openstack
/
keystone
Code Issues Proposed changes

Pass request to v2 token authenticate 

The v2 authenticate command is one of the last to still accept a context
dict because it has a lot of tie in with tests and notifications. Fix
all these so that authenticate can work with a request.

Change-Id: I07a2985fea7f71001c4a48d396167ea0e3a2a8f8
This commit is contained in:
Jamie Lennox 2016-07-15 13:33:39 +10:00
parent c104f9fbc2
commit 4a0970df88
12 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
keystone/auth/plugins/password.py
View File

@ -31,7 +31,7 @@ class Password(base.AuthMethodHandler):
try:
self.identity_api.authenticate(
request.context_dict,
request,
user_id=user_info.user_id,
password=user_info.password)
except AssertionError:

2
keystone/identity/controllers.py
View File

@ -289,7 +289,7 @@ class UserV3(controller.V3Controller):
attribute='password')
try:
self.identity_api.change_password(
request.context_dict, user_id, original_password, password)
request, user_id, original_password, password)
except AssertionError:
raise exception.Unauthorized()

6
keystone/identity/core.py
View File

@ -821,7 +821,7 @@ class Manager(manager.Manager):
@notifications.emit_event('authenticate')
@domains_configured
@exception_translated('assertion')
def authenticate(self, context, user_id, password):
def authenticate(self, request, user_id, password):
domain_id, driver, entity_id = (
self._get_domain_driver_and_entity_id(user_id))
ref = driver.authenticate(entity_id, password)
@ -1219,11 +1219,11 @@ class Manager(manager.Manager):
group_entity_id)
@domains_configured
def change_password(self, context, user_id, original_password,
def change_password(self, request, user_id, original_password,
new_password):
# authenticate() will raise an AssertionError if authentication fails
self.authenticate(context, user_id, original_password)
self.authenticate(request, user_id, original_password)
update_dict = {'password': new_password}
self.update_user(user_id, update_dict)

6
keystone/notifications.py
View File

@ -480,12 +480,12 @@ class CadfNotificationWrapper(object):
def __call__(self, f):
@functools.wraps(f)
def wrapper(wrapped_self, context, user_id, *args, **kwargs):
def wrapper(wrapped_self, request, user_id, *args, **kwargs):
"""Alway send a notification."""
initiator = _get_request_audit_info(context, user_id)
initiator = _get_request_audit_info(request.context_dict, user_id)
target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER)
try:
result = f(wrapped_self, context, user_id, *args, **kwargs)
result = f(wrapped_self, request, user_id, *args, **kwargs)
except Exception:
# For authentication failure send a cadf event as well
_send_audit_notification(self.action, initiator,

6
keystone/tests/unit/identity/test_backend_sql.py
View File

@ -44,7 +44,7 @@ class DisableInactiveUserTests(test_backend_sql.SqlTests):
user = self._create_user(self.user_dict, last_active_at.date())
self.assertRaises(exception.UserDisabled,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=user['id'],
password=self.password)
# verify that the user is actually disabled
@ -53,7 +53,7 @@ class DisableInactiveUserTests(test_backend_sql.SqlTests):
# set the user to enabled and authenticate
user['enabled'] = True
self.identity_api.update_user(user['id'], user)
user = self.identity_api.authenticate(context={},
user = self.identity_api.authenticate(self.make_request(),
user_id=user['id'],
password=self.password)
self.assertTrue(user['enabled'])
@ -64,7 +64,7 @@ class DisableInactiveUserTests(test_backend_sql.SqlTests):
datetime.datetime.utcnow() -
datetime.timedelta(days=self.max_inactive_days - 1)).date()
user = self._create_user(self.user_dict, last_active_at)
user = self.identity_api.authenticate(context={},
user = self.identity_api.authenticate(self.make_request(),
user_id=user['id'],
password=self.password)
self.assertTrue(user['enabled'])

22
keystone/tests/unit/identity/test_backends.py
View File

@ -47,20 +47,20 @@ class IdentityTests(object):
def test_authenticate_bad_user(self):
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=uuid.uuid4().hex,
password=self.user_foo['password'])
def test_authenticate_bad_password(self):
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=self.user_foo['id'],
password=uuid.uuid4().hex)
def test_authenticate(self):
user_ref = self.identity_api.authenticate(
context={},
self.make_request(),
user_id=self.user_sna['id'],
password=self.user_sna['password'])
# NOTE(termie): the password field is left in user_sna to make
@ -81,7 +81,7 @@ class IdentityTests(object):
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
new_user['id'])
user_ref = self.identity_api.authenticate(
context={},
self.make_request(),
user_id=new_user['id'],
password=user['password'])
self.assertNotIn('password', user_ref)
@ -102,7 +102,7 @@ class IdentityTests(object):
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=id_,
password='password')
@ -390,12 +390,12 @@ class IdentityTests(object):
# with a password that is empty string or None
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=user['id'],
password='')
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=user['id'],
password=None)
@ -408,12 +408,12 @@ class IdentityTests(object):
# with a password that is empty string or None
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=user['id'],
password='')
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=user['id'],
password=None)
@ -1428,7 +1428,7 @@ class ShadowUsersTests(object):
disable_user_account_days_inactive=90)
now = datetime.datetime.utcnow().date()
user_ref = self.identity_api.authenticate(
context={},
self.make_request(),
user_id=self.user_sna['id'],
password=self.user_sna['password'])
user_ref = self._get_user_ref(user_ref['id'])
@ -1438,7 +1438,7 @@ class ShadowUsersTests(object):
self.config_fixture.config(group='security_compliance',
disable_user_account_days_inactive=None)
user_ref = self.identity_api.authenticate(
context={},
self.make_request(),
user_id=self.user_sna['id'],
password=self.user_sna['password'])
user_ref = self._get_user_ref(user_ref['id'])

6
keystone/tests/unit/test_backend_ldap.py
View File

@ -834,7 +834,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=user['id'],
password=None)
@ -2075,7 +2075,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
CONF.identity.default_domain_id)
driver.user.enabled_emulation_dn = 'cn=test,dc=test'
self.identity_api.authenticate(
context={},
self.make_request(),
user_id=self.user_foo['id'],
password=self.user_foo['password'])
@ -2441,7 +2441,7 @@ class BaseMultiLDAPandSQLIdentity(object):
for user_num in range(self.domain_count):
user = 'user%s' % user_num
self.identity_api.authenticate(
context={},
self.make_request(),
user_id=self.users[user]['id'],
password=self.users[user]['password'])

6
keystone/tests/unit/test_backend_ldap_pool.py
View File

@ -176,7 +176,7 @@ class LdapPoolCommonTestMixin(object):
# authenticate so that connection is added to pool before password
# change
user_ref = self.identity_api.authenticate(
context={},
self.make_request(),
user_id=self.user_sna['id'],
password=self.user_sna['password'])
@ -191,7 +191,7 @@ class LdapPoolCommonTestMixin(object):
# now authenticate again to make sure new password works with
# connection pool
user_ref2 = self.identity_api.authenticate(
context={},
self.make_request(),
user_id=self.user_sna['id'],
password=new_password)
@ -203,7 +203,7 @@ class LdapPoolCommonTestMixin(object):
# password..so no old bind is maintained in this case.
self.assertRaises(AssertionError,
self.identity_api.authenticate,
context={},
self.make_request(),
user_id=self.user_sna['id'],
password=old_password)

4
keystone/tests/unit/test_cli.py
View File

@ -122,7 +122,7 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
# NOTE(morganfainberg): Pass an empty context, it isn't used by
# `authenticate` method.
bootstrap.identity_manager.authenticate(
{},
self.make_request(),
user['id'],
bootstrap.password)
@ -175,7 +175,7 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
# Sanity check that the original password works again.
bootstrap.identity_manager.authenticate(
{},
self.make_request(),
user_id,
bootstrap.password)

4
keystone/tests/unit/test_ldap_pool_livetest.py
View File

@ -113,7 +113,7 @@ class LiveLDAPPoolIdentity(test_backend_ldap_pool.LdapPoolCommonTestMixin,
user = self.identity_api.create_user(user_dict)
self.identity_api.authenticate(
context={},
self.make_request(),
user_id=user['id'],
password=password)
@ -183,7 +183,7 @@ class LiveLDAPPoolIdentity(test_backend_ldap_pool.LdapPoolCommonTestMixin,
# use case in a deployment.
# This can happen in multiple concurrent connections case only.
user_ref = self.identity_api.authenticate(
context={}, user_id=user['id'], password=old_password)
self.make_request(), user_id=user['id'], password=old_password)
self.assertDictEqual(user, user_ref)

2
keystone/token/controllers.py
View File

@ -295,7 +295,7 @@ class Auth(controller.V2Controller):
try:
user_ref = self.identity_api.authenticate(
request.context_dict,
request,
user_id=user_id,
password=password)
except AssertionError as e:

2
keystone/v2_crud/user_crud.py
View File

@ -65,7 +65,7 @@ class UserController(identity.controllers.User):
try:
user_ref = self.identity_api.authenticate(
request.context_dict,
request,
user_id=token_ref.user_id,
password=original_password)
if not user_ref.get('enabled', True):