diff options
| -rw-r--r-- | nova/api/openstack/auth.py | 42 | ||||
| -rw-r--r-- | nova/db/api.py | 4 | ||||
| -rw-r--r-- | nova/db/sqlalchemy/api.py | 5 | ||||
| -rw-r--r-- | nova/tests/api/openstack/fakes.py | 13 | ||||
| -rw-r--r-- | nova/tests/api/openstack/test_auth.py | 10 |
5 files changed, 41 insertions, 33 deletions
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py index 4c909293e..7aba55728 100644 --- a/nova/api/openstack/auth.py +++ b/nova/api/openstack/auth.py @@ -24,9 +24,9 @@ class BasicApiAuthManager(object): def __init__(self, host=None, db_driver=None): if not host: host = FLAGS.host - self.host = host + self.host = host if not db_driver: - db_driver = FLAGS.db_driver + db_driver = FLAGS.db_driver self.db = utils.import_object(db_driver) self.auth = auth.manager.AuthManager() self.context = Context() @@ -40,20 +40,19 @@ class BasicApiAuthManager(object): return faults.Fault(webob.exc.HTTPUnauthorized()) try: - username, key = req.headers['X-Auth-User'], \ - req.headers['X-Auth-Key'] + username = req.headers['X-Auth-User'] + key = req.headers['X-Auth-Key'] except KeyError: return faults.Fault(webob.exc.HTTPUnauthorized()) - username, key = req.headers['X-Auth-User'], req.headers['X-Auth-Key'] token, user = self._authorize_user(username, key) if user and token: res = webob.Response() - res.headers['X-Auth-Token'] = token['token_hash'] + res.headers['X-Auth-Token'] = token.token_hash res.headers['X-Server-Management-Url'] = \ - token['server_management_url'] - res.headers['X-Storage-Url'] = token['storage_url'] - res.headers['X-CDN-Management-Url'] = token['cdn_management_url'] + token.server_management_url + res.headers['X-Storage-Url'] = token.storage_url + res.headers['X-CDN-Management-Url'] = token.cdn_management_url res.content_type = 'text/plain' res.status = '204' return res @@ -65,34 +64,35 @@ class BasicApiAuthManager(object): If the token has expired, returns None If the token is not found, returns None - Otherwise returns the token + Otherwise returns dict(id=(the authorized user's id)) This method will also remove the token if the timestamp is older than 2 days ago. """ token = self.db.auth_get_token(self.context, token_hash) if token: - delta = datetime.datetime.now() - token['created_at'] + delta = datetime.datetime.now() - token.created_at if delta.days >= 2: self.db.auth_destroy_token(self.context, token) else: - user = self.auth.get_user(token['user_id']) - return { 'id':user['uid'] } + #TODO(gundlach): Why not just return dict(id=token.user_id)? + user = self.auth.get_user(token.user_id) + return {'id': user.id} return None def _authorize_user(self, username, key): """ Generates a new token and assigns it to a user """ user = self.auth.get_user_from_access_key(key) - if user and user['name'] == username: + if user and user.name == username: token_hash = hashlib.sha1('%s%s%f' % (username, key, time.time())).hexdigest() - token = {} - token['token_hash'] = token_hash - token['cdn_management_url'] = '' - token['server_management_url'] = self._get_server_mgmt_url() - token['storage_url'] = '' - token['user_id'] = user['uid'] - self.db.auth_create_token(self.context, token) + token_dict = {} + token_dict['token_hash'] = token_hash + token_dict['cdn_management_url'] = '' + token_dict['server_management_url'] = self._get_server_mgmt_url() + token_dict['storage_url'] = '' + token_dict['user_id'] = user.id + token = self.db.auth_create_token(self.context, token_dict) return token, user return None, None diff --git a/nova/db/api.py b/nova/db/api.py index 2f0879c5a..11815991e 100644 --- a/nova/db/api.py +++ b/nova/db/api.py @@ -258,7 +258,7 @@ def instance_get_all(context): def instance_get_all_by_user(context, user_id): """Get all instances.""" - return IMPL.instance_get_all(context, user_id) + return IMPL.instance_get_all_by_user(context, user_id) def instance_get_all_by_project(context, project_id): """Get all instance belonging to a project.""" @@ -473,7 +473,7 @@ def auth_get_token(context, token_hash): def auth_create_token(context, token): """Creates a new token""" - return IMPL.auth_create_token(context, token_hash, token) + return IMPL.auth_create_token(context, token) ################### diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 6f1ea7c23..1043f4bfb 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -1024,7 +1024,8 @@ def auth_destroy_token(_context, token): def auth_get_token(_context, token_hash): session = get_session() tk = session.query(models.AuthToken - ).filter_by(token_hash=token_hash) + ).filter_by(token_hash=token_hash + ).first() if not tk: raise exception.NotFound('Token %s does not exist' % token_hash) return tk @@ -1309,7 +1310,7 @@ def user_get_by_access_key(context, access_key, session=None): ).first() if not result: - raise exception.NotFound('No user for id %s' % id) + raise exception.NotFound('No user for access key %s' % access_key) return result diff --git a/nova/tests/api/openstack/fakes.py b/nova/tests/api/openstack/fakes.py index 34bc1f2a9..6fca19364 100644 --- a/nova/tests/api/openstack/fakes.py +++ b/nova/tests/api/openstack/fakes.py @@ -161,6 +161,10 @@ def stub_out_glance(stubs): stubs.Set(nova.image.service.GlanceImageService, 'delete_all', fake_parallax_client.fake_delete_all) +class FakeToken(object): + def __init__(self, **kwargs): + for k,v in kwargs.iteritems(): + setattr(self, k, v) class FakeAuthDatabase(object): data = {} @@ -171,12 +175,13 @@ class FakeAuthDatabase(object): @staticmethod def auth_create_token(context, token): - token['created_at'] = datetime.datetime.now() - FakeAuthDatabase.data[token['token_hash']] = token + fakeToken = FakeToken(created_at=datetime.datetime.now(), **token) + FakeAuthDatabase.data[fakeToken.token_hash] = fakeToken + return fakeToken @staticmethod def auth_destroy_token(context, token): - if FakeAuthDatabase.data.has_key(token['token_hash']): + if token.token_hash in FakeAuthDatabase.data: del FakeAuthDatabase.data['token_hash'] @@ -188,7 +193,7 @@ class FakeAuthManager(object): def get_user(self, uid): for k, v in FakeAuthManager.auth_data.iteritems(): - if v['uid'] == uid: + if v.id == uid: return v return None diff --git a/nova/tests/api/openstack/test_auth.py b/nova/tests/api/openstack/test_auth.py index d2ba80243..bbfb0fcea 100644 --- a/nova/tests/api/openstack/test_auth.py +++ b/nova/tests/api/openstack/test_auth.py @@ -7,6 +7,7 @@ import webob.dec import nova.api import nova.api.openstack.auth +import nova.auth.manager from nova import auth from nova.tests.api.openstack import fakes @@ -26,7 +27,7 @@ class Test(unittest.TestCase): def test_authorize_user(self): f = fakes.FakeAuthManager() - f.add_user('derp', { 'uid': 1, 'name':'herp' } ) + f.add_user('derp', nova.auth.manager.User(1, 'herp', None, None, None)) req = webob.Request.blank('/v1.0/') req.headers['X-Auth-User'] = 'herp' @@ -40,7 +41,7 @@ class Test(unittest.TestCase): def test_authorize_token(self): f = fakes.FakeAuthManager() - f.add_user('derp', { 'uid': 1, 'name':'herp' } ) + f.add_user('derp', nova.auth.manager.User(1, 'herp', None, None, None)) req = webob.Request.blank('/v1.0/') req.headers['X-Auth-User'] = 'herp' @@ -71,8 +72,9 @@ class Test(unittest.TestCase): self.destroy_called = True def bad_token(meh, context, token_hash): - return { 'token_hash':token_hash, - 'created_at':datetime.datetime(1990, 1, 1) } + return fakes.FakeToken( + token_hash=token_hash, + created_at=datetime.datetime(1990, 1, 1)) self.stubs.Set(fakes.FakeAuthDatabase, 'auth_destroy_token', destroy_token_mock) |