func TestTokenValidate(t *testing.T) {
client, err := clients.NewIdentityV2Client()
if err != nil {
t.Fatalf("Unable to obtain an identity client: %v", err)
}
authOptions, err := openstack.AuthOptionsFromEnv()
if err != nil {
t.Fatalf("Unable to obtain authentication options: %v", err)
}
result := tokens.Create(client, authOptions)
token, err := result.ExtractToken()
if err != nil {
t.Fatalf("Unable to extract token: %v", err)
}
PrintToken(t, token)
getResult := tokens.Get(client, token.ID)
user, err := getResult.ExtractUser()
if err != nil {
t.Fatalf("Unable to extract user: %v", err)
}
PrintTokenUser(t, user)
}
func (b *KeystoneAuthenticationBackend) CheckUser(r *http.Request) (string, error) {
cookie, err := r.Cookie("authtok")
if err != nil {
return "", WrongCredentials
}
tokenID := cookie.Value
if tokenID == "" {
return "", WrongCredentials
}
provider, err := openstack.NewClient(b.AuthURL)
if err != nil {
return "", err
}
provider.TokenID = cookie.Value
client := &gophercloud.ServiceClient{ProviderClient: provider, Endpoint: b.AuthURL}
result := tokens.Get(client, tokenID)
user, err := result.ExtractUser()
if err != nil {
return "", err
}
token, err := result.ExtractToken()
if err != nil {
return "", err
}
if token.Tenant.Name != b.Tenant {
return "", WrongCredentials
}
isAdmin := false
for _, role := range user.Roles {
if role.Name == "admin" {
isAdmin = true
break
}
}
if !isAdmin {
return "", WrongCredentials
}
return user.UserName, nil
}
func tokenGet(t *testing.T, tokenId string) tokens.GetResult {
th.SetupHTTP()
defer th.TeardownHTTP()
HandleTokenGet(t, tokenId)
return tokens.Get(client.ServiceClient(), tokenId)
}
