openstack/deb-python-django-openstack-auth
Code Issues Proposed changes

Check for expired tokens during authentication.

Browse Source 
Fixes issue #4.
This commit is contained in:
Gabriel Hurley
2012-07-08 14:55:31 -07:00
parent df30fe0887
commit 9d45964b02
2 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
openstack_auth/backend.py
View File

@@ -10,6 +10,7 @@ from keystoneclient.v2_0.tokens import Token, TokenManager
from .exceptions import KeystoneAuthException from .exceptions import KeystoneAuthException
from .user import create_user_from_token from .user import create_user_from_token
from .utils import check_token_expiration
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@@ -19,6 +20,17 @@ KEYSTONE_CLIENT_ATTR = "_keystoneclient"
class KeystoneBackend(object): class KeystoneBackend(object):
def check_auth_expiry(self, token):
if not check_token_expiration(token):
msg = _("The authentication token issued by the Identity service "
"has expired.")
LOG.warning("The authentication token issued by the Identity "
"service appears to have expired before it was "
"issued. This may indicate a problem with either your "
"server or client configuration.")
raise KeystoneAuthException(msg)
return True
def get_user(self, user_id): def get_user(self, user_id):
if user_id == self.request.session["user_id"]: if user_id == self.request.session["user_id"]:
token = Token(TokenManager(None), token = Token(TokenManager(None),
@@ -51,6 +63,9 @@ class KeystoneBackend(object):
"Please try again later.") "Please try again later.")
raise KeystoneAuthException(msg) raise KeystoneAuthException(msg)
# Check expiry for our unscoped token.
self.check_auth_expiry(unscoped_token)
# FIXME: Log in to default tenant when the Keystone API returns it... # FIXME: Log in to default tenant when the Keystone API returns it...
# For now we list all the user's tenants and iterate through. # For now we list all the user's tenants and iterate through.
try: try:
@@ -78,6 +93,9 @@ class KeystoneBackend(object):
msg = _("Unable to authenticate to any available projects.") msg = _("Unable to authenticate to any available projects.")
raise KeystoneAuthException(msg) raise KeystoneAuthException(msg)
# Check expiry for our new scoped token.
self.check_auth_expiry(token)
# If we made it here we succeeded. Create our User! # If we made it here we succeeded. Create our User!
user = create_user_from_token(request, token, client.management_url) user = create_user_from_token(request, token, client.management_url)

9
openstack_auth/user.py
View File

@@ -76,6 +76,15 @@ class User(AnonymousUser):
def __repr__(self): def __repr__(self):
return "<%s: %s>" % (self.__class__.__name__, self.username) return "<%s: %s>" % (self.__class__.__name__, self.username)
def is_token_expired(self):
"""
Returns ``True`` if the token is expired, ``False`` if not, and
``None`` if there is no token set.
"""
if self.token is None:
return None
return not check_token_expiration(self.token)
def is_authenticated(self): def is_authenticated(self):
""" Checks for a valid token that has not yet expired. """ """ Checks for a valid token that has not yet expired. """
return self.token is not None and check_token_expiration(self.token) return self.token is not None and check_token_expiration(self.token)