"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/auth/plugins/base.py" (13 May 2020, 3476 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "base.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 # Copyright 2013 OpenStack Foundation
    2 #
    3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 # not use this file except in compliance with the License. You may obtain
    5 # a copy of the License at
    6 #
    7 #      http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 # Unless required by applicable law or agreed to in writing, software
   10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 # License for the specific language governing permissions and limitations
   13 # under the License.
   14 
   15 import abc
   16 import collections
   17 
   18 from keystone.common import provider_api
   19 from keystone import exception
   20 
   21 
   22 AuthHandlerResponse = collections.namedtuple(
   23     'AuthHandlerResponse', 'status, response_body, response_data')
   24 
   25 
   26 class AuthMethodHandler(provider_api.ProviderAPIMixin, object,
   27                         metaclass=abc.ABCMeta):
   28     """Abstract base class for an authentication plugin."""
   29 
   30     def __init__(self):
   31         pass
   32 
   33     @abc.abstractmethod
   34     def authenticate(self, auth_payload):
   35         """Authenticate user and return an authentication context.
   36 
   37         :param auth_payload: the payload content of the authentication request
   38                              for a given method
   39         :type auth_payload: dict
   40 
   41         If successful, plugin must set ``user_id`` in ``response_data``.
   42         ``method_name`` is used to convey any additional authentication methods
   43         in case authentication is for re-scoping. For example, if the
   44         authentication is for re-scoping, plugin must append the previous
   45         method names into ``method_names``; NOTE: This behavior is exclusive
   46         to the re-scope type action. Here's an example of ``response_data`` on
   47         successful authentication::
   48 
   49             {
   50                 "methods": [
   51                     "password",
   52                     "token"
   53                 ],
   54                 "user_id": "abc123"
   55             }
   56 
   57         Plugins are invoked in the order in which they are specified in the
   58         ``methods`` attribute of the ``identity`` object. For example,
   59         ``custom-plugin`` is invoked before ``password``, which is invoked
   60         before ``token`` in the following authentication request::
   61 
   62             {
   63                 "auth": {
   64                     "identity": {
   65                         "custom-plugin": {
   66                             "custom-data": "sdfdfsfsfsdfsf"
   67                         },
   68                         "methods": [
   69                             "custom-plugin",
   70                             "password",
   71                             "token"
   72                         ],
   73                         "password": {
   74                             "user": {
   75                                 "id": "s23sfad1",
   76                                 "password": "secret"
   77                             }
   78                         },
   79                         "token": {
   80                             "id": "sdfafasdfsfasfasdfds"
   81                         }
   82                     }
   83                 }
   84             }
   85 
   86         :returns: AuthHandlerResponse with status set to ``True`` if auth was
   87                   successful. If `status` is ``False`` and this is a multi-step
   88                   auth, the ``response_body`` can be in a form of a dict for
   89                   the next step in authentication.
   90 
   91         :raises keystone.exception.Unauthorized: for authentication failure
   92         """
   93         raise exception.Unauthorized()