func TestTokenValidate(t *testing.T) { client, err := clients.NewIdentityV2Client() if err != nil { t.Fatalf("Unable to obtain an identity client: %v", err) } authOptions, err := openstack.AuthOptionsFromEnv() if err != nil { t.Fatalf("Unable to obtain authentication options: %v", err) } result := tokens.Create(client, authOptions) token, err := result.ExtractToken() if err != nil { t.Fatalf("Unable to extract token: %v", err) } PrintToken(t, token) getResult := tokens.Get(client, token.ID) user, err := getResult.ExtractUser() if err != nil { t.Fatalf("Unable to extract user: %v", err) } PrintTokenUser(t, user) }
func (b *KeystoneAuthenticationBackend) CheckUser(r *http.Request) (string, error) { cookie, err := r.Cookie("authtok") if err != nil { return "", WrongCredentials } tokenID := cookie.Value if tokenID == "" { return "", WrongCredentials } provider, err := openstack.NewClient(b.AuthURL) if err != nil { return "", err } provider.TokenID = cookie.Value client := &gophercloud.ServiceClient{ProviderClient: provider, Endpoint: b.AuthURL} result := tokens.Get(client, tokenID) user, err := result.ExtractUser() if err != nil { return "", err } token, err := result.ExtractToken() if err != nil { return "", err } if token.Tenant.Name != b.Tenant { return "", WrongCredentials } isAdmin := false for _, role := range user.Roles { if role.Name == "admin" { isAdmin = true break } } if !isAdmin { return "", WrongCredentials } return user.UserName, nil }
func tokenGet(t *testing.T, tokenId string) tokens.GetResult { th.SetupHTTP() defer th.TeardownHTTP() HandleTokenGet(t, tokenId) return tokens.Get(client.ServiceClient(), tokenId) }