Example #1
0
func TestTokenValidate(t *testing.T) {
	client, err := clients.NewIdentityV2Client()
	if err != nil {
		t.Fatalf("Unable to obtain an identity client: %v", err)
	}

	authOptions, err := openstack.AuthOptionsFromEnv()
	if err != nil {
		t.Fatalf("Unable to obtain authentication options: %v", err)
	}

	result := tokens.Create(client, authOptions)
	token, err := result.ExtractToken()
	if err != nil {
		t.Fatalf("Unable to extract token: %v", err)
	}

	PrintToken(t, token)

	getResult := tokens.Get(client, token.ID)
	user, err := getResult.ExtractUser()
	if err != nil {
		t.Fatalf("Unable to extract user: %v", err)
	}

	PrintTokenUser(t, user)
}
Example #2
0
func (b *KeystoneAuthenticationBackend) CheckUser(r *http.Request) (string, error) {
	cookie, err := r.Cookie("authtok")
	if err != nil {
		return "", WrongCredentials
	}

	tokenID := cookie.Value
	if tokenID == "" {
		return "", WrongCredentials
	}

	provider, err := openstack.NewClient(b.AuthURL)
	if err != nil {
		return "", err
	}

	provider.TokenID = cookie.Value
	client := &gophercloud.ServiceClient{ProviderClient: provider, Endpoint: b.AuthURL}
	result := tokens.Get(client, tokenID)

	user, err := result.ExtractUser()
	if err != nil {
		return "", err
	}

	token, err := result.ExtractToken()
	if err != nil {
		return "", err
	}

	if token.Tenant.Name != b.Tenant {
		return "", WrongCredentials
	}

	isAdmin := false
	for _, role := range user.Roles {
		if role.Name == "admin" {
			isAdmin = true
			break
		}
	}

	if !isAdmin {
		return "", WrongCredentials
	}

	return user.UserName, nil
}
Example #3
0
func tokenGet(t *testing.T, tokenId string) tokens.GetResult {
	th.SetupHTTP()
	defer th.TeardownHTTP()
	HandleTokenGet(t, tokenId)
	return tokens.Get(client.ServiceClient(), tokenId)
}