
@ -10,6 +10,8 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import functools
|
||||
|
||||
from keystoneclient import auth
|
||||
from keystoneclient import discover
|
||||
from keystoneclient import exceptions
|
||||
@ -47,10 +49,7 @@ class _V2RequestStrategy(_RequestStrategy):
|
||||
super(_V2RequestStrategy, self).__init__(adap, **kwargs)
|
||||
self._client = v2_client.Client(session=adap)
|
||||
|
||||
def verify_token(self, user_token):
|
||||
token = self._client.tokens.validate_access_info(user_token)
|
||||
data = {'access': token}
|
||||
return data
|
||||
self.verify_token = self._client.tokens.validate_access_info
|
||||
|
||||
def fetch_cert_file(self, cert_type):
|
||||
if cert_type == 'ca':
|
||||
@ -70,12 +69,9 @@ class _V3RequestStrategy(_RequestStrategy):
|
||||
super(_V3RequestStrategy, self).__init__(adap, **kwargs)
|
||||
self._client = v3_client.Client(session=adap)
|
||||
|
||||
def verify_token(self, user_token):
|
||||
token = self._client.tokens.validate(
|
||||
user_token,
|
||||
self.verify_token = functools.partial(
|
||||
self._client.tokens.validate,
|
||||
include_catalog=self._include_service_catalog)
|
||||
data = {'token': token}
|
||||
return data
|
||||
|
||||
def fetch_cert_file(self, cert_type):
|
||||
if cert_type == 'ca':
|
||||
@ -170,13 +166,14 @@ class IdentityServer(object):
|
||||
:param retry: flag that forces the middleware to retry
|
||||
user authentication when an indeterminate
|
||||
response is received. Optional.
|
||||
:returns: token object received from identity server on success
|
||||
:returns: access info received from identity server on success
|
||||
:rtype: :py:class:`keystoneclient.access.AccessInfo`
|
||||
:raises exc.InvalidToken: if token is rejected
|
||||
:raises exc.ServiceError: if unable to authenticate token
|
||||
|
||||
"""
|
||||
try:
|
||||
data = self._request_strategy.verify_token(user_token)
|
||||
auth_ref = self._request_strategy.verify_token(user_token)
|
||||
except exceptions.NotFound as e:
|
||||
self._LOG.warn(_LW('Authorization failed for token'))
|
||||
self._LOG.warn(_LW('Identity response: %s'), e.response.text)
|
||||
@ -192,7 +189,7 @@ class IdentityServer(object):
|
||||
e.http_status)
|
||||
self._LOG.warn(_LW('Identity response: %s'), e.response.text)
|
||||
else:
|
||||
return data
|
||||
return auth_ref
|
||||
|
||||
def fetch_revocation_list(self):
|
||||
try:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user