openstack
/
sahara
Code Issues Proposed changes
sahara/savanna/middleware/auth_valid.py

71 lines
2.3 KiB
Python
Raw Blame History

# Copyright (c) 2013 Mirantis Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import webob.exc as ex
from savanna.openstack.common import log as logging
import savanna.openstack.commons as commons
LOG = logging.getLogger(__name__)
class AuthValidator:
"""Handles token auth results and tenants."""
def __init__(self, app, conf):
self.app = app
self.conf = conf
def __call__(self, env, start_response):
"""Ensures that tenants in url and token are equal.
Handle incoming request by checking tenant info prom the headers and
url ({tenant_id} url attribute).
Pass request downstream on success.
Reject request if tenant_id from headers not equals to tenant_id from
url.
"""
token_tenant = env['HTTP_X_TENANT_ID']
if not token_tenant:
LOG.warn("Can't get tenant_id from env")
resp = ex.HTTPServiceUnavailable()
return resp(env, start_response)
path = env['PATH_INFO']
if path != '/':
version, url_tenant, rest = commons.split_path(path, 3, 3, True)
if not version or not url_tenant or not rest:
LOG.info("Incorrect path: %s", path)
resp = ex.HTTPNotFound("Incorrect path")
return resp(env, start_response)
if token_tenant != url_tenant:
LOG.debug("Unauthorized: token tenant != requested tenant")
resp = ex.HTTPUnauthorized('Token tenant != requested tenant')
return resp(env, start_response)
return self.app(env, start_response)
def filter_factory(global_conf, **local_conf):
conf = global_conf.copy()
conf.update(local_conf)
def auth_filter(app):
return AuthValidator(app, conf)
return auth_filter
View Git Blame Copy Permalink