Merge "Move auth header definitions into authorization"
This commit is contained in:
Zuul
Gerrit Code Review
commit
7c91276290
|
|
@ -26,6 +26,14 @@ from keystone.i18n import _
|
|||
from keystone.models import token_model
|
||||
|
||||
|
||||
# Header used to transmit the auth token
|
||||
AUTH_TOKEN_HEADER = 'X-Auth-Token'
|
||||
|
||||
|
||||
# Header used to transmit the subject token
|
||||
SUBJECT_TOKEN_HEADER = 'X-Subject-Token'
|
||||
|
||||
|
||||
CONF = conf.CONF
|
||||
AUTH_CONTEXT_ENV = 'KEYSTONE_AUTH_CONTEXT'
|
||||
"""Environment variable used to convey the Keystone auth context.
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ from keystone import exception
|
|||
from keystone.federation import constants as federation_constants
|
||||
from keystone.federation import utils
|
||||
from keystone.i18n import _
|
||||
from keystone.middleware import core
|
||||
from keystone.models import token_model
|
||||
from keystone.token.providers import common
|
||||
|
||||
|
|
@ -141,7 +140,7 @@ class AuthContextMiddleware(auth_token.BaseAuthProtocol):
|
|||
# NOTE(notmorgan): This code is merged over from the admin token
|
||||
# middleware and now emits the security warning when the
|
||||
# conf.admin_token value is set.
|
||||
token = request.headers.get(core.AUTH_TOKEN_HEADER)
|
||||
token = request.headers.get(authorization.AUTH_TOKEN_HEADER)
|
||||
if CONF.admin_token and (token == CONF.admin_token):
|
||||
context_env['is_admin'] = True
|
||||
LOG.warning(
|
||||
|
|
|
|||
|
|
@ -16,28 +16,24 @@ from oslo_log import log
|
|||
from oslo_log import versionutils
|
||||
from oslo_serialization import jsonutils
|
||||
|
||||
from keystone.common import authorization
|
||||
from keystone.common import wsgi
|
||||
from keystone import exception
|
||||
|
||||
|
||||
LOG = log.getLogger(__name__)
|
||||
|
||||
# Header used to transmit the auth token
|
||||
AUTH_TOKEN_HEADER = 'X-Auth-Token'
|
||||
|
||||
|
||||
# Header used to transmit the subject token
|
||||
SUBJECT_TOKEN_HEADER = 'X-Subject-Token'
|
||||
|
||||
|
||||
class TokenAuthMiddleware(wsgi.Middleware):
|
||||
def process_request(self, request):
|
||||
token = request.headers.get(AUTH_TOKEN_HEADER)
|
||||
context = request.environ.get(wsgi.CONTEXT_ENV, {})
|
||||
context = request.environ.setdefault(wsgi.CONTEXT_ENV, {})
|
||||
|
||||
token = request.headers.get(authorization.AUTH_TOKEN_HEADER)
|
||||
context['token_id'] = token
|
||||
if SUBJECT_TOKEN_HEADER in request.headers:
|
||||
context['subject_token_id'] = request.headers[SUBJECT_TOKEN_HEADER]
|
||||
request.environ[wsgi.CONTEXT_ENV] = context
|
||||
|
||||
subject_token = request.headers.get(authorization.SUBJECT_TOKEN_HEADER)
|
||||
if subject_token:
|
||||
context['subject_token_id'] = subject_token
|
||||
|
||||
|
||||
class AdminTokenAuthMiddleware(wsgi.Middleware):
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ class TokenAuthMiddlewareTest(MiddlewareRequestTestBase):
|
|||
MIDDLEWARE_CLASS = middleware.TokenAuthMiddleware
|
||||
|
||||
def test_request(self):
|
||||
headers = {middleware.AUTH_TOKEN_HEADER: 'MAGIC'}
|
||||
headers = {authorization.AUTH_TOKEN_HEADER: 'MAGIC'}
|
||||
req = self._do_middleware_request(headers=headers)
|
||||
context = req.environ[wsgi.CONTEXT_ENV]
|
||||
self.assertEqual('MAGIC', context['token_id'])
|
||||
|
|
@ -721,7 +721,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
|
|||
def test_admin_token_context(self):
|
||||
self.config_fixture.config(admin_token='ADMIN')
|
||||
log_fix = self.useFixture(fixtures.FakeLogger())
|
||||
headers = {middleware.AUTH_TOKEN_HEADER: 'ADMIN'}
|
||||
headers = {authorization.AUTH_TOKEN_HEADER: 'ADMIN'}
|
||||
req = self._do_middleware_request(headers=headers)
|
||||
self.assertTrue(req.environ[wsgi.CONTEXT_ENV]['is_admin'])
|
||||
self.assertNotIn('Invalid user token', log_fix.output)
|
||||
|
|
@ -730,6 +730,6 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
|
|||
self.config_fixture.config(
|
||||
admin_token='ADMIN')
|
||||
log_fix = self.useFixture(fixtures.FakeLogger())
|
||||
headers = {middleware.AUTH_TOKEN_HEADER: 'NOT-ADMIN'}
|
||||
headers = {authorization.AUTH_TOKEN_HEADER: 'NOT-ADMIN'}
|
||||
self._do_middleware_request(headers=headers)
|
||||
self.assertIn('Invalid user token', log_fix.output)
|
||||
|
|
|
|||
|
|
@ -1242,7 +1242,7 @@ class AuthContextMiddlewareAdminTokenTestCase(RestfulTestCase):
|
|||
|
||||
app = webtest.TestApp(middleware.AuthContextMiddleware(application),
|
||||
extra_environ=extra_environ)
|
||||
resp = app.get('/', headers={middleware.AUTH_TOKEN_HEADER: token})
|
||||
resp = app.get('/', headers={authorization.AUTH_TOKEN_HEADER: token})
|
||||
self.assertEqual('body', resp.text) # just to make sure it worked
|
||||
return resp.request
|
||||
|
||||
|
|
@ -1273,7 +1273,7 @@ class AuthContextMiddlewareTestCase(RestfulTestCase):
|
|||
|
||||
app = webtest.TestApp(middleware.AuthContextMiddleware(application),
|
||||
extra_environ=extra_environ)
|
||||
resp = app.get('/', headers={middleware.AUTH_TOKEN_HEADER: token})
|
||||
resp = app.get('/', headers={authorization.AUTH_TOKEN_HEADER: token})
|
||||
self.assertEqual(b'body', resp.body) # just to make sure it worked
|
||||
return resp.request
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue