← Back to branch summary

~hudson-openstack/nova/trunk

« back to all changes in this revision

Viewing changes to nova/api/openstack/auth.py

  • Committer: Tarmac
  • Author(s): Brian Lamar
  • Date: 2011-04-16 20:01:23 UTC
  • mfrom: (947.3.3 osapi-logging-lp752663)
  • Revision ID: tarmac-20110416200123-osl5db7i8qsn3d0a
Add additional logging for WSGI and OpenStack API authentication.

Show diffs side-by-side

added added

removed removed

Lines of Context:
nova/api/openstack/auth.py
55
55
        user = self.get_user_by_authentication(req)
56
56
        accounts = self.auth.get_projects(user=user)
57
57
        if not user:
 
58
            token = req.headers["X-Auth-Token"]
 
59
            msg = _("%(user)s could not be found with token '%(token)s'")
 
60
            LOG.warn(msg % locals())
58
61
            return faults.Fault(webob.exc.HTTPUnauthorized())
59
62
 
60
63
        if accounts:
66
69
 
67
70
        if not self.auth.is_admin(user) and \
68
71
           not self.auth.is_project_member(user, account):
 
72
            msg = _("%(user)s must be an admin or a member of %(account)s")
 
73
            LOG.warn(msg % locals())
69
74
            return faults.Fault(webob.exc.HTTPUnauthorized())
70
75
 
71
76
        req.environ['nova.context'] = context.RequestContext(user, account)
82
87
        # honor it
83
88
        path_info = req.path_info
84
89
        if len(path_info) > 1:
85
 
            return faults.Fault(webob.exc.HTTPUnauthorized())
 
90
            msg = _("Authentication requests must be made against a version "
 
91
                    "root (e.g. /v1.0 or /v1.1).")
 
92
            LOG.warn(msg)
 
93
            return faults.Fault(webob.exc.HTTPUnauthorized(explanation=msg))
86
94
 
87
95
        try:
88
96
            username = req.headers['X-Auth-User']
89
97
            key = req.headers['X-Auth-Key']
90
 
        except KeyError:
 
98
        except KeyError as ex:
 
99
            LOG.warn(_("Could not find %s in request.") % ex)
91
100
            return faults.Fault(webob.exc.HTTPUnauthorized())
92
101
 
93
102
        token, user = self._authorize_user(username, key, req)
100
109
            res.headers['X-CDN-Management-Url'] = token.cdn_management_url
101
110
            res.content_type = 'text/plain'
102
111
            res.status = '204'
 
112
            LOG.debug(_("Successfully authenticated '%s'") % username)
103
113
            return res
104
114
        else:
105
115
            return faults.Fault(webob.exc.HTTPUnauthorized())
139
149
        try:
140
150
            user = self.auth.get_user_from_access_key(key)
141
151
        except exception.NotFound:
 
152
            LOG.warn(_("User not found with provided API key."))
142
153
            user = None
143
154
 
144
155
        if user and user.name == username:
153
164
            token_dict['user_id'] = user.id
154
165
            token = self.db.auth_token_create(ctxt, token_dict)
155
166
            return token, user
 
167
        elif user and user.name != username:
 
168
            msg = _("Provided API key is valid, but not for user "
 
169
                    "'%(username)s'") % locals()
 
170
            LOG.warn(msg)
 
171
 
156
172
        return None, None