Pass request to v2 token authenticate
The v2 authenticate command is one of the last to still accept a context dict because it has a lot of tie in with tests and notifications. Fix all these so that authenticate can work with a request. Change-Id: I07a2985fea7f71001c4a48d396167ea0e3a2a8f8
This commit is contained in:
parent
c104f9fbc2
commit
4a0970df88
|
@ -31,7 +31,7 @@ class Password(base.AuthMethodHandler):
|
|||
|
||||
try:
|
||||
self.identity_api.authenticate(
|
||||
request.context_dict,
|
||||
request,
|
||||
user_id=user_info.user_id,
|
||||
password=user_info.password)
|
||||
except AssertionError:
|
||||
|
|
|
@ -289,7 +289,7 @@ class UserV3(controller.V3Controller):
|
|||
attribute='password')
|
||||
try:
|
||||
self.identity_api.change_password(
|
||||
request.context_dict, user_id, original_password, password)
|
||||
request, user_id, original_password, password)
|
||||
except AssertionError:
|
||||
raise exception.Unauthorized()
|
||||
|
||||
|
|
|
@ -821,7 +821,7 @@ class Manager(manager.Manager):
|
|||
@notifications.emit_event('authenticate')
|
||||
@domains_configured
|
||||
@exception_translated('assertion')
|
||||
def authenticate(self, context, user_id, password):
|
||||
def authenticate(self, request, user_id, password):
|
||||
domain_id, driver, entity_id = (
|
||||
self._get_domain_driver_and_entity_id(user_id))
|
||||
ref = driver.authenticate(entity_id, password)
|
||||
|
@ -1219,11 +1219,11 @@ class Manager(manager.Manager):
|
|||
group_entity_id)
|
||||
|
||||
@domains_configured
|
||||
def change_password(self, context, user_id, original_password,
|
||||
def change_password(self, request, user_id, original_password,
|
||||
new_password):
|
||||
|
||||
# authenticate() will raise an AssertionError if authentication fails
|
||||
self.authenticate(context, user_id, original_password)
|
||||
self.authenticate(request, user_id, original_password)
|
||||
|
||||
update_dict = {'password': new_password}
|
||||
self.update_user(user_id, update_dict)
|
||||
|
|
|
@ -480,12 +480,12 @@ class CadfNotificationWrapper(object):
|
|||
|
||||
def __call__(self, f):
|
||||
@functools.wraps(f)
|
||||
def wrapper(wrapped_self, context, user_id, *args, **kwargs):
|
||||
def wrapper(wrapped_self, request, user_id, *args, **kwargs):
|
||||
"""Alway send a notification."""
|
||||
initiator = _get_request_audit_info(context, user_id)
|
||||
initiator = _get_request_audit_info(request.context_dict, user_id)
|
||||
target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER)
|
||||
try:
|
||||
result = f(wrapped_self, context, user_id, *args, **kwargs)
|
||||
result = f(wrapped_self, request, user_id, *args, **kwargs)
|
||||
except Exception:
|
||||
# For authentication failure send a cadf event as well
|
||||
_send_audit_notification(self.action, initiator,
|
||||
|
|
|
@ -44,7 +44,7 @@ class DisableInactiveUserTests(test_backend_sql.SqlTests):
|
|||
user = self._create_user(self.user_dict, last_active_at.date())
|
||||
self.assertRaises(exception.UserDisabled,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=user['id'],
|
||||
password=self.password)
|
||||
# verify that the user is actually disabled
|
||||
|
@ -53,7 +53,7 @@ class DisableInactiveUserTests(test_backend_sql.SqlTests):
|
|||
# set the user to enabled and authenticate
|
||||
user['enabled'] = True
|
||||
self.identity_api.update_user(user['id'], user)
|
||||
user = self.identity_api.authenticate(context={},
|
||||
user = self.identity_api.authenticate(self.make_request(),
|
||||
user_id=user['id'],
|
||||
password=self.password)
|
||||
self.assertTrue(user['enabled'])
|
||||
|
@ -64,7 +64,7 @@ class DisableInactiveUserTests(test_backend_sql.SqlTests):
|
|||
datetime.datetime.utcnow() -
|
||||
datetime.timedelta(days=self.max_inactive_days - 1)).date()
|
||||
user = self._create_user(self.user_dict, last_active_at)
|
||||
user = self.identity_api.authenticate(context={},
|
||||
user = self.identity_api.authenticate(self.make_request(),
|
||||
user_id=user['id'],
|
||||
password=self.password)
|
||||
self.assertTrue(user['enabled'])
|
||||
|
|
|
@ -47,20 +47,20 @@ class IdentityTests(object):
|
|||
def test_authenticate_bad_user(self):
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=uuid.uuid4().hex,
|
||||
password=self.user_foo['password'])
|
||||
|
||||
def test_authenticate_bad_password(self):
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.user_foo['id'],
|
||||
password=uuid.uuid4().hex)
|
||||
|
||||
def test_authenticate(self):
|
||||
user_ref = self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.user_sna['id'],
|
||||
password=self.user_sna['password'])
|
||||
# NOTE(termie): the password field is left in user_sna to make
|
||||
|
@ -81,7 +81,7 @@ class IdentityTests(object):
|
|||
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
||||
new_user['id'])
|
||||
user_ref = self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=new_user['id'],
|
||||
password=user['password'])
|
||||
self.assertNotIn('password', user_ref)
|
||||
|
@ -102,7 +102,7 @@ class IdentityTests(object):
|
|||
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=id_,
|
||||
password='password')
|
||||
|
||||
|
@ -390,12 +390,12 @@ class IdentityTests(object):
|
|||
# with a password that is empty string or None
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=user['id'],
|
||||
password='')
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=user['id'],
|
||||
password=None)
|
||||
|
||||
|
@ -408,12 +408,12 @@ class IdentityTests(object):
|
|||
# with a password that is empty string or None
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=user['id'],
|
||||
password='')
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=user['id'],
|
||||
password=None)
|
||||
|
||||
|
@ -1428,7 +1428,7 @@ class ShadowUsersTests(object):
|
|||
disable_user_account_days_inactive=90)
|
||||
now = datetime.datetime.utcnow().date()
|
||||
user_ref = self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.user_sna['id'],
|
||||
password=self.user_sna['password'])
|
||||
user_ref = self._get_user_ref(user_ref['id'])
|
||||
|
@ -1438,7 +1438,7 @@ class ShadowUsersTests(object):
|
|||
self.config_fixture.config(group='security_compliance',
|
||||
disable_user_account_days_inactive=None)
|
||||
user_ref = self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.user_sna['id'],
|
||||
password=self.user_sna['password'])
|
||||
user_ref = self._get_user_ref(user_ref['id'])
|
||||
|
|
|
@ -834,7 +834,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=user['id'],
|
||||
password=None)
|
||||
|
||||
|
@ -2075,7 +2075,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
|
|||
CONF.identity.default_domain_id)
|
||||
driver.user.enabled_emulation_dn = 'cn=test,dc=test'
|
||||
self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.user_foo['id'],
|
||||
password=self.user_foo['password'])
|
||||
|
||||
|
@ -2441,7 +2441,7 @@ class BaseMultiLDAPandSQLIdentity(object):
|
|||
for user_num in range(self.domain_count):
|
||||
user = 'user%s' % user_num
|
||||
self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.users[user]['id'],
|
||||
password=self.users[user]['password'])
|
||||
|
||||
|
|
|
@ -176,7 +176,7 @@ class LdapPoolCommonTestMixin(object):
|
|||
# authenticate so that connection is added to pool before password
|
||||
# change
|
||||
user_ref = self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.user_sna['id'],
|
||||
password=self.user_sna['password'])
|
||||
|
||||
|
@ -191,7 +191,7 @@ class LdapPoolCommonTestMixin(object):
|
|||
# now authenticate again to make sure new password works with
|
||||
# connection pool
|
||||
user_ref2 = self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.user_sna['id'],
|
||||
password=new_password)
|
||||
|
||||
|
@ -203,7 +203,7 @@ class LdapPoolCommonTestMixin(object):
|
|||
# password..so no old bind is maintained in this case.
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=self.user_sna['id'],
|
||||
password=old_password)
|
||||
|
||||
|
|
|
@ -122,7 +122,7 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
|
|||
# NOTE(morganfainberg): Pass an empty context, it isn't used by
|
||||
# `authenticate` method.
|
||||
bootstrap.identity_manager.authenticate(
|
||||
{},
|
||||
self.make_request(),
|
||||
user['id'],
|
||||
bootstrap.password)
|
||||
|
||||
|
@ -175,7 +175,7 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
|
|||
|
||||
# Sanity check that the original password works again.
|
||||
bootstrap.identity_manager.authenticate(
|
||||
{},
|
||||
self.make_request(),
|
||||
user_id,
|
||||
bootstrap.password)
|
||||
|
||||
|
|
|
@ -113,7 +113,7 @@ class LiveLDAPPoolIdentity(test_backend_ldap_pool.LdapPoolCommonTestMixin,
|
|||
user = self.identity_api.create_user(user_dict)
|
||||
|
||||
self.identity_api.authenticate(
|
||||
context={},
|
||||
self.make_request(),
|
||||
user_id=user['id'],
|
||||
password=password)
|
||||
|
||||
|
@ -183,7 +183,7 @@ class LiveLDAPPoolIdentity(test_backend_ldap_pool.LdapPoolCommonTestMixin,
|
|||
# use case in a deployment.
|
||||
# This can happen in multiple concurrent connections case only.
|
||||
user_ref = self.identity_api.authenticate(
|
||||
context={}, user_id=user['id'], password=old_password)
|
||||
self.make_request(), user_id=user['id'], password=old_password)
|
||||
|
||||
self.assertDictEqual(user, user_ref)
|
||||
|
||||
|
|
|
@ -295,7 +295,7 @@ class Auth(controller.V2Controller):
|
|||
|
||||
try:
|
||||
user_ref = self.identity_api.authenticate(
|
||||
request.context_dict,
|
||||
request,
|
||||
user_id=user_id,
|
||||
password=password)
|
||||
except AssertionError as e:
|
||||
|
|
|
@ -65,7 +65,7 @@ class UserController(identity.controllers.User):
|
|||
|
||||
try:
|
||||
user_ref = self.identity_api.authenticate(
|
||||
request.context_dict,
|
||||
request,
|
||||
user_id=token_ref.user_id,
|
||||
password=original_password)
|
||||
if not user_ref.get('enabled', True):
|
||||
|
|
Loading…
Reference in New Issue