1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import uuid
from keystone.common import sql
from keystone import exception
from keystone import identity
from keystone.identity.backends import sql as model
class ShadowUsers(identity.ShadowUsersDriverV9):
@sql.handle_conflicts(conflict_type='federated_user')
def create_federated_user(self, federated_dict):
user = {
'id': uuid.uuid4().hex,
'enabled': True
}
with sql.session_for_write() as session:
federated_ref = model.FederatedUser.from_dict(federated_dict)
user_ref = model.User.from_dict(user)
user_ref.federated_users.append(federated_ref)
session.add(user_ref)
return identity.filter_user(user_ref.to_dict())
def get_federated_user(self, idp_id, protocol_id, unique_id):
user_ref = self._get_federated_user(idp_id, protocol_id, unique_id)
return identity.filter_user(user_ref.to_dict())
def _get_federated_user(self, idp_id, protocol_id, unique_id):
"""Returns the found user for the federated identity
:param idp_id: The identity provider ID
:param protocol_id: The federation protocol ID
:param unique_id: The user's unique ID (unique within the IdP)
:returns User: Returns a reference to the User
"""
with sql.session_for_read() as session:
query = session.query(model.User).outerjoin(model.LocalUser)
query = query.join(model.FederatedUser)
query = query.filter(model.FederatedUser.idp_id == idp_id)
query = query.filter(model.FederatedUser.protocol_id ==
protocol_id)
query = query.filter(model.FederatedUser.unique_id == unique_id)
try:
user_ref = query.one()
except sql.NotFound:
raise exception.UserNotFound(user_id=unique_id)
return user_ref
@sql.handle_conflicts(conflict_type='federated_user')
def update_federated_user_display_name(self, idp_id, protocol_id,
unique_id, display_name):
with sql.session_for_write() as session:
query = session.query(model.FederatedUser)
query = query.filter(model.FederatedUser.idp_id == idp_id)
query = query.filter(model.FederatedUser.protocol_id ==
protocol_id)
query = query.filter(model.FederatedUser.unique_id == unique_id)
query = query.filter(model.FederatedUser.display_name !=
display_name)
query.update({'display_name': display_name})
return
|
