"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/receipt/handlers.py" (13 May 2020, 2511 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "handlers.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 # Copyright 2018 Catalyst Cloud Ltd
    2 #
    3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 # not use this file except in compliance with the License. You may obtain
    5 # a copy of the License at
    6 #
    7 #      http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 # Unless required by applicable law or agreed to in writing, software
   10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 # License for the specific language governing permissions and limitations
   13 # under the License.
   14 
   15 import flask
   16 import http.client
   17 from oslo_serialization import jsonutils
   18 
   19 from keystone.common import authorization
   20 from keystone.common import provider_api
   21 from keystone import exception
   22 
   23 
   24 PROVIDERS = provider_api.ProviderAPIs
   25 
   26 
   27 def extract_receipt(auth_context):
   28     receipt_id = flask.request.headers.get(
   29         authorization.AUTH_RECEIPT_HEADER, None)
   30     if receipt_id:
   31         receipt = PROVIDERS.receipt_provider_api.validate_receipt(
   32             receipt_id)
   33 
   34         if auth_context['user_id'] != receipt.user_id:
   35             raise exception.ReceiptNotFound(
   36                 "AuthContext user_id: %s does not match "
   37                 "user_id for supplied auth receipt: %s" %
   38                 (auth_context['user_id'], receipt.user_id),
   39                 receipt_id=receipt_id
   40             )
   41     else:
   42         receipt = None
   43     return receipt
   44 
   45 
   46 def _render_receipt_response_from_model(receipt):
   47     receipt_reference = {
   48         'receipt': {
   49             'methods': receipt.methods,
   50             'user': {
   51                 'id': receipt.user['id'],
   52                 'name': receipt.user['name'],
   53                 'domain': {
   54                     'id': receipt.user_domain['id'],
   55                     'name': receipt.user_domain['name'],
   56                 }
   57             },
   58             'expires_at': receipt.expires_at,
   59             'issued_at': receipt.issued_at,
   60         },
   61         'required_auth_methods': receipt.required_methods,
   62     }
   63     return receipt_reference
   64 
   65 
   66 def build_receipt(mfa_error):
   67     receipt = PROVIDERS.receipt_provider_api. \
   68         issue_receipt(mfa_error.user_id, mfa_error.methods)
   69     resp_data = _render_receipt_response_from_model(receipt)
   70     resp_body = jsonutils.dumps(resp_data)
   71     response = flask.make_response(resp_body, http.client.UNAUTHORIZED)
   72     response.headers[authorization.AUTH_RECEIPT_HEADER] = receipt.id
   73     response.headers['Content-Type'] = 'application/json'
   74     return response