Follow ups to Authentication Plugins
Address the comments made in the original authentication plugins patch. * Add some additional logging to the standard username and password plugin. * Change the login error message to reflect additional authentication mechanisms. * Log a warning if no suitable authentication plugin is found. Given the way horizon relies solely upon DOA the only real way this should happen is a configuration error. Change-Id: Ib827f26da793ef2e43b8f5a0f194293f442b3341
This commit is contained in:
parent
e6c25ad380
commit
961e11225f
@ -94,6 +94,9 @@ class KeystoneBackend(object):
|
||||
if unscoped_auth:
|
||||
break
|
||||
else:
|
||||
LOG.warn('No authentication backend could be determined to '
|
||||
'handle the provided credentials. This is likely a '
|
||||
'configuration error that should be addressed.')
|
||||
return None
|
||||
|
||||
session = utils.get_session()
|
||||
@ -104,9 +107,8 @@ class KeystoneBackend(object):
|
||||
except (keystone_exceptions.Unauthorized,
|
||||
keystone_exceptions.Forbidden,
|
||||
keystone_exceptions.NotFound) as exc:
|
||||
msg = _('Invalid user name or password.')
|
||||
LOG.debug(str(exc))
|
||||
raise exceptions.KeystoneAuthException(msg)
|
||||
raise exceptions.KeystoneAuthException(_('Invalid credentials.'))
|
||||
except (keystone_exceptions.ClientException,
|
||||
keystone_exceptions.AuthorizationFailure) as exc:
|
||||
msg = _("An error occurred authenticating. "
|
||||
|
@ -10,12 +10,15 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import logging
|
||||
|
||||
from keystoneclient.auth.identity import v2 as v2_auth
|
||||
from keystoneclient.auth.identity import v3 as v3_auth
|
||||
|
||||
from openstack_auth.plugin import base
|
||||
from openstack_auth import utils
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
__all__ = ['PasswordPlugin']
|
||||
|
||||
@ -33,6 +36,8 @@ class PasswordPlugin(base.BasePlugin):
|
||||
if not all((auth_url, username, password)):
|
||||
return None
|
||||
|
||||
LOG.debug('Attempting to authenticate for %s', username)
|
||||
|
||||
if utils.get_keystone_version() >= 3:
|
||||
return v3_auth.Password(auth_url=auth_url,
|
||||
username=username,
|
||||
|
@ -280,7 +280,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
# POST to the page to log in.
|
||||
response = self.client.post(url, form_data)
|
||||
self.assertTemplateUsed(response, 'auth/login.html')
|
||||
self.assertContains(response, "Invalid user name or password.")
|
||||
self.assertContains(response, "Invalid credentials.")
|
||||
|
||||
def test_exception(self):
|
||||
user = self.data.user
|
||||
@ -628,7 +628,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
# POST to the page to log in.
|
||||
response = self.client.post(url, form_data)
|
||||
self.assertTemplateUsed(response, 'auth/login.html')
|
||||
self.assertContains(response, "Invalid user name or password.")
|
||||
self.assertContains(response, "Invalid credentials.")
|
||||
|
||||
def test_exception(self):
|
||||
user = self.data.user
|
||||
|
Loading…
Reference in New Issue
Block a user