openstack/deb-murano
Code Issues Proposed changes
31e0b4e242
deb-murano/murano/api/middleware/ext_context.py
Nikolay Starodubtsev 759124993b Raise proper exception in ext context middleware 
Previously if request without 'HTTP-Authorization' header comes to
external context middleware it raised error code 500 Internal Server
Error instead of 401 Unauthorized.

Change-Id: I8285d24741bed5b541a4f8104422340c8594c695
Closes-Bug: #1522707
2015-12-04 12:14:11 +03:00

72 lines
2.7 KiB
Python
Raw Blame History

# Copyright (c) 2015 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import base64
from keystoneclient import exceptions
from keystoneclient.v3 import client
from oslo_config import cfg
from oslo_log import log
from webob import exc
from murano.common.i18n import _
from murano.common import wsgi
CONF = cfg.CONF
LOG = log.getLogger(__name__)
class ExternalContextMiddleware(wsgi.Middleware):
def get_keystone_token(self, user, password):
# TODO(starodubcevna): picking up project_name and auth_url from
# section related to Cloud Foundry service broker is probably a duct
# tape and should be rewritten as soon as we get more non-OpenStack
# services as murano recipients.
keystone = client.Client(username=user,
password=password,
project_name=CONF.cfapi.tenant,
auth_url=CONF.cfapi.auth_url.replace(
'v2.0', 'v3'))
return keystone.auth_token
def process_request(self, req):
"""Get keystone token for external request
This middleware is used for external requests. It get credentials from
request and try to get keystone token for futher authorization.
:param req: wsgi request object that will be given the context object
"""
try:
credentials = base64.b64decode(
req.headers['Authorization'].split(' ')[1])
user, password = credentials.split(':', 2)
req.headers['X-Auth-Token'] = self.get_keystone_token(user,
password)
except KeyError:
msg = _("Authorization required")
LOG.warning(msg)
raise exc.HTTPUnauthorized(explanation=msg)
except exceptions.Unauthorized:
msg = _("Your credentials are wrong. Please try again")
LOG.warning(msg)
raise exc.HTTPUnauthorized(explanation=msg)
@classmethod
def factory(cls, global_conf, **local_conf):
def filter(app):
return cls(app)
return filter
View Git Blame Copy Permalink