"Fossies" - the Fresh Open Source Software Archive

Member "keystone-18.0.0/keystone/oauth1/core.py" (14 Oct 2020, 5964 Bytes) of package /linux/misc/openstack/keystone-18.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "core.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 17.0.0_vs_18.0.0.

    1 # Copyright 2013 OpenStack Foundation
    2 #
    3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 # not use this file except in compliance with the License. You may obtain
    5 # a copy of the License at
    6 #
    7 #      http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 # Unless required by applicable law or agreed to in writing, software
   10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 # License for the specific language governing permissions and limitations
   13 # under the License.
   14 
   15 """Main entry point into the OAuth1 service."""
   16 
   17 import uuid
   18 
   19 import oauthlib.common
   20 from oauthlib import oauth1
   21 from oslo_log import log
   22 
   23 from keystone.common import manager
   24 import keystone.conf
   25 from keystone import exception
   26 from keystone.i18n import _
   27 from keystone import notifications
   28 
   29 
   30 RequestValidator = oauth1.RequestValidator
   31 Client = oauth1.Client
   32 AccessTokenEndpoint = oauth1.AccessTokenEndpoint
   33 ResourceEndpoint = oauth1.ResourceEndpoint
   34 AuthorizationEndpoint = oauth1.AuthorizationEndpoint
   35 SIG_HMAC = oauth1.SIGNATURE_HMAC
   36 RequestTokenEndpoint = oauth1.RequestTokenEndpoint
   37 oRequest = oauthlib.common.Request
   38 
   39 
   40 class Token(object):
   41     def __init__(self, key, secret):
   42         self.key = key
   43         self.secret = secret
   44         self.verifier = None
   45 
   46     def set_verifier(self, verifier):
   47         self.verifier = verifier
   48 
   49 
   50 CONF = keystone.conf.CONF
   51 LOG = log.getLogger(__name__)
   52 
   53 
   54 def token_generator(*args, **kwargs):
   55     return uuid.uuid4().hex
   56 
   57 
   58 def get_oauth_headers(headers):
   59     parameters = {}
   60 
   61     # The incoming headers variable is your usual heading from context
   62     # In an OAuth signed req, where the oauth variables are in the header,
   63     # they with the key 'Authorization'.
   64 
   65     if headers and 'Authorization' in headers:
   66         # A typical value for Authorization is seen below
   67         # 'OAuth realm="", oauth_body_hash="2jm%3D", oauth_nonce="14475435"
   68         # along with other oauth variables, the 'OAuth ' part is trimmed
   69         # to split the rest of the headers.
   70 
   71         auth_header = headers['Authorization']
   72         params = oauth1.rfc5849.utils.parse_authorization_header(auth_header)
   73         parameters.update(dict(params))
   74         return parameters
   75     else:
   76         msg = 'Cannot retrieve Authorization headers'
   77         LOG.error(msg)
   78         raise exception.OAuthHeadersMissingError()
   79 
   80 
   81 def validate_oauth_params(query_string):
   82     # Invalid request would end up with the body like below:
   83     # 'error=invalid_request&description=missing+resource+owner+key'
   84     # Log this detail message so that we will know where is the
   85     # validation failed.
   86     params = oauthlib.common.extract_params(query_string)
   87     params_fitered = {k: v for k, v in params if not k.startswith('oauth_')}
   88     if params_fitered:
   89         if 'error' in params_fitered:
   90             msg = (
   91                 'Validation failed with errors: %(error)s, detail '
   92                 'message is: %(desc)s.') % {
   93                     'error': params_fitered['error'],
   94                     'desc': params_fitered['error_description']}
   95             tr_msg = _('Validation failed with errors: %(error)s, detail '
   96                        'message is: %(desc)s.') % {
   97                 'error': params_fitered['error'],
   98                 'desc': params_fitered['error_description']}
   99         else:
  100             msg = ('Unknown parameters found,'
  101                    'please provide only oauth parameters.')
  102             tr_msg = _('Unknown parameters found,'
  103                        'please provide only oauth parameters.')
  104         LOG.warning(msg)
  105         raise exception.ValidationError(message=tr_msg)
  106 
  107 
  108 class Manager(manager.Manager):
  109     """Default pivot point for the OAuth1 backend.
  110 
  111     See :mod:`keystone.common.manager.Manager` for more details on how this
  112     dynamically calls the backend.
  113 
  114     """
  115 
  116     driver_namespace = 'keystone.oauth1'
  117     _provides_api = 'oauth_api'
  118 
  119     _ACCESS_TOKEN = "OS-OAUTH1:access_token"  # nosec
  120     _REQUEST_TOKEN = "OS-OAUTH1:request_token"  # nosec
  121     _CONSUMER = "OS-OAUTH1:consumer"
  122 
  123     def __init__(self):
  124         super(Manager, self).__init__(CONF.oauth1.driver)
  125 
  126     def create_consumer(self, consumer_ref, initiator=None):
  127         consumer_ref = consumer_ref.copy()
  128         consumer_ref['secret'] = uuid.uuid4().hex
  129         ret = self.driver.create_consumer(consumer_ref)
  130         notifications.Audit.created(self._CONSUMER, ret['id'], initiator)
  131         return ret
  132 
  133     def update_consumer(self, consumer_id, consumer_ref, initiator=None):
  134         ret = self.driver.update_consumer(consumer_id, consumer_ref)
  135         notifications.Audit.updated(self._CONSUMER, consumer_id, initiator)
  136         return ret
  137 
  138     def delete_consumer(self, consumer_id, initiator=None):
  139         ret = self.driver.delete_consumer(consumer_id)
  140         notifications.Audit.deleted(self._CONSUMER, consumer_id, initiator)
  141         return ret
  142 
  143     def create_access_token(self, request_id, access_token_duration,
  144                             initiator=None):
  145         ret = self.driver.create_access_token(request_id,
  146                                               access_token_duration)
  147         notifications.Audit.created(self._ACCESS_TOKEN, ret['id'], initiator)
  148         return ret
  149 
  150     def delete_access_token(self, user_id, access_token_id, initiator=None):
  151         ret = self.driver.delete_access_token(user_id, access_token_id)
  152         notifications.Audit.deleted(self._ACCESS_TOKEN, access_token_id,
  153                                     initiator)
  154         return ret
  155 
  156     def create_request_token(self, consumer_id, requested_project,
  157                              request_token_duration, initiator=None):
  158         ret = self.driver.create_request_token(
  159             consumer_id, requested_project, request_token_duration)
  160         notifications.Audit.created(self._REQUEST_TOKEN, ret['id'],
  161                                     initiator)
  162         return ret