← Back to branch summary

~nova-coresec/nova/ppa-lucid

« back to all changes in this revision

Viewing changes to nova/api/openstack/auth.py

  • Committer: Soren Hansen
  • Date: 2010-10-20 02:31:51 UTC
  • mfrom: (195.1.88 ubuntu-packaging)
  • Revision ID: soren.hansen@rackspace.com-20101020023151-pzo6st38dd8xdo81
Merge ubuntu packaging branch.

Show diffs side-by-side

added added

removed removed

Lines of Context:
nova/api/openstack/auth.py
11
11
from nova import flags
12
12
from nova import manager
13
13
from nova import utils
14
 
from nova.api.rackspace import faults
 
14
from nova.api.openstack import faults
15
15
 
16
16
FLAGS = flags.FLAGS
17
17
 
19
19
    pass
20
20
 
21
21
class BasicApiAuthManager(object):
22
 
    """ Implements a somewhat rudimentary version of Rackspace Auth"""
 
22
    """ Implements a somewhat rudimentary version of OpenStack Auth"""
23
23
 
24
24
    def __init__(self, host=None, db_driver=None):
25
25
        if not host:
26
26
            host = FLAGS.host
27
 
        self.host = host                                                                                                                                     
 
27
        self.host = host
28
28
        if not db_driver:
29
 
            db_driver = FLAGS.db_driver                                                                                                                      
 
29
            db_driver = FLAGS.db_driver
30
30
        self.db = utils.import_object(db_driver)
31
31
        self.auth = auth.manager.AuthManager()
32
32
        self.context = Context()
40
40
            return faults.Fault(webob.exc.HTTPUnauthorized())
41
41
 
42
42
        try:
43
 
            username, key = req.headers['X-Auth-User'], \
44
 
                req.headers['X-Auth-Key']
 
43
            username = req.headers['X-Auth-User']
 
44
            key = req.headers['X-Auth-Key']
45
45
        except KeyError:
46
46
            return faults.Fault(webob.exc.HTTPUnauthorized())
47
47
 
48
 
        username, key = req.headers['X-Auth-User'], req.headers['X-Auth-Key']
49
48
        token, user = self._authorize_user(username, key)
50
49
        if user and token:
51
50
            res = webob.Response()
52
 
            res.headers['X-Auth-Token'] = token['token_hash']
 
51
            res.headers['X-Auth-Token'] = token.token_hash
53
52
            res.headers['X-Server-Management-Url'] = \
54
 
                token['server_management_url']
55
 
            res.headers['X-Storage-Url'] = token['storage_url']
56
 
            res.headers['X-CDN-Management-Url'] = token['cdn_management_url']
 
53
                token.server_management_url
 
54
            res.headers['X-Storage-Url'] = token.storage_url
 
55
            res.headers['X-CDN-Management-Url'] = token.cdn_management_url
57
56
            res.content_type = 'text/plain'
58
57
            res.status = '204'
59
58
            return res
65
64
        
66
65
        If the token has expired, returns None
67
66
        If the token is not found, returns None
68
 
        Otherwise returns the token
 
67
        Otherwise returns dict(id=(the authorized user's id))
69
68
 
70
69
        This method will also remove the token if the timestamp is older than
71
70
        2 days ago.
72
71
        """
73
72
        token = self.db.auth_get_token(self.context, token_hash) 
74
73
        if token:
75
 
            delta = datetime.datetime.now() - token['created_at']
 
74
            delta = datetime.datetime.now() - token.created_at
76
75
            if delta.days >= 2:
77
76
                self.db.auth_destroy_token(self.context, token)
78
77
            else:
79
 
                user = self.auth.get_user(token['user_id'])
80
 
                return { 'id':user['uid'] }
 
78
                #TODO(gundlach): Why not just return dict(id=token.user_id)?
 
79
                user = self.auth.get_user(token.user_id)
 
80
                return {'id': user.id}
81
81
        return None
82
82
 
83
83
    def _authorize_user(self, username, key):
84
84
        """ Generates a new token and assigns it to a user """
85
85
        user = self.auth.get_user_from_access_key(key)
86
 
        if user and user['name'] == username:
 
86
        if user and user.name == username:
87
87
            token_hash = hashlib.sha1('%s%s%f' % (username, key,
88
88
                time.time())).hexdigest()
89
 
            token = {}
90
 
            token['token_hash'] = token_hash
91
 
            token['cdn_management_url'] = ''
92
 
            token['server_management_url'] = self._get_server_mgmt_url()
93
 
            token['storage_url'] = ''
94
 
            token['user_id'] = user['uid']
95
 
            self.db.auth_create_token(self.context, token)
 
89
            token_dict = {}
 
90
            token_dict['token_hash'] = token_hash
 
91
            token_dict['cdn_management_url'] = ''
 
92
            token_dict['server_management_url'] = self._get_server_mgmt_url()
 
93
            token_dict['storage_url'] = ''
 
94
            token_dict['user_id'] = user.id
 
95
            token = self.db.auth_create_token(self.context, token_dict)
96
96
            return token, user
97
97
        return None, None 
98
98