From b8c756ecdd7cced1db4300935484e8c83701c82e Mon Sep 17 00:00:00 2001 From: WuKong Date: Tue, 30 Jun 2015 18:47:29 +0200 Subject: migrate moon code from github to opnfv Change-Id: Ice53e368fd1114d56a75271aa9f2e598e3eba604 Signed-off-by: WuKong --- keystone-moon/keystone/auth/core.py | 94 +++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 keystone-moon/keystone/auth/core.py (limited to 'keystone-moon/keystone/auth/core.py') diff --git a/keystone-moon/keystone/auth/core.py b/keystone-moon/keystone/auth/core.py new file mode 100644 index 00000000..9da2c123 --- /dev/null +++ b/keystone-moon/keystone/auth/core.py @@ -0,0 +1,94 @@ +# Copyright 2013 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import abc + +import six + +from keystone import exception + + +@six.add_metaclass(abc.ABCMeta) +class AuthMethodHandler(object): + """Abstract base class for an authentication plugin.""" + + def __init__(self): + pass + + @abc.abstractmethod + def authenticate(self, context, auth_payload, auth_context): + """Authenticate user and return an authentication context. + + :param context: keystone's request context + :param auth_payload: the content of the authentication for a given + method + :param auth_context: user authentication context, a dictionary shared + by all plugins. It contains "method_names" and + "extras" by default. "method_names" is a list and + "extras" is a dictionary. + + If successful, plugin must set ``user_id`` in ``auth_context``. + ``method_name`` is used to convey any additional authentication methods + in case authentication is for re-scoping. For example, if the + authentication is for re-scoping, plugin must append the previous + method names into ``method_names``. Also, plugin may add any additional + information into ``extras``. Anything in ``extras`` will be conveyed in + the token's ``extras`` attribute. Here's an example of ``auth_context`` + on successful authentication:: + + { + "extras": {}, + "methods": [ + "password", + "token" + ], + "user_id": "abc123" + } + + Plugins are invoked in the order in which they are specified in the + ``methods`` attribute of the ``identity`` object. For example, + ``custom-plugin`` is invoked before ``password``, which is invoked + before ``token`` in the following authentication request:: + + { + "auth": { + "identity": { + "custom-plugin": { + "custom-data": "sdfdfsfsfsdfsf" + }, + "methods": [ + "custom-plugin", + "password", + "token" + ], + "password": { + "user": { + "id": "s23sfad1", + "password": "secrete" + } + }, + "token": { + "id": "sdfafasdfsfasfasdfds" + } + } + } + } + + :returns: None if authentication is successful. + Authentication payload in the form of a dictionary for the + next authentication step if this is a multi step + authentication. + :raises: exception.Unauthorized for authentication failure + """ + raise exception.Unauthorized() -- cgit 1.2.3-korg