← Back to branch summary

~ubuntu-branches/ubuntu/quantal/keystone/quantal-security

« back to all changes in this revision

Viewing changes to keystone/identity/backends/sql.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2012-06-22 12:27:50 UTC
  • mto: (35.1.1 quantal-proposed)
  • mto: This revision was merged to the branch mainline in revision 28.
  • Revision ID: package-import@ubuntu.com-20120622122750-4urdq17en1990apn
Tags: upstream-2012.2~f2~20120622.2353
ImportĀ upstreamĀ versionĀ 2012.2~f2~20120622.2353

Show diffs side-by-side

added added

removed removed

Lines of Context:
keystone/identity/backends/sql.py
18
18
import functools
19
19
 
20
20
from keystone import clean
 
21
from keystone.common import sql
 
22
from keystone.common.sql import migration
 
23
from keystone.common import utils
21
24
from keystone import exception
22
25
from keystone import identity
23
 
from keystone.common import sql
24
 
from keystone.common import utils
25
 
from keystone.common.sql import migration
26
26
 
27
27
 
28
28
def _filter_user(user_ref):
135
135
    def db_sync(self):
136
136
        migration.db_sync()
137
137
 
 
138
    def _check_password(self, password, user_ref):
 
139
        """Check the specified password against the data store.
 
140
 
 
141
        This is modeled on ldap/core.py.  The idea is to make it easier to
 
142
        subclass Identity so that you can still use it to store all the data,
 
143
        but use some other means to check the password.
 
144
        Note that we'll pass in the entire user_ref in case the subclass
 
145
        needs things like user_ref.get('name')
 
146
        For further justification, please see the follow up suggestion at
 
147
        https://blueprints.launchpad.net/keystone/+spec/sql-identiy-pam
 
148
 
 
149
        """
 
150
        return utils.check_password(password, user_ref.get('password'))
 
151
 
138
152
    # Identity interface
139
153
    def authenticate(self, user_id=None, tenant_id=None, password=None):
140
154
        """Authenticate based on a user, tenant and password.
145
159
        """
146
160
        user_ref = self._get_user(user_id)
147
161
        if (not user_ref
148
 
            or not utils.check_password(password, user_ref.get('password'))):
 
162
                or not self._check_password(password, user_ref)):
149
163
            raise AssertionError('Invalid user / password')
150
164
 
151
165
        tenants = self.get_tenants_for_user(user_id)
176
190
    def get_tenant_users(self, tenant_id):
177
191
        session = self.get_session()
178
192
        user_refs = session.query(User)\
179
 
                           .join(UserTenantMembership)\
180
 
                           .filter(UserTenantMembership.tenant_id ==
181
 
                                   tenant_id)\
182
 
                           .all()
 
193
            .join(UserTenantMembership)\
 
194
            .filter(UserTenantMembership.tenant_id ==
 
195
                    tenant_id)\
 
196
            .all()
183
197
        return [_filter_user(user_ref.to_dict()) for user_ref in user_refs]
184
198
 
185
199
    def _get_user(self, user_id):