openstack/keystone
Code Issues Proposed changes

Merge "Normalize fernet payload disassembly"

Browse Source
This commit is contained in:
Jenkins 2015-12-21 21:31:17 +00:00 committed by Gerrit Code Review
commit 95dd28db92
2 changed files with 75 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
keystone/tests/unit/token/test_fernet_provider.py
View File

@ -346,7 +346,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, project_id, domain_id, exp_expires_at,
exp_audit_ids, trust_id, federated_info)
(user_id, methods, expires_at, audit_ids) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.UnscopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -368,7 +369,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, exp_project_id, domain_id,
exp_expires_at, exp_audit_ids, trust_id, federated_info)
(user_id, methods, project_id, expires_at, audit_ids) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.ProjectScopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -391,7 +393,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, project_id, exp_domain_id,
exp_expires_at, exp_audit_ids, trust_id, federated_info)
(user_id, methods, domain_id, expires_at, audit_ids) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.DomainScopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -414,7 +417,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, project_id, exp_domain_id,
exp_expires_at, exp_audit_ids, trust_id, federated_info)
(user_id, methods, domain_id, expires_at, audit_ids) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.DomainScopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -437,7 +441,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, exp_project_id, domain_id,
exp_expires_at, exp_audit_ids, exp_trust_id, federated_info)
(user_id, methods, project_id, expires_at, audit_ids, trust_id) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.TrustScopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -460,7 +465,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, project_id, domain_id, exp_expires_at,
exp_audit_ids, trust_id, federated_info)
(user_id, methods, expires_at, audit_ids) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.UnscopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -487,7 +493,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, exp_project_id, domain_id,
exp_expires_at, exp_audit_ids, trust_id, federated_info)
(user_id, methods, project_id, expires_at, audit_ids) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.ProjectScopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -517,7 +524,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, project_id, exp_domain_id,
exp_expires_at, exp_audit_ids, trust_id, federated_info)
(user_id, methods, domain_id, expires_at, audit_ids) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.DomainScopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -544,7 +552,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, exp_project_id, domain_id,
exp_expires_at, exp_audit_ids, exp_trust_id, federated_info)
(user_id, methods, project_id, expires_at, audit_ids, trust_id) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.TrustScopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -577,7 +586,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, project_id, domain_id, exp_expires_at,
exp_audit_ids, trust_id, exp_federated_info)
(user_id, methods, expires_at, audit_ids, federated_info) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.FederatedUnscopedPayload.disassemble(payload))
self.assertEqual(exp_user_id, user_id)
@ -615,8 +625,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, exp_project_id, domain_id,
exp_expires_at, exp_audit_ids, trust_id, exp_federated_info)
(user_id, methods, project_id, expires_at, audit_ids,
federated_info) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.FederatedProjectScopedPayload.disassemble(
payload))
@ -643,8 +653,8 @@ class TestPayloads(unit.TestCase):
exp_user_id, exp_methods, project_id, exp_domain_id,
exp_expires_at, exp_audit_ids, trust_id, exp_federated_info)
(user_id, methods, domain_id, expires_at, audit_ids,
federated_info) = (
(user_id, methods, project_id, domain_id, expires_at, audit_ids,
trust_id, federated_info) = (
token_formatters.FederatedDomainScopedPayload.disassemble(
payload))

135
keystone/token/providers/fernet/token_formatters.py
View File

@ -186,35 +186,12 @@ class TokenFormatter(object):
versioned_payload = msgpack.unpackb(serialized_payload)
version, payload = versioned_payload[0], versioned_payload[1:]
# depending on the formatter, these may or may not be defined
domain_id = None
project_id = None
trust_id = None
federated_info = None
if version == UnscopedPayload.version:
(user_id, methods, expires_at, audit_ids) = (
UnscopedPayload.disassemble(payload))
elif version == DomainScopedPayload.version:
(user_id, methods, domain_id, expires_at, audit_ids) = (
DomainScopedPayload.disassemble(payload))
elif version == ProjectScopedPayload.version:
(user_id, methods, project_id, expires_at, audit_ids) = (
ProjectScopedPayload.disassemble(payload))
elif version == TrustScopedPayload.version:
(user_id, methods, project_id, expires_at, audit_ids, trust_id) = (
TrustScopedPayload.disassemble(payload))
elif version == FederatedUnscopedPayload.version:
(user_id, methods, expires_at, audit_ids, federated_info) = (
FederatedUnscopedPayload.disassemble(payload))
elif version == FederatedProjectScopedPayload.version:
(user_id, methods, project_id, expires_at, audit_ids,
federated_info) = FederatedProjectScopedPayload.disassemble(
payload)
elif version == FederatedDomainScopedPayload.version:
(user_id, methods, domain_id, expires_at, audit_ids,
federated_info) = FederatedDomainScopedPayload.disassemble(
payload)
for payload_class in PAYLOAD_CLASSES:
if version == payload_class.version:
(user_id, methods, project_id, domain_id, expires_at,
audit_ids, trust_id, federated_info) = (
payload_class.disassemble(payload))
break
else:
# If the token_format is not recognized, raise ValidationError.
raise exception.ValidationError(_(
@ -271,6 +248,17 @@ class BasePayload(object):
def disassemble(cls, payload):
"""Disassemble an unscoped payload into the component data.
The tuple consists of::
(user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
* ``methods`` are the auth methods.
* federated_info is a dict contains the group IDs, the identity
provider ID, the protocol ID, and the federated domain ID
Fields will be set to None if they didn't apply to this payload type.
:param payload: this variant of payload
:returns: a tuple of the payloads component data
@ -377,20 +365,18 @@ class UnscopedPayload(BasePayload):
@classmethod
def disassemble(cls, payload):
"""Disassemble an unscoped payload into the component data.
:param payload: the payload of an unscoped token
:return: a tuple containing the user_id, auth methods, expires_at, and
audit_ids
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
methods = auth_plugins.convert_integer_to_method_list(payload[1])
expires_at_str = cls._convert_float_to_time_string(payload[2])
audit_ids = list(map(provider.base64_encode, payload[3]))
return (user_id, methods, expires_at_str, audit_ids)
project_id = None
domain_id = None
trust_id = None
federated_info = None
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
class DomainScopedPayload(BasePayload):
@ -420,13 +406,6 @@ class DomainScopedPayload(BasePayload):
@classmethod
def disassemble(cls, payload):
"""Disassemble a payload into the component data.
:param payload: the payload of a token
:return: a tuple containing the user_id, auth methods, domain_id,
expires_at_str, and audit_ids
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
@ -441,8 +420,12 @@ class DomainScopedPayload(BasePayload):
raise
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
project_id = None
trust_id = None
federated_info = None
return (user_id, methods, domain_id, expires_at_str, audit_ids)
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
class ProjectScopedPayload(BasePayload):
@ -465,13 +448,6 @@ class ProjectScopedPayload(BasePayload):
@classmethod
def disassemble(cls, payload):
"""Disassemble a payload into the component data.
:param payload: the payload of a token
:return: a tuple containing the user_id, auth methods, project_id,
expires_at_str, and audit_ids
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
@ -481,8 +457,12 @@ class ProjectScopedPayload(BasePayload):
project_id = cls.attempt_convert_uuid_bytes_to_hex(project_id)
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
domain_id = None
trust_id = None
federated_info = None
return (user_id, methods, project_id, expires_at_str, audit_ids)
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
class TrustScopedPayload(BasePayload):
@ -508,13 +488,6 @@ class TrustScopedPayload(BasePayload):
@classmethod
def disassemble(cls, payload):
"""Validate a trust-based payload.
:param token_string: a string representing the token
:returns: a tuple containing the user_id, auth methods, project_id,
expires_at_str, audit_ids, and trust_id
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
@ -525,9 +498,11 @@ class TrustScopedPayload(BasePayload):
expires_at_str = cls._convert_float_to_time_string(payload[3])
audit_ids = list(map(provider.base64_encode, payload[4]))
trust_id = cls.convert_uuid_bytes_to_hex(payload[5])
domain_id = None
federated_info = None
return (user_id, methods, project_id, expires_at_str, audit_ids,
trust_id)
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
class FederatedUnscopedPayload(BasePayload):
@ -567,15 +542,6 @@ class FederatedUnscopedPayload(BasePayload):
@classmethod
def disassemble(cls, payload):
"""Validate a federated payload.
:param token_string: a string representing the token
:return: a tuple containing the user_id, auth methods, audit_ids, and a
dictionary containing federated information such as the group
IDs, the identity provider ID, the protocol ID, and the
federated domain ID
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
@ -589,7 +555,11 @@ class FederatedUnscopedPayload(BasePayload):
audit_ids = list(map(provider.base64_encode, payload[6]))
federated_info = dict(group_ids=group_ids, idp_id=idp_id,
protocol_id=protocol_id)
return (user_id, methods, expires_at_str, audit_ids, federated_info)
project_id = None
domain_id = None
trust_id = None
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
class FederatedScopedPayload(FederatedUnscopedPayload):
@ -616,16 +586,6 @@ class FederatedScopedPayload(FederatedUnscopedPayload):
@classmethod
def disassemble(cls, payload):
"""Validate a project-scoped federated payload.
:param token_string: a string representing the token
:returns: a tuple containing the user_id, auth methods, scope_id,
expiration time (as str), audit_ids, and a dictionary
containing federated information such as the the identity
provider ID, the protocol ID, the federated domain ID and
group IDs
"""
(is_stored_as_bytes, user_id) = payload[0]
if is_stored_as_bytes:
user_id = cls.attempt_convert_uuid_bytes_to_hex(user_id)
@ -633,6 +593,12 @@ class FederatedScopedPayload(FederatedUnscopedPayload):
(is_stored_as_bytes, scope_id) = payload[2]
if is_stored_as_bytes:
scope_id = cls.attempt_convert_uuid_bytes_to_hex(scope_id)
project_id = (
scope_id
if cls.version == FederatedProjectScopedPayload.version else None)
domain_id = (
scope_id
if cls.version == FederatedDomainScopedPayload.version else None)
group_ids = list(map(cls.unpack_group_id, payload[3]))
(is_stored_as_bytes, idp_id) = payload[4]
if is_stored_as_bytes:
@ -642,8 +608,9 @@ class FederatedScopedPayload(FederatedUnscopedPayload):
audit_ids = list(map(provider.base64_encode, payload[7]))
federated_info = dict(idp_id=idp_id, protocol_id=protocol_id,
group_ids=group_ids)
return (user_id, methods, scope_id, expires_at_str, audit_ids,
federated_info)
trust_id = None
return (user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info)
class FederatedProjectScopedPayload(FederatedScopedPayload):