1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2013 OpenStack Foundation
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
17
"""Extensions supporting OAuth1."""
19
from __future__ import absolute_import
21
import oauth2 as oauth
23
from keystone.common import dependency
24
from keystone.common import extension
25
from keystone.common import manager
26
from keystone import config
27
from keystone import exception
30
Consumer = oauth.Consumer
31
Request = oauth.Request
33
SignatureMethod = oauth.SignatureMethod
34
SignatureMethod_HMAC_SHA1 = oauth.SignatureMethod_HMAC_SHA1
35
SignatureMethod_PLAINTEXT = oauth.SignatureMethod_PLAINTEXT
44
'name': 'OpenStack OAUTH1 API',
45
'namespace': 'http://docs.openstack.org/identity/api/ext/'
48
'updated': '2013-07-07T12:00:0-00:00',
49
'description': 'OpenStack OAuth 1.0a Delegated Auth Mechanism.',
53
# TODO(dolph): link needs to be revised after
56
'href': 'https://github.com/openstack/identity-api',
59
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
60
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
63
def filter_consumer(consumer_ref):
64
"""Filter out private items in a consumer dict.
66
'secret' is never returned.
68
:returns: consumer_ref
72
consumer_ref = consumer_ref.copy()
73
consumer_ref.pop('secret', None)
77
def filter_token(access_token_ref):
78
"""Filter out private items in an access token dict.
80
'access_secret' is never returned.
82
:returns: access_token_ref
86
access_token_ref = access_token_ref.copy()
87
access_token_ref.pop('access_secret', None)
88
return access_token_ref
91
def rebuild_url(path):
92
endpoint = CONF.public_endpoint % CONF
94
# allow a missing trailing slash in the config
95
if endpoint[-1] != '/':
102
def get_oauth_headers(headers):
105
# The incoming headers variable is your usual heading from context
106
# In an OAuth signed req, where the oauth variables are in the header,
107
# they with the key 'Authorization'.
109
if headers and 'Authorization' in headers:
110
# A typical value for Authorization is seen below
111
# 'OAuth realm="", oauth_body_hash="2jm%3D", oauth_nonce="14475435"
112
# along with other oauth variables, the 'OAuth ' part is trimmed
113
# to split the rest of the headers.
115
auth_header = headers['Authorization']
116
# Check that the authorization header is OAuth.
117
if auth_header[:6] == 'OAuth ':
118
auth_header = auth_header[6:]
119
# Get the parameters from the header.
120
header_params = oauth.Request._split_header(auth_header)
121
parameters.update(header_params)
125
@dependency.provider('oauth_api')
126
class Manager(manager.Manager):
127
"""Default pivot point for the OAuth1 backend.
129
See :mod:`keystone.common.manager.Manager` for more details on how this
130
dynamically calls the backend.
135
super(Manager, self).__init__(CONF.oauth1.driver)
138
class Driver(object):
139
"""Interface description for an OAuth1 driver."""
141
def create_consumer(self, consumer_ref):
144
:param consumer_ref: consumer ref with consumer name
145
:type consumer_ref: dict
146
:returns: consumer_ref
149
raise exception.NotImplemented()
151
def update_consumer(self, consumer_id, consumer_ref):
154
:param consumer_id: id of consumer to update
155
:type consumer_ref: string
156
:param consumer_ref: new consumer ref with consumer name
157
:type consumer_ref: dict
158
:returns: consumer_ref
161
raise exception.NotImplemented()
163
def list_consumers(self):
166
returns: list of consumers
169
raise exception.NotImplemented()
171
def get_consumer(self, consumer_id):
172
"""Get consumer, returns the consumer id (key)
175
:param consumer_id: id of consumer to get
176
:type consumer_ref: string
177
:returns: consumer_ref
180
raise exception.NotImplemented()
182
def get_consumer_with_secret(self, consumer_id):
183
"""Like get_consumer() but returned consumer_ref includes
186
Secrets should only be shared upon consumer creation; the
187
consumer secret is required to verify incoming OAuth requests.
189
:param consumer_id: id of consumer to get
190
:type consumer_ref: string
191
:returns: consumer_ref
194
raise exception.NotImplemented()
196
def delete_consumer(self, consumer_id):
199
:param consumer_id: id of consumer to get
200
:type consumer_ref: string
204
raise exception.NotImplemented()
206
def list_access_tokens(self, user_id):
207
"""List access tokens.
209
:param user_id: search for access tokens authorized by given user id
210
:type user_id: string
211
returns: list of access tokens the user has authorized
214
raise exception.NotImplemented()
216
def delete_access_token(self, user_id, access_token_id):
217
"""Delete access token.
219
:param user_id: authorizing user id
220
:type user_id: string
221
:param access_token_id: access token to delete
222
:type access_token_id: string
226
raise exception.NotImplemented()
228
def create_request_token(self, consumer_id, requested_project,
229
request_token_duration):
230
"""Create request token.
232
:param consumer_id: the id of the consumer
233
:type consumer_id: string
234
:param requested_project_id: requested project id
235
:type requested_project_id: string
236
:param request_token_duration: duration of request token
237
:type request_token_duration: string
238
returns: request_token_ref
241
raise exception.NotImplemented()
243
def get_request_token(self, request_token_id):
244
"""Get request token.
246
:param request_token_id: the id of the request token
247
:type request_token_id: string
248
returns: request_token_ref
251
raise exception.NotImplemented()
253
def get_access_token(self, access_token_id):
256
:param access_token_id: the id of the access token
257
:type access_token_id: string
258
returns: access_token_ref
261
raise exception.NotImplemented()
263
def authorize_request_token(self, request_id, user_id, role_ids):
264
"""Authorize request token.
266
:param request_id: the id of the request token, to be authorized
267
:type request_id: string
268
:param user_id: the id of the authorizing user
269
:type user_id: string
270
:param role_ids: list of role ids to authorize
275
raise exception.NotImplemented()
277
def create_access_token(self, request_id, access_token_duration):
278
"""Create access token.
280
:param request_id: the id of the request token, to be deleted
281
:type request_id: string
282
:param access_token_duration: duration of an access token
283
:type access_token_duration: string
284
returns: access_token_ref
287
raise exception.NotImplemented()