Follow ups to Authentication Plugins

Address the comments made in the original authentication plugins patch. * Add some additional logging to the standard username and password plugin. * Change the login error message to reflect additional authentication mechanisms. * Log a warning if no suitable authentication plugin is found. Given the way horizon relies solely upon DOA the only real way this should happen is a configuration error. Change-Id: Ib827f26da793ef2e43b8f5a0f194293f442b3341
2015-03-25 08:18:26 +11:00 · 2015-03-25 08:18:26 +11:00 · 961e11225f
parent e6c25ad380
commit 961e11225f
3 changed files with 11 additions and 4 deletions
--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
@ -94,6 +94,9 @@ class KeystoneBackend(object):
            if unscoped_auth:
                break
        else:
+            LOG.warn('No authentication backend could be determined to '
+                     'handle the provided credentials. This is likely a '
+                     'configuration error that should be addressed.')
            return None

        session = utils.get_session()
@ -104,9 +107,8 @@ class KeystoneBackend(object):
        except (keystone_exceptions.Unauthorized,
                keystone_exceptions.Forbidden,
                keystone_exceptions.NotFound) as exc:
-            msg = _('Invalid user name or password.')
            LOG.debug(str(exc))
-            raise exceptions.KeystoneAuthException(msg)
+            raise exceptions.KeystoneAuthException(_('Invalid credentials.'))
        except (keystone_exceptions.ClientException,
                keystone_exceptions.AuthorizationFailure) as exc:
            msg = _("An error occurred authenticating. "
--- a/openstack_auth/plugin/password.py
+++ b/openstack_auth/plugin/password.py
@ -10,12 +10,15 @@
 # License for the specific language governing permissions and limitations
 # under the License.

+import logging
+
 from keystoneclient.auth.identity import v2 as v2_auth
 from keystoneclient.auth.identity import v3 as v3_auth

 from openstack_auth.plugin import base
 from openstack_auth import utils

+LOG = logging.getLogger(__name__)

 __all__ = ['PasswordPlugin']

@ -33,6 +36,8 @@ class PasswordPlugin(base.BasePlugin):
        if not all((auth_url, username, password)):
            return None

+        LOG.debug('Attempting to authenticate for %s', username)
+
        if utils.get_keystone_version() >= 3:
            return v3_auth.Password(auth_url=auth_url,
                                    username=username,
--- a/openstack_auth/tests/tests.py
+++ b/openstack_auth/tests/tests.py
@ -280,7 +280,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
        # POST to the page to log in.
        response = self.client.post(url, form_data)
        self.assertTemplateUsed(response, 'auth/login.html')
-        self.assertContains(response, "Invalid user name or password.")
+        self.assertContains(response, "Invalid credentials.")

    def test_exception(self):
        user = self.data.user
@ -628,7 +628,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
        # POST to the page to log in.
        response = self.client.post(url, form_data)
        self.assertTemplateUsed(response, 'auth/login.html')
-        self.assertContains(response, "Invalid user name or password.")
+        self.assertContains(response, "Invalid credentials.")

    def test_exception(self):
        user = self.data.user