"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "openstack_auth/backend.py" between
horizon-22.1.0.tar.gz and horizon-23.0.0.tar.gz

About: OpenStack Horizon (Optional Service: Dashboard) provides a web-based self-service portal to interact with underlying OpenStack services, such as launching an instance, assigning IP addresses and configuring access controls.
The "Zed" series (latest release).

backend.py  (horizon-22.1.0):backend.py  (horizon-23.0.0)
skipping to change at line 111 skipping to change at line 111
auth_url, url_fixed = utils.fix_auth_url_version_prefix(auth_url) auth_url, url_fixed = utils.fix_auth_url_version_prefix(auth_url)
if url_fixed: if url_fixed:
LOG.warning("The OPENSTACK_KEYSTONE_URL setting points to a v2.0 " LOG.warning("The OPENSTACK_KEYSTONE_URL setting points to a v2.0 "
"Keystone endpoint, but v3 is specified as the API " "Keystone endpoint, but v3 is specified as the API "
"version to use by Horizon. Using v3 endpoint for " "version to use by Horizon. Using v3 endpoint for "
"authentication.") "authentication.")
plugin, unscoped_auth = self._get_auth_backend(auth_url, **kwargs) plugin, unscoped_auth = self._get_auth_backend(auth_url, **kwargs)
client_ip = utils.get_client_ip(request)
session = utils.get_session(original_ip=client_ip)
# the recent project id a user might have set in a cookie # the recent project id a user might have set in a cookie
recent_project = None recent_project = None
if request: if request:
# Grab recent_project found in the cookie, try to scope # Grab recent_project found in the cookie, try to scope
# to the last project used. # to the last project used.
recent_project = request.COOKIES.get('recent_project') recent_project = request.COOKIES.get('recent_project')
unscoped_auth_ref = plugin.get_access_info(unscoped_auth) unscoped_auth_ref = plugin.get_access_info(unscoped_auth,
session=session)
# Check expiry for our unscoped auth ref. # Check expiry for our unscoped auth ref.
self._check_auth_expiry(unscoped_auth_ref) self._check_auth_expiry(unscoped_auth_ref)
domain_name = kwargs.get('user_domain_name', None) domain_name = kwargs.get('user_domain_name', None)
domain_auth, domain_auth_ref = plugin.get_domain_scoped_auth( domain_auth, domain_auth_ref = plugin.get_domain_scoped_auth(
unscoped_auth, unscoped_auth_ref, domain_name) unscoped_auth, unscoped_auth_ref, domain_name, session=session)
scoped_auth, scoped_auth_ref = plugin.get_project_scoped_auth( scoped_auth, scoped_auth_ref = plugin.get_project_scoped_auth(
unscoped_auth, unscoped_auth_ref, recent_project=recent_project) unscoped_auth, unscoped_auth_ref, recent_project=recent_project,
session=session)
# Abort if there are no projects for this user and a valid domain # Abort if there are no projects for this user and a valid domain
# token has not been obtained # token has not been obtained
# #
# The valid use cases for a user login are: # The valid use cases for a user login are:
# Keystone v2: user must have a role on a project and be able # Keystone v2: user must have a role on a project and be able
# to obtain a project scoped token # to obtain a project scoped token
# Keystone v3: 1) user can obtain a domain scoped token (user # Keystone v3: 1) user can obtain a domain scoped token (user
# has a role on the domain they authenticated to), # has a role on the domain they authenticated to),
# only, no roles on a project # only, no roles on a project
skipping to change at line 207 skipping to change at line 212
else: else:
request.session['domain_token'] = domain_auth_ref request.session['domain_token'] = domain_auth_ref
request.user = user request.user = user
timeout = settings.SESSION_TIMEOUT timeout = settings.SESSION_TIMEOUT
token_life = user.token.expires - datetime.datetime.now(pytz.utc) token_life = user.token.expires - datetime.datetime.now(pytz.utc)
session_time = min(timeout, int(token_life.total_seconds())) session_time = min(timeout, int(token_life.total_seconds()))
request.session.set_expiry(session_time) request.session.set_expiry(session_time)
keystone_client_class = utils.get_keystone_client().Client keystone_client_class = utils.get_keystone_client().Client
session = utils.get_session()
scoped_client = keystone_client_class(session=session, scoped_client = keystone_client_class(session=session,
auth=scoped_auth) auth=scoped_auth)
# Support client caching to save on auth calls. # Support client caching to save on auth calls.
setattr(request, KEYSTONE_CLIENT_ATTR, scoped_client) setattr(request, KEYSTONE_CLIENT_ATTR, scoped_client)
LOG.debug('Authentication completed.') LOG.debug('Authentication completed.')
return user return user
def get_group_permissions(self, user, obj=None): def get_group_permissions(self, user, obj=None):
 End of changes. 5 change blocks. 
4 lines changed or deleted 8 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)