keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

handlers.py
Go to the documentation of this file.
1 # Copyright 2018 Catalyst Cloud Ltd
2 #
3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
4 # not use this file except in compliance with the License. You may obtain
5 # a copy of the License at
6 #
7 # http://www.apache.org/licenses/LICENSE-2.0
8 #
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 # License for the specific language governing permissions and limitations
13 # under the License.
14 
15 import flask
16 import http.client
17 from oslo_serialization import jsonutils
18 
19 from keystone.common import authorization
20 from keystone.common import provider_api
21 from keystone import exception
22 
23 
24 PROVIDERS = provider_api.ProviderAPIs
25 
26 
27 def extract_receipt(auth_context):
28  receipt_id = flask.request.headers.get(
29  authorization.AUTH_RECEIPT_HEADER, None)
30  if receipt_id:
31  receipt = PROVIDERS.receipt_provider_api.validate_receipt(
32  receipt_id)
33 
34  if auth_context['user_id'] != receipt.user_id:
36  "AuthContext user_id: %s does not match "
37  "user_id for supplied auth receipt: %s" %
38  (auth_context['user_id'], receipt.user_id),
39  receipt_id=receipt_id
40  )
41  else:
42  receipt = None
43  return receipt
44 
45 
47  receipt_reference = {
48  'receipt': {
49  'methods': receipt.methods,
50  'user': {
51  'id': receipt.user['id'],
52  'name': receipt.user['name'],
53  'domain': {
54  'id': receipt.user_domain['id'],
55  'name': receipt.user_domain['name'],
56  }
57  },
58  'expires_at': receipt.expires_at,
59  'issued_at': receipt.issued_at,
60  },
61  'required_auth_methods': receipt.required_methods,
62  }
63  return receipt_reference
64 
65 
66 def build_receipt(mfa_error):
67  receipt = PROVIDERS.receipt_provider_api. \
68  issue_receipt(mfa_error.user_id, mfa_error.methods)
69  resp_data = _render_receipt_response_from_model(receipt)
70  resp_body = jsonutils.dumps(resp_data)
71  response = flask.make_response(resp_body, http.client.UNAUTHORIZED)
72  response.headers[authorization.AUTH_RECEIPT_HEADER] = receipt.id
73  response.headers['Content-Type'] = 'application/json'
74  return response
keystone.receipt.handlers.extract_receipt
def extract_receipt(auth_context)
Definition: handlers.py:27
keystone.exception.ReceiptNotFound
Definition: exception.py:306
keystone.receipt.handlers._render_receipt_response_from_model
def _render_receipt_response_from_model(receipt)
Definition: handlers.py:46
keystone.common
Definition: __init__.py:1
keystone.receipt.handlers.build_receipt
def build_receipt(mfa_error)
Definition: handlers.py:66