Tweak for easier, safer subclassing

Implements the "follow up suggestion" in blueprint sql-identiy-pam

Moved the call to utils.check_password call to its own subroutine.
This allows anyone creating a subclass for sql.Identity to just replace
this new 'check_password' method rather than the entire
'authenticate' method. (This is modeled after ldap/core.py which
already does this.) If the logic in 'authenticate' changes, any
derrived classes won't need to be modified.

Updated to make method private.

Change-Id: I1a06596861fd016f63f5f1a5fe8180993f04f4f5
This commit is contained in:
Ken Thomas 2012-06-06 14:19:34 -07:00
parent c785018e0e
commit 3ed1cafebd

View File

@ -135,6 +135,20 @@ class Identity(sql.Base, identity.Driver):
def db_sync(self): def db_sync(self):
migration.db_sync() migration.db_sync()
def _check_password(self, password, user_ref):
"""Check the specified password against the data store.
This is modeled on ldap/core.py. The idea is to make it easier to
subclass Identity so that you can still use it to store all the data,
but use some other means to check the password.
Note that we'll pass in the entire user_ref in case the subclass
needs things like user_ref.get('name')
For further justification, please see the follow up suggestion at
https://blueprints.launchpad.net/keystone/+spec/sql-identiy-pam
"""
return utils.check_password(password, user_ref.get('password'))
# Identity interface # Identity interface
def authenticate(self, user_id=None, tenant_id=None, password=None): def authenticate(self, user_id=None, tenant_id=None, password=None):
"""Authenticate based on a user, tenant and password. """Authenticate based on a user, tenant and password.
@ -145,7 +159,7 @@ class Identity(sql.Base, identity.Driver):
""" """
user_ref = self._get_user(user_id) user_ref = self._get_user(user_id)
if (not user_ref if (not user_ref
or not utils.check_password(password, user_ref.get('password'))): or not self._check_password(password, user_ref)):
raise AssertionError('Invalid user / password') raise AssertionError('Invalid user / password')
tenants = self.get_tenants_for_user(user_id) tenants = self.get_tenants_for_user(user_id)