2
from hashlib import sha1
3
from nova import datastore
5
class FakeAuth(object):
6
def __init__(self, store=datastore.Redis.instance):
8
self.auth_hash = 'rs_fake_auth'
9
self._store.hsetnx(self.auth_hash, 'rs_last_id', 0)
11
def authorize_token(self, token):
12
user = self._store.hget(self.auth_hash, token)
14
return json.loads(user)
9
from nova import manager
12
class Context(object):
15
class BasicApiAuthManager(manager.Manager):
16
""" Implements a somewhat rudimentary version of Rackspace Auth"""
19
self.auth = auth.manager.AuthManager()
20
self.context = Context()
21
super(BasicApiAuthManager, self).__init__()
23
def authenticate(self, req):
24
# Unless the request is explicitly made against /<version>/ don't
26
path_info = req.path_info
27
if len(path_info) > 1:
28
return webob.exc.HTTPUnauthorized()
31
username, key = req.headers['X-Auth-User'], \
32
req.headers['X-Auth-Key']
34
return webob.exc.HTTPUnauthorized()
36
username, key = req.headers['X-Auth-User'], req.headers['X-Auth-Key']
37
token, user = self._authorize_user(username, key)
39
res = webob.Response()
40
res.headers['X-Auth-Token'] = token['token_hash']
41
res.headers['X-Server-Management-Url'] = \
42
token['server_management_url']
43
res.headers['X-Storage-Url'] = token['storage_url']
44
res.headers['X-CDN-Management-Url'] = token['cdn_management_url']
45
res.content_type = 'text/plain'
49
return webob.exc.HTTPUnauthorized()
51
def authorize_token(self, token_hash):
52
""" retrieves user information from the datastore given a token
54
If the token has expired, returns None
55
If the token is not found, returns None
56
Otherwise returns the token
58
This method will also remove the token if the timestamp is older than
61
token = self.db.auth_get_token(self.context, token_hash)
63
delta = datetime.datetime.now() - token['created_at']
65
self.db.auth_destroy_token(self.context, token)
67
user = self.auth.get_user(self.context, token['user_id'])
68
return { 'id':user['id'] }
17
def authorize_user(self, user, key):
18
token = sha1("%s_%s" % (user, key)).hexdigest()
19
user = self._store.hget(self.auth_hash, token)
23
return token, json.loads(user)
71
def _authorize_user(self, username, key):
72
""" Generates a new token and assigns it to a user """
73
user = self.auth.get_user_from_access_key(key)
74
if user and user['name'] == username:
75
token_hash = hashlib.sha1('%s%s%f' % (username, key,
76
time.time())).hexdigest()
78
token['token_hash'] = token_hash
79
token['cdn_management_url'] = ''
80
token['server_management_url'] = self._get_server_mgmt_url()
81
token['storage_url'] = ''
82
self.db.auth_create_token(self.context, token, user['id'])
25
def add_user(self, user, key):
26
last_id = self._store.hget(self.auth_hash, 'rs_last_id')
27
token = sha1("%s_%s" % (user, key)).hexdigest()
30
'cdn_management_url':'cdn_management_url',
31
'storage_url':'storage_url',
32
'server_management_url':'server_management_url'
34
new_user = self._store.hsetnx(self.auth_hash, token, json.dumps(user))
36
self._store.hincrby(self.auth_hash, 'rs_last_id')
86
def _get_server_mgmt_url(self):
87
return 'https://%s/v1.0/' % self.host