"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/common/validation/validators.py" (13 May 2020, 3818 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "validators.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    2 # not use this file except in compliance with the License. You may obtain
    3 # a copy of the License at
    4 #
    5 # http://www.apache.org/licenses/LICENSE-2.0
    6 #
    7 # Unless required by applicable law or agreed to in writing, software
    8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   10 # License for the specific language governing permissions and limitations
   11 # under the License.
   12 """Internal implementation of request body validating middleware."""
   13 
   14 import re
   15 
   16 import jsonschema
   17 from oslo_config import cfg
   18 from oslo_log import log
   19 
   20 from keystone import exception
   21 from keystone.i18n import _
   22 
   23 
   24 CONF = cfg.CONF
   25 LOG = log.getLogger(__name__)
   26 
   27 
   28 # TODO(rderose): extend schema validation and add this check there
   29 def validate_password(password):
   30     pattern = CONF.security_compliance.password_regex
   31     if pattern:
   32         if not isinstance(password, str):
   33             detail = _("Password must be a string type")
   34             raise exception.PasswordValidationError(detail=detail)
   35         try:
   36             if not re.match(pattern, password):
   37                 pattern_desc = (
   38                     CONF.security_compliance.password_regex_description)
   39                 raise exception.PasswordRequirementsValidationError(
   40                     detail=pattern_desc)
   41         except re.error:
   42             msg = ("Unable to validate password due to invalid regular "
   43                    "expression - password_regex: %s")
   44             LOG.error(msg, pattern)
   45             detail = _("Unable to validate password due to invalid "
   46                        "configuration")
   47             raise exception.PasswordValidationError(detail=detail)
   48 
   49 
   50 class SchemaValidator(object):
   51     """Resource reference validator class."""
   52 
   53     validator_org = jsonschema.Draft4Validator
   54 
   55     def __init__(self, schema):
   56         # NOTE(lbragstad): If at some point in the future we want to extend
   57         # our validators to include something specific we need to check for,
   58         # we can do it here. Nova's V3 API validators extend the validator to
   59         # include `self._validate_minimum` and `self._validate_maximum`. This
   60         # would be handy if we needed to check for something the jsonschema
   61         # didn't by default. See the Nova V3 validator for details on how this
   62         # is done.
   63         validators = {}
   64         validator_cls = jsonschema.validators.extend(self.validator_org,
   65                                                      validators)
   66         fc = jsonschema.FormatChecker()
   67         self.validator = validator_cls(schema, format_checker=fc)
   68 
   69     def validate(self, *args, **kwargs):
   70         try:
   71             self.validator.validate(*args, **kwargs)
   72         except jsonschema.ValidationError as ex:
   73             # NOTE: For whole OpenStack message consistency, this error
   74             # message has been written in a format consistent with WSME.
   75             if ex.path:
   76                 # NOTE(lbragstad): Here we could think about using iter_errors
   77                 # as a method of providing invalid parameters back to the
   78                 # user.
   79                 # TODO(lbragstad): If the value of a field is confidential or
   80                 # too long, then we should build the masking in here so that
   81                 # we don't expose sensitive user information in the event it
   82                 # fails validation.
   83                 path = '/'.join(map(str, ex.path))
   84                 detail = _("Invalid input for field '%(path)s': "
   85                            "%(message)s") % {'path': path,
   86                                              'message': str(ex)}
   87             else:
   88                 detail = str(ex)
   89             raise exception.SchemaValidationError(detail=detail)