aboutsummaryrefslogtreecommitdiffstats
path: root/keystonemiddleware-moon/keystonemiddleware/auth_token/_user_plugin.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystonemiddleware-moon/keystonemiddleware/auth_token/_user_plugin.py')
-rw-r--r--keystonemiddleware-moon/keystonemiddleware/auth_token/_user_plugin.py193
1 files changed, 0 insertions, 193 deletions
diff --git a/keystonemiddleware-moon/keystonemiddleware/auth_token/_user_plugin.py b/keystonemiddleware-moon/keystonemiddleware/auth_token/_user_plugin.py
deleted file mode 100644
index 93075c5c..00000000
--- a/keystonemiddleware-moon/keystonemiddleware/auth_token/_user_plugin.py
+++ /dev/null
@@ -1,193 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystoneclient.auth.identity import base as base_identity
-
-
-class _TokenData(object):
- """An abstraction to show auth_token consumers some of the token contents.
-
- This is a simplified and cleaned up keystoneclient.access.AccessInfo object
- with which services relying on auth_token middleware can find details of
- the current token.
- """
-
- def __init__(self, auth_ref):
- self._stored_auth_ref = auth_ref
-
- @property
- def _is_v2(self):
- return self._stored_auth_ref.version == 'v2.0'
-
- @property
- def auth_token(self):
- """The token data used to authenticate requests.
-
- :returns: token data.
- :rtype: str
- """
- return self._stored_auth_ref.auth_token
-
- @property
- def user_id(self):
- """The user id associated with the authentication request.
-
- :rtype: str
- """
- return self._stored_auth_ref.user_id
-
- @property
- def user_domain_id(self):
- """Returns the domain id of the user associated with the authentication
- request.
-
- :returns: str
- """
- # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id
- # because it can't know that value. We want to return None instead.
- if self._is_v2:
- return None
-
- return self._stored_auth_ref.user_domain_id
-
- @property
- def project_id(self):
- """The project ID associated with the authentication.
-
- :rtype: str
- """
- return self._stored_auth_ref.project_id
-
- @property
- def project_domain_id(self):
- """The domain id of the project associated with the authentication
- request.
-
- :rtype: str
- """
- # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id
- # because it can't know that value. We want to return None instead.
- if self._is_v2:
- return None
-
- return self._stored_auth_ref.project_domain_id
-
- @property
- def trust_id(self):
- """Returns the trust id associated with the authentication request..
-
- :rtype: str
- """
- return self._stored_auth_ref.trust_id
-
- @property
- def role_ids(self):
- """Role ids of the user associated with the authentication request.
-
- :rtype: set(str)
- """
- return frozenset(self._stored_auth_ref.role_ids or [])
-
- @property
- def role_names(self):
- """Role names of the user associated with the authentication request.
-
- :rtype: set(str)
- """
- return frozenset(self._stored_auth_ref.role_names or [])
-
- @property
- def _log_format(self):
- roles = ','.join(self.role_names)
- return 'user_id %s, project_id %s, roles %s' % (self.user_id,
- self.project_id,
- roles)
-
-
-class UserAuthPlugin(base_identity.BaseIdentityPlugin):
- """The incoming authentication credentials.
-
- A plugin that represents the incoming user credentials. This can be
- consumed by applications.
-
- This object is not expected to be constructed directly by users. It is
- created and passed by auth_token middleware and then can be used as the
- authentication plugin when communicating via a session.
- """
-
- def __init__(self, user_auth_ref, serv_auth_ref):
- super(UserAuthPlugin, self).__init__(reauthenticate=False)
-
- # NOTE(jamielennox): _user_auth_ref and _serv_auth_ref are private
- # because this object ends up in the environ that is passed to the
- # service, however they are used within auth_token middleware.
- self._user_auth_ref = user_auth_ref
- self._serv_auth_ref = serv_auth_ref
-
- self._user_data = None
- self._serv_data = None
-
- @property
- def has_user_token(self):
- """Did this authentication request contained a user auth token."""
- return self._user_auth_ref is not None
-
- @property
- def user(self):
- """Authentication information about the user token.
-
- Will return None if a user token was not passed with this request.
- """
- if not self.has_user_token:
- return None
-
- if not self._user_data:
- self._user_data = _TokenData(self._user_auth_ref)
-
- return self._user_data
-
- @property
- def has_service_token(self):
- """Did this authentication request contained a service token."""
- return self._serv_auth_ref is not None
-
- @property
- def service(self):
- """Authentication information about the service token.
-
- Will return None if a user token was not passed with this request.
- """
- if not self.has_service_token:
- return None
-
- if not self._serv_data:
- self._serv_data = _TokenData(self._serv_auth_ref)
-
- return self._serv_data
-
- def get_auth_ref(self, session, **kwargs):
- # NOTE(jamielennox): We will always use the auth_ref that was
- # calculated by the middleware. reauthenticate=False in __init__ should
- # ensure that this function is only called on the first access.
- return self._user_auth_ref
-
- @property
- def _log_format(self):
- msg = []
-
- if self.has_user_token:
- msg.append('user: %s' % self.user._log_format)
-
- if self.has_service_token:
- msg.append('service: %s' % self.service._log_format)
-
- return ' '.join(msg)