summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nova/api/openstack/auth.py42
-rw-r--r--nova/db/api.py4
-rw-r--r--nova/db/sqlalchemy/api.py5
-rw-r--r--nova/tests/api/openstack/fakes.py13
-rw-r--r--nova/tests/api/openstack/test_auth.py10
5 files changed, 41 insertions, 33 deletions
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index 4c909293e..7aba55728 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -24,9 +24,9 @@ class BasicApiAuthManager(object):
def __init__(self, host=None, db_driver=None):
if not host:
host = FLAGS.host
- self.host = host
+ self.host = host
if not db_driver:
- db_driver = FLAGS.db_driver
+ db_driver = FLAGS.db_driver
self.db = utils.import_object(db_driver)
self.auth = auth.manager.AuthManager()
self.context = Context()
@@ -40,20 +40,19 @@ class BasicApiAuthManager(object):
return faults.Fault(webob.exc.HTTPUnauthorized())
try:
- username, key = req.headers['X-Auth-User'], \
- req.headers['X-Auth-Key']
+ username = req.headers['X-Auth-User']
+ key = req.headers['X-Auth-Key']
except KeyError:
return faults.Fault(webob.exc.HTTPUnauthorized())
- username, key = req.headers['X-Auth-User'], req.headers['X-Auth-Key']
token, user = self._authorize_user(username, key)
if user and token:
res = webob.Response()
- res.headers['X-Auth-Token'] = token['token_hash']
+ res.headers['X-Auth-Token'] = token.token_hash
res.headers['X-Server-Management-Url'] = \
- token['server_management_url']
- res.headers['X-Storage-Url'] = token['storage_url']
- res.headers['X-CDN-Management-Url'] = token['cdn_management_url']
+ token.server_management_url
+ res.headers['X-Storage-Url'] = token.storage_url
+ res.headers['X-CDN-Management-Url'] = token.cdn_management_url
res.content_type = 'text/plain'
res.status = '204'
return res
@@ -65,34 +64,35 @@ class BasicApiAuthManager(object):
If the token has expired, returns None
If the token is not found, returns None
- Otherwise returns the token
+ Otherwise returns dict(id=(the authorized user's id))
This method will also remove the token if the timestamp is older than
2 days ago.
"""
token = self.db.auth_get_token(self.context, token_hash)
if token:
- delta = datetime.datetime.now() - token['created_at']
+ delta = datetime.datetime.now() - token.created_at
if delta.days >= 2:
self.db.auth_destroy_token(self.context, token)
else:
- user = self.auth.get_user(token['user_id'])
- return { 'id':user['uid'] }
+ #TODO(gundlach): Why not just return dict(id=token.user_id)?
+ user = self.auth.get_user(token.user_id)
+ return {'id': user.id}
return None
def _authorize_user(self, username, key):
""" Generates a new token and assigns it to a user """
user = self.auth.get_user_from_access_key(key)
- if user and user['name'] == username:
+ if user and user.name == username:
token_hash = hashlib.sha1('%s%s%f' % (username, key,
time.time())).hexdigest()
- token = {}
- token['token_hash'] = token_hash
- token['cdn_management_url'] = ''
- token['server_management_url'] = self._get_server_mgmt_url()
- token['storage_url'] = ''
- token['user_id'] = user['uid']
- self.db.auth_create_token(self.context, token)
+ token_dict = {}
+ token_dict['token_hash'] = token_hash
+ token_dict['cdn_management_url'] = ''
+ token_dict['server_management_url'] = self._get_server_mgmt_url()
+ token_dict['storage_url'] = ''
+ token_dict['user_id'] = user.id
+ token = self.db.auth_create_token(self.context, token_dict)
return token, user
return None, None
diff --git a/nova/db/api.py b/nova/db/api.py
index a655e6a8a..7e6994b56 100644
--- a/nova/db/api.py
+++ b/nova/db/api.py
@@ -258,7 +258,7 @@ def instance_get_all(context):
def instance_get_all_by_user(context, user_id):
"""Get all instances."""
- return IMPL.instance_get_all(context, user_id)
+ return IMPL.instance_get_all_by_user(context, user_id)
def instance_get_all_by_project(context, project_id):
"""Get all instance belonging to a project."""
@@ -483,7 +483,7 @@ def auth_get_token(context, token_hash):
def auth_create_token(context, token):
"""Creates a new token"""
- return IMPL.auth_create_token(context, token_hash, token)
+ return IMPL.auth_create_token(context, token)
###################
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index 14714d4b1..6b979f0ae 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -1041,7 +1041,8 @@ def auth_destroy_token(_context, token):
def auth_get_token(_context, token_hash):
session = get_session()
tk = session.query(models.AuthToken
- ).filter_by(token_hash=token_hash)
+ ).filter_by(token_hash=token_hash
+ ).first()
if not tk:
raise exception.NotFound('Token %s does not exist' % token_hash)
return tk
@@ -1484,7 +1485,7 @@ def user_get_by_access_key(context, access_key, session=None):
).first()
if not result:
- raise exception.NotFound('No user for id %s' % id)
+ raise exception.NotFound('No user for access key %s' % access_key)
return result
diff --git a/nova/tests/api/openstack/fakes.py b/nova/tests/api/openstack/fakes.py
index 34bc1f2a9..71da2fd21 100644
--- a/nova/tests/api/openstack/fakes.py
+++ b/nova/tests/api/openstack/fakes.py
@@ -161,6 +161,10 @@ def stub_out_glance(stubs):
stubs.Set(nova.image.service.GlanceImageService, 'delete_all',
fake_parallax_client.fake_delete_all)
+class FakeToken(object):
+ def __init__(self, **kwargs):
+ for k,v in kwargs.iteritems():
+ setattr(self, k, v)
class FakeAuthDatabase(object):
data = {}
@@ -171,12 +175,13 @@ class FakeAuthDatabase(object):
@staticmethod
def auth_create_token(context, token):
- token['created_at'] = datetime.datetime.now()
- FakeAuthDatabase.data[token['token_hash']] = token
+ fake_token = FakeToken(created_at=datetime.datetime.now(), **token)
+ FakeAuthDatabase.data[fake_token.token_hash] = fake_token
+ return fake_token
@staticmethod
def auth_destroy_token(context, token):
- if FakeAuthDatabase.data.has_key(token['token_hash']):
+ if token.token_hash in FakeAuthDatabase.data:
del FakeAuthDatabase.data['token_hash']
@@ -188,7 +193,7 @@ class FakeAuthManager(object):
def get_user(self, uid):
for k, v in FakeAuthManager.auth_data.iteritems():
- if v['uid'] == uid:
+ if v.id == uid:
return v
return None
diff --git a/nova/tests/api/openstack/test_auth.py b/nova/tests/api/openstack/test_auth.py
index d2ba80243..bbfb0fcea 100644
--- a/nova/tests/api/openstack/test_auth.py
+++ b/nova/tests/api/openstack/test_auth.py
@@ -7,6 +7,7 @@ import webob.dec
import nova.api
import nova.api.openstack.auth
+import nova.auth.manager
from nova import auth
from nova.tests.api.openstack import fakes
@@ -26,7 +27,7 @@ class Test(unittest.TestCase):
def test_authorize_user(self):
f = fakes.FakeAuthManager()
- f.add_user('derp', { 'uid': 1, 'name':'herp' } )
+ f.add_user('derp', nova.auth.manager.User(1, 'herp', None, None, None))
req = webob.Request.blank('/v1.0/')
req.headers['X-Auth-User'] = 'herp'
@@ -40,7 +41,7 @@ class Test(unittest.TestCase):
def test_authorize_token(self):
f = fakes.FakeAuthManager()
- f.add_user('derp', { 'uid': 1, 'name':'herp' } )
+ f.add_user('derp', nova.auth.manager.User(1, 'herp', None, None, None))
req = webob.Request.blank('/v1.0/')
req.headers['X-Auth-User'] = 'herp'
@@ -71,8 +72,9 @@ class Test(unittest.TestCase):
self.destroy_called = True
def bad_token(meh, context, token_hash):
- return { 'token_hash':token_hash,
- 'created_at':datetime.datetime(1990, 1, 1) }
+ return fakes.FakeToken(
+ token_hash=token_hash,
+ created_at=datetime.datetime(1990, 1, 1))
self.stubs.Set(fakes.FakeAuthDatabase, 'auth_destroy_token',
destroy_token_mock)
generated by cgit (git 2.34.1) at 2025-09-23 01:20:01 +0000