Add is_authenticated and is_anonymous properties

See
https://docs.djangoproject.com/en/1.10/releases/1.10/#using-user-is-authenticated-and-user-is-anonymous-as-methods

is_anonymous() and is_authenticated() functions are now properties, and
throw critical security warnings when using python manage.py check in
django 1.10

The duplication is just to make it explicit which code paths are being
followed. They could be refactored to remove it, but in a few months
when we move to the next LTS we would just end up removing the refactors
since there would once again be a single path.

We also removed the `margin` parameter, since it is never used anywhere.
This will be documented in a Horizon release note.

Change-Id: I7a92089ae62a9017274002648f26f13bc34709d9

openstack_auth/user.py

@@ -14,9 +14,11 @@
 import hashlib
 import logging
 
+import django
 from django.conf import settings
 from django.contrib.auth import models
 from django.db import models as db_models
+from django.utils import deprecation
 from keystoneauth1 import exceptions as keystone_exceptions
 from keystoneclient.common import cms as keystone_cms
 import six
@@ -261,35 +263,50 @@ class User(models.AbstractBaseUser, models.AnonymousUser):
             return None
         return not utils.is_token_valid(self.token, margin)
 
-    def is_authenticated(self, margin=None):
+    if django.VERSION >= (1, 10):
-        """Checks for a valid authentication.
+        @property
+        def is_authenticated(self):
+            """Checks for a valid authentication."""
+            if (self.token is not None and utils.is_token_valid(self.token)):
+                return deprecation.CallableTrue
+            else:
+                return deprecation.CallableFalse
 
-        :param margin:
+        @property
-           A security time margin in seconds before end of authentication.
+        def is_anonymous(self):
-           Will return ``False`` if authentication ends in less than ``margin``
+            """Return if the user is not authenticated.
-           seconds of time.
-           A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the
-           django settings.
 
-        """
+            Returns ``True`` if not authenticated,``False`` otherwise.
-        return (self.token is not None and
+            """
-                utils.is_token_valid(self.token, margin))
+            return deprecation.CallableBool(not self.is_authenticated)
+    else:
+        def is_authenticated(self, margin=None):
+            """Checks for a valid authentication.
 
-    def is_anonymous(self, margin=None):
+            :param margin:
-        """Return if the user is not authenticated.
+               A security time margin in seconds before end of authentication.
+               Will return ``False`` if authentication ends in less than
+               ``margin`` seconds of time.
+               A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the
+               django settings.
+            """
+            return (self.token is not None and
+                    utils.is_token_valid(self.token, margin))
 
-        Returns ``True`` if not authenticated,``False`` otherwise.
+        def is_anonymous(self, margin=None):
+            """Return if the user is not authenticated.
 
-        :param margin:
+            Returns ``True`` if not authenticated,``False`` otherwise.
-           A security time margin in seconds before end of an eventual
-           authentication.
-           Will return ``True`` even if authenticated but that authentication
-           ends in less than ``margin`` seconds of time.
-           A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the
-           django settings.
 
-        """
+            :param margin:
-        return not self.is_authenticated(margin)
+               A security time margin in seconds before end of an eventual
+               authentication.
+               Will return ``True`` even if authenticated but that
+               authentication ends in less than ``margin`` seconds of time.
+               A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the
+               django settings.
+            """
+            return not self.is_authenticated(margin)
 
     @property
     def is_active(self):