Example #1
0
func (b *KeystoneAuthenticationBackend) CheckUser(r *http.Request) (string, error) {
	cookie, err := r.Cookie("authtok")
	if err != nil {
		return "", WrongCredentials
	}

	tokenID := cookie.Value
	if tokenID == "" {
		return "", WrongCredentials
	}

	provider, err := openstack.NewClient(b.AuthURL)
	if err != nil {
		return "", err
	}

	provider.TokenID = cookie.Value
	client := &gophercloud.ServiceClient{ProviderClient: provider, Endpoint: b.AuthURL}
	result := tokens.Get(client, tokenID)

	user, err := result.ExtractUser()
	if err != nil {
		return "", err
	}

	token, err := result.ExtractToken()
	if err != nil {
		return "", err
	}

	if token.Tenant.Name != b.Tenant {
		return "", WrongCredentials
	}

	isAdmin := false
	for _, role := range user.Roles {
		if role.Name == "admin" {
			isAdmin = true
			break
		}
	}

	if !isAdmin {
		return "", WrongCredentials
	}

	return user.UserName, nil
}
Example #2
0
func TestAuthenticateAndValidate(t *testing.T) {
	// 1. TestAuthenticate
	ao := v2AuthOptions(t)
	service := unauthenticatedClient(t)

	// Authenticated!
	result := tokens2.Create(service, tokens2.WrapOptions(ao))

	// Extract and print the token.
	token, err := result.ExtractToken()
	th.AssertNoErr(t, err)

	t.Logf("Acquired token: [%s]", token.ID)
	t.Logf("The token will expire at: [%s]", token.ExpiresAt.String())
	t.Logf("The token is valid for tenant: [%#v]", token.Tenant)

	// Extract and print the service catalog.
	catalog, err := result.ExtractServiceCatalog()
	th.AssertNoErr(t, err)

	t.Logf("Acquired service catalog listing [%d] services", len(catalog.Entries))
	for i, entry := range catalog.Entries {
		t.Logf("[%02d]: name=[%s], type=[%s]", i, entry.Name, entry.Type)
		for _, endpoint := range entry.Endpoints {
			t.Logf("      - region=[%s] publicURL=[%s]", endpoint.Region, endpoint.PublicURL)
		}
	}

	// 2. TestValidate
	client := authenticatedClient(t)

	// Validate Token!
	getResult := tokens2.Get(client, token.ID)

	// Extract and print the user.
	user, err := getResult.ExtractUser()
	th.AssertNoErr(t, err)

	t.Logf("Acquired User: [%s]", user.Name)
	t.Logf("The User id: [%s]", user.ID)
	t.Logf("The User username: [%s]", user.UserName)
	t.Logf("The User roles: [%#v]", user.Roles)
}