1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2010 OpenStack LLC.
6
# Licensed under the Apache License, Version 2.0 (the "License"); you may
7
# not use this file except in compliance with the License. You may obtain
8
# a copy of the License at
10
# http://www.apache.org/licenses/LICENSE-2.0
12
# Unless required by applicable law or agreed to in writing, software
13
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15
# License for the specific language governing permissions and limitations
23
from cinder.api.openstack import wsgi
24
from cinder import context
25
from cinder import flags
26
from cinder.openstack.common import log as logging
27
from cinder import wsgi as base_wsgi
29
LOG = logging.getLogger(__name__)
31
flags.DECLARE('use_forwarded_for', 'cinder.api.auth')
34
class NoAuthMiddleware(base_wsgi.Middleware):
35
"""Return a fake token if one isn't specified."""
37
@webob.dec.wsgify(RequestClass=wsgi.Request)
38
def __call__(self, req):
39
if 'X-Auth-Token' not in req.headers:
40
user_id = req.headers.get('X-Auth-User', 'admin')
41
project_id = req.headers.get('X-Auth-Project-Id', 'admin')
42
os_url = os.path.join(req.url, project_id)
43
res = webob.Response()
44
# NOTE(vish): This is expecting and returning Auth(1.1), whereas
45
# keystone uses 2.0 auth. We should probably allow
46
# 2.0 auth here as well.
47
res.headers['X-Auth-Token'] = '%s:%s' % (user_id, project_id)
48
res.headers['X-Server-Management-Url'] = os_url
49
res.content_type = 'text/plain'
53
token = req.headers['X-Auth-Token']
54
user_id, _sep, project_id = token.partition(':')
55
project_id = project_id or user_id
56
remote_address = getattr(req, 'remote_address', '127.0.0.1')
57
if FLAGS.use_forwarded_for:
58
remote_address = req.headers.get('X-Forwarded-For', remote_address)
59
ctx = context.RequestContext(user_id,
62
remote_address=remote_address)
64
req.environ['cinder.context'] = ctx
65
return self.application