From 961e11225f2648a0bd1e08689412f8f8aac06669 Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Wed, 25 Mar 2015 08:18:26 +1100 Subject: [PATCH] Follow ups to Authentication Plugins Address the comments made in the original authentication plugins patch. * Add some additional logging to the standard username and password plugin. * Change the login error message to reflect additional authentication mechanisms. * Log a warning if no suitable authentication plugin is found. Given the way horizon relies solely upon DOA the only real way this should happen is a configuration error. Change-Id: Ib827f26da793ef2e43b8f5a0f194293f442b3341 --- openstack_auth/backend.py | 6 ++++-- openstack_auth/plugin/password.py | 5 +++++ openstack_auth/tests/tests.py | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py index 437b09b4..c3104b54 100644 --- a/openstack_auth/backend.py +++ b/openstack_auth/backend.py @@ -94,6 +94,9 @@ class KeystoneBackend(object): if unscoped_auth: break else: + LOG.warn('No authentication backend could be determined to ' + 'handle the provided credentials. This is likely a ' + 'configuration error that should be addressed.') return None session = utils.get_session() @@ -104,9 +107,8 @@ class KeystoneBackend(object): except (keystone_exceptions.Unauthorized, keystone_exceptions.Forbidden, keystone_exceptions.NotFound) as exc: - msg = _('Invalid user name or password.') LOG.debug(str(exc)) - raise exceptions.KeystoneAuthException(msg) + raise exceptions.KeystoneAuthException(_('Invalid credentials.')) except (keystone_exceptions.ClientException, keystone_exceptions.AuthorizationFailure) as exc: msg = _("An error occurred authenticating. " diff --git a/openstack_auth/plugin/password.py b/openstack_auth/plugin/password.py index 4a1e7c18..484adc2d 100644 --- a/openstack_auth/plugin/password.py +++ b/openstack_auth/plugin/password.py @@ -10,12 +10,15 @@ # License for the specific language governing permissions and limitations # under the License. +import logging + from keystoneclient.auth.identity import v2 as v2_auth from keystoneclient.auth.identity import v3 as v3_auth from openstack_auth.plugin import base from openstack_auth import utils +LOG = logging.getLogger(__name__) __all__ = ['PasswordPlugin'] @@ -33,6 +36,8 @@ class PasswordPlugin(base.BasePlugin): if not all((auth_url, username, password)): return None + LOG.debug('Attempting to authenticate for %s', username) + if utils.get_keystone_version() >= 3: return v3_auth.Password(auth_url=auth_url, username=username, diff --git a/openstack_auth/tests/tests.py b/openstack_auth/tests/tests.py index 7baa896c..dbfa345c 100644 --- a/openstack_auth/tests/tests.py +++ b/openstack_auth/tests/tests.py @@ -280,7 +280,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase): # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') - self.assertContains(response, "Invalid user name or password.") + self.assertContains(response, "Invalid credentials.") def test_exception(self): user = self.data.user @@ -628,7 +628,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase): # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') - self.assertContains(response, "Invalid user name or password.") + self.assertContains(response, "Invalid credentials.") def test_exception(self): user = self.data.user