diff --git a/keystone/auth_protocols/auth_basic.py b/keystone/auth_protocols/auth_basic.py index 9c9bae6f4f..b263161410 100644 --- a/keystone/auth_protocols/auth_basic.py +++ b/keystone/auth_protocols/auth_basic.py @@ -31,11 +31,14 @@ This is an Auth component as per: http://wiki.openstack.org/openstack-authn """ -from paste.deploy import loadapp +import os +import urlparse import eventlet from eventlet import wsgi -import os -from webob.exc import HTTPUnauthorized, HTTPInternalServerError +from paste.deploy import loadapp +from keystone.common.bufferedhttp import http_connect_raw as http_connect +from webob.exc import Request, Response +from webob.exc import HTTPUnauthorized PROTOCOL_NAME = "Basic Authentication" @@ -100,7 +103,7 @@ class AuthProtocol(object): # Claims were provided - validate them import base64 auth_header = env['HTTP_AUTHORIZATION'] - auth_type, encoded_creds = auth_header.split(None, 1) + _auth_type, encoded_creds = auth_header.split(None, 1) user, password = base64.b64decode(encoded_creds).split(':', 1) if not self.validateCreds(user, password): #Claims were rejected @@ -148,8 +151,8 @@ class AuthProtocol(object): def validateCreds(self, username, password): #stub for password validation. - import ConfigParser - import hashlib + # import ConfigParser + # import hashlib #usersConfig = ConfigParser.ConfigParser() #usersConfig.readfp(open('/etc/openstack/users.ini')) #password = hashlib.sha1(password).hexdigest() diff --git a/keystone/auth_protocols/auth_openid.py b/keystone/auth_protocols/auth_openid.py index 350d5c46aa..1586537a32 100644 --- a/keystone/auth_protocols/auth_openid.py +++ b/keystone/auth_protocols/auth_openid.py @@ -17,6 +17,13 @@ # limitations under the License. # Not Yet PEP8 standardized +import os +import urlparse +import eventlet +from eventlet import wsgi +from keystone.common.bufferedhttp import http_connect_raw as http_connect +from webob.exc import Request, Response +from paste.deploy import loadapp """ OPENID AUTH MIDDLEWARE - STUB @@ -75,13 +82,14 @@ class AuthProtocol(object): env['HTTP_AUTHORIZATION'] = "Basic %s" % self.service_pass return self.app(env, custom_start_response) + proxy_headers = [] proxy_headers['AUTHORIZATION'] = "Basic %s" % self.service_pass # We are forwarding to a remote service (no downstream WSGI app) req = Request(proxy_headers) parsed = urlparse(req.url) conn = http_connect(self.service_host, self.service_port, \ req.method, parsed.path, \ - proxy_headers,\ + proxy_headers, \ ssl=(self.service_protocol == 'https')) resp = conn.getresponse() data = resp.read() diff --git a/keystone/auth_protocols/auth_token.py b/keystone/auth_protocols/auth_token.py index 95d8fa2a32..1734dd3c95 100755 --- a/keystone/auth_protocols/auth_token.py +++ b/keystone/auth_protocols/auth_token.py @@ -57,7 +57,6 @@ import httplib import json import os from paste.deploy import loadapp -import sys from urlparse import urlparse from webob.exc import HTTPUnauthorized, HTTPUseProxy from webob.exc import Request, Response @@ -98,7 +97,7 @@ class AuthProtocol(object): def _init_protocol(self, app, conf): """ Protocol specific initialization """ - # where to find the auth service (we use this to validate tokens) + # where to find the auth service (we use this to validate tokens) self.auth_host = conf.get('auth_host') self.auth_port = int(conf.get('auth_port')) self.auth_protocol = conf.get('auth_protocol', 'https') @@ -236,7 +235,7 @@ class AuthProtocol(object): conn = http_connect(self.auth_host, self.auth_port, 'GET', '/v2.0/tokens/%s' % claims, headers=headers) resp = conn.getresponse() - data = resp.read() + # data = resp.read() conn.close() if not str(resp.status).startswith('20'): @@ -271,8 +270,8 @@ class AuthProtocol(object): token_info = json.loads(data) #TODO(Ziad): make this more robust #first_group = token_info['auth']['user']['groups']['group'][0] - roles =[] - role_refs =token_info["auth"]["user"]["roleRefs"] + roles = [] + role_refs = token_info["auth"]["user"]["roleRefs"] if role_refs != None: for role_ref in role_refs: roles.append(role_ref["roleId"])