Implement auth receipts spec
Adds a new model and provider for receipts which are very similar to tokens (fernet based), and share the same fernet mechanisms. Adds changes to the auth layer to handle the creation, validation, and consumptions of receipts as part of the auth process. Change-Id: Iccb6e6fc7aee57c58a53f90c1d671402b8efcdbb bp: mfa-auth-receipt
This commit is contained in:
Adrian Turjak
committed by
Colleen Murphy
Colleen Murphy
parent
d9432328c9
commit
d9e6c1d4dd
@@ -28,6 +28,8 @@ from keystone.server.flask import common as ks_flask
|
||||
from keystone.server.flask.request_processing import json_body
|
||||
from keystone.server.flask.request_processing import req_logging
|
||||
|
||||
from keystone.receipt import handlers as receipt_handlers
|
||||
|
||||
LOG = log.getLogger(__name__)
|
||||
|
||||
|
||||
@@ -67,6 +69,10 @@ def _best_match_language():
|
||||
|
||||
|
||||
def _handle_keystone_exception(error):
|
||||
# TODO(adriant): register this with its own specific handler:
|
||||
if isinstance(error, exception.InsufficientAuthMethods):
|
||||
return receipt_handlers.build_receipt(error)
|
||||
|
||||
# Handle logging
|
||||
if isinstance(error, exception.Unauthorized):
|
||||
LOG.warning(
|
||||
|
||||
Reference in New Issue
Block a user