From 14e20fd2112dd15baa8422ae846b9af9f6edadaa Mon Sep 17 00:00:00 2001 From: David Stanek Date: Tue, 11 Feb 2014 22:12:15 +0000 Subject: [PATCH] Move identity logic from controller to manager The logic for changing a user's password will be used to implement bp password-rotation. Keeping the logic in the controller makes it much harder to reuse. Change-Id: I6e29a9f1875a3ea6dec4757db86c30497c0253cb --- keystone/identity/controllers.py | 8 ++------ keystone/identity/core.py | 11 +++++++++++ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/keystone/identity/controllers.py b/keystone/identity/controllers.py index 57ba19136d..11124e005d 100644 --- a/keystone/identity/controllers.py +++ b/keystone/identity/controllers.py @@ -352,15 +352,11 @@ class UserV3(controller.V3Controller): domain_scope = self._get_domain_id_for_request(context) try: - self.identity_api.authenticate(user_id=user_id, - password=original_password, - domain_scope=domain_scope) + self.identity_api.change_password(user_id, original_password, + password, domain_scope) except AssertionError: raise exception.Unauthorized() - update_dict = {'password': password} - self._update_user(context, user_id, update_dict, domain_scope) - @dependency.requires('identity_api') class GroupV3(controller.V3Controller): diff --git a/keystone/identity/core.py b/keystone/identity/core.py index acce24302a..d570ec9f03 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -466,6 +466,17 @@ class Manager(manager.Manager): domain_id, driver = self._get_domain_id_and_driver(domain_scope) return driver.check_user_in_group(user_id, group_id) + @domains_configured + def change_password(self, user_id, original_password, new_password, + domain_scope): + + # authenticate() will raise an AssertionError if authentication fails + self.authenticate(user_id, original_password, + domain_scope=domain_scope) + + update_dict = {'password': new_password} + self.update_user(user_id, update_dict, domain_scope=domain_scope) + # TODO(morganfainberg): Remove the following deprecated methods once # Icehouse is released. Maintain identity -> assignment proxy for 1 # release.