From 3ed1cafebd8abe28b0846544843f67f84ed3b757 Mon Sep 17 00:00:00 2001 From: Ken Thomas Date: Wed, 6 Jun 2012 14:19:34 -0700 Subject: [PATCH] Tweak for easier, safer subclassing Implements the "follow up suggestion" in blueprint sql-identiy-pam Moved the call to utils.check_password call to its own subroutine. This allows anyone creating a subclass for sql.Identity to just replace this new 'check_password' method rather than the entire 'authenticate' method. (This is modeled after ldap/core.py which already does this.) If the logic in 'authenticate' changes, any derrived classes won't need to be modified. Updated to make method private. Change-Id: I1a06596861fd016f63f5f1a5fe8180993f04f4f5 --- keystone/identity/backends/sql.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 46518f8ab4..7832581643 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -135,6 +135,20 @@ class Identity(sql.Base, identity.Driver): def db_sync(self): migration.db_sync() + def _check_password(self, password, user_ref): + """Check the specified password against the data store. + + This is modeled on ldap/core.py. The idea is to make it easier to + subclass Identity so that you can still use it to store all the data, + but use some other means to check the password. + Note that we'll pass in the entire user_ref in case the subclass + needs things like user_ref.get('name') + For further justification, please see the follow up suggestion at + https://blueprints.launchpad.net/keystone/+spec/sql-identiy-pam + + """ + return utils.check_password(password, user_ref.get('password')) + # Identity interface def authenticate(self, user_id=None, tenant_id=None, password=None): """Authenticate based on a user, tenant and password. @@ -145,7 +159,7 @@ class Identity(sql.Base, identity.Driver): """ user_ref = self._get_user(user_id) if (not user_ref - or not utils.check_password(password, user_ref.get('password'))): + or not self._check_password(password, user_ref)): raise AssertionError('Invalid user / password') tenants = self.get_tenants_for_user(user_id)