3 files changed, 299 insertions, 0 deletions
diff --git a/keystone-moon/keystone/middleware/__init__.py b/keystone-moon/keystone/middleware/__init__.py
new file mode 100644
index 00000000..efbaa7c9
--- /dev/null
+++ b/keystone-moon/keystone/middleware/__init__.py
@@ -0,0 +1,15 @@
+# Copyright 2012 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystone.middleware.core import *  # noqa
diff --git a/keystone-moon/keystone/middleware/core.py b/keystone-moon/keystone/middleware/core.py
new file mode 100644
index 00000000..bf86cd2b
--- /dev/null
+++ b/keystone-moon/keystone/middleware/core.py
@@ -0,0 +1,240 @@
+# Copyright 2012 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_config import cfg
+from oslo_log import log
+from oslo_middleware import sizelimit
+from oslo_serialization import jsonutils
+import six
+
+from keystone.common import authorization
+from keystone.common import wsgi
+from keystone import exception
+from keystone.i18n import _LW
+from keystone.models import token_model
+from keystone.openstack.common import versionutils
+
+CONF = cfg.CONF
+LOG = log.getLogger(__name__)
+
+
+# Header used to transmit the auth token
+AUTH_TOKEN_HEADER = 'X-Auth-Token'
+
+
+# Header used to transmit the subject token
+SUBJECT_TOKEN_HEADER = 'X-Subject-Token'
+
+
+# Environment variable used to pass the request context
+CONTEXT_ENV = wsgi.CONTEXT_ENV
+
+
+# Environment variable used to pass the request params
+PARAMS_ENV = wsgi.PARAMS_ENV
+
+
+class TokenAuthMiddleware(wsgi.Middleware):
+    def process_request(self, request):
+        token = request.headers.get(AUTH_TOKEN_HEADER)
+        context = request.environ.get(CONTEXT_ENV, {})
+        context['token_id'] = token
+        if SUBJECT_TOKEN_HEADER in request.headers:
+            context['subject_token_id'] = (
+                request.headers.get(SUBJECT_TOKEN_HEADER))
+        request.environ[CONTEXT_ENV] = context
+
+
+class AdminTokenAuthMiddleware(wsgi.Middleware):
+    """A trivial filter that checks for a pre-defined admin token.
+
+    Sets 'is_admin' to true in the context, expected to be checked by
+    methods that are admin-only.
+
+    """
+
+    def process_request(self, request):
+        token = request.headers.get(AUTH_TOKEN_HEADER)
+        context = request.environ.get(CONTEXT_ENV, {})
+        context['is_admin'] = (token == CONF.admin_token)
+        request.environ[CONTEXT_ENV] = context
+
+
+class PostParamsMiddleware(wsgi.Middleware):
+    """Middleware to allow method arguments to be passed as POST parameters.
+
+    Filters out the parameters `self`, `context` and anything beginning with
+    an underscore.
+
+    """
+
+    def process_request(self, request):
+        params_parsed = request.params
+        params = {}
+        for k, v in six.iteritems(params_parsed):
+            if k in ('self', 'context'):
+                continue
+            if k.startswith('_'):
+                continue
+            params[k] = v
+
+        request.environ[PARAMS_ENV] = params
+
+
+class JsonBodyMiddleware(wsgi.Middleware):
+    """Middleware to allow method arguments to be passed as serialized JSON.
+
+    Accepting arguments as JSON is useful for accepting data that may be more
+    complex than simple primitives.
+
+    Filters out the parameters `self`, `context` and anything beginning with
+    an underscore.
+
+    """
+    def process_request(self, request):
+        # Abort early if we don't have any work to do
+        params_json = request.body
+        if not params_json:
+            return
+
+        # Reject unrecognized content types. Empty string indicates
+        # the client did not explicitly set the header
+        if request.content_type not in ('application/json', ''):
+            e = exception.ValidationError(attribute='application/json',
+                                          target='Content-Type header')
+            return wsgi.render_exception(e, request=request)
+
+        params_parsed = {}
+        try:
+            params_parsed = jsonutils.loads(params_json)
+        except ValueError:
+            e = exception.ValidationError(attribute='valid JSON',
+                                          target='request body')
+            return wsgi.render_exception(e, request=request)
+        finally:
+            if not params_parsed:
+                params_parsed = {}
+
+        if not isinstance(params_parsed, dict):
+            e = exception.ValidationError(attribute='valid JSON object',
+                                          target='request body')
+            return wsgi.render_exception(e, request=request)
+
+        params = {}
+        for k, v in six.iteritems(params_parsed):
+            if k in ('self', 'context'):
+                continue
+            if k.startswith('_'):
+                continue
+            params[k] = v
+
+        request.environ[PARAMS_ENV] = params
+
+
+class XmlBodyMiddleware(wsgi.Middleware):
+    """De/serialize XML to/from JSON."""
+
+    def print_warning(self):
+        LOG.warning(_LW('XML support has been removed as of the Kilo release '
+                        'and should not be referenced or used in deployment. '
+                        'Please remove references to XmlBodyMiddleware from '
+                        'your configuration. This compatibility stub will be '
+                        'removed in the L release'))
+
+    def __init__(self, *args, **kwargs):
+        super(XmlBodyMiddleware, self).__init__(*args, **kwargs)
+        self.print_warning()
+
+
+class XmlBodyMiddlewareV2(XmlBodyMiddleware):
+    """De/serialize XML to/from JSON for v2.0 API."""
+
+    def __init__(self, *args, **kwargs):
+        pass
+
+
+class XmlBodyMiddlewareV3(XmlBodyMiddleware):
+    """De/serialize XML to/from JSON for v3 API."""
+
+    def __init__(self, *args, **kwargs):
+        pass
+
+
+class NormalizingFilter(wsgi.Middleware):
+    """Middleware filter to handle URL normalization."""
+
+    def process_request(self, request):
+        """Normalizes URLs."""
+        # Removes a trailing slash from the given path, if any.
+        if (len(request.environ['PATH_INFO']) > 1 and
+                request.environ['PATH_INFO'][-1] == '/'):
+            request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]
+        # Rewrites path to root if no path is given.
+        elif not request.environ['PATH_INFO']:
+            request.environ['PATH_INFO'] = '/'
+
+
+class RequestBodySizeLimiter(sizelimit.RequestBodySizeLimiter):
+    @versionutils.deprecated(
+        versionutils.deprecated.KILO,
+        in_favor_of='oslo_middleware.sizelimit.RequestBodySizeLimiter',
+        remove_in=+1,
+        what='keystone.middleware.RequestBodySizeLimiter')
+    def __init__(self, *args, **kwargs):
+        super(RequestBodySizeLimiter, self).__init__(*args, **kwargs)
+
+
+class AuthContextMiddleware(wsgi.Middleware):
+    """Build the authentication context from the request auth token."""
+
+    def _build_auth_context(self, request):
+        token_id = request.headers.get(AUTH_TOKEN_HEADER).strip()
+
+        if token_id == CONF.admin_token:
+            # NOTE(gyee): no need to proceed any further as the special admin
+            # token is being handled by AdminTokenAuthMiddleware. This code
+            # will not be impacted even if AdminTokenAuthMiddleware is removed
+            # from the pipeline as "is_admin" is default to "False". This code
+            # is independent of AdminTokenAuthMiddleware.
+            return {}
+
+        context = {'token_id': token_id}
+        context['environment'] = request.environ
+
+        try:
+            token_ref = token_model.KeystoneToken(
+                token_id=token_id,
+                token_data=self.token_provider_api.validate_token(token_id))
+            # TODO(gyee): validate_token_bind should really be its own
+            # middleware
+            wsgi.validate_token_bind(context, token_ref)
+            return authorization.token_to_auth_context(token_ref)
+        except exception.TokenNotFound:
+            LOG.warning(_LW('RBAC: Invalid token'))
+            raise exception.Unauthorized()
+
+    def process_request(self, request):
+        if AUTH_TOKEN_HEADER not in request.headers:
+            LOG.debug(('Auth token not in the request header. '
+                       'Will not build auth context.'))
+            return
+
+        if authorization.AUTH_CONTEXT_ENV in request.environ:
+            msg = _LW('Auth context already exists in the request environment')
+            LOG.warning(msg)
+            return
+
+        auth_context = self._build_auth_context(request)
+        LOG.debug('RBAC: auth_context: %s', auth_context)
+        request.environ[authorization.AUTH_CONTEXT_ENV] = auth_context
diff --git a/keystone-moon/keystone/middleware/ec2_token.py b/keystone-moon/keystone/middleware/ec2_token.py
new file mode 100644
index 00000000..771b74f8
--- /dev/null
+++ b/keystone-moon/keystone/middleware/ec2_token.py
@@ -0,0 +1,44 @@
+# Copyright 2012 OpenStack Foundation
+# Copyright 2010 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""
+Starting point for routing EC2 requests.
+
+The EC2 Token Middleware has been deprecated as of Juno. It has been moved into
+keystonemiddleware, `keystonemiddleware.ec2_token`.
+
+"""
+
+from keystonemiddleware import ec2_token
+
+from keystone.openstack.common import versionutils
+
+
+class EC2Token(ec2_token.EC2Token):
+
+    @versionutils.deprecated(
+        versionutils.deprecated.JUNO,
+        in_favor_of='keystonemiddleware.ec2_token.EC2Token',
+        remove_in=+2,
+        what='keystone.middleware.ec2_token.EC2Token')
+    def __init__(self, *args, **kwargs):
+        super(EC2Token, self).__init__(*args, **kwargs)
+
+
+filter_factory = ec2_token.filter_factory
+app_factory = ec2_token.app_factory
+keystone_ec2_opts = ec2_token.keystone_ec2_opts