func (b *KeystoneAuthenticationBackend) CheckUser(r *http.Request) (string, error) { cookie, err := r.Cookie("authtok") if err != nil { return "", WrongCredentials } tokenID := cookie.Value if tokenID == "" { return "", WrongCredentials } provider, err := openstack.NewClient(b.AuthURL) if err != nil { return "", err } provider.TokenID = cookie.Value client := &gophercloud.ServiceClient{ProviderClient: provider, Endpoint: b.AuthURL} result := tokens.Get(client, tokenID) user, err := result.ExtractUser() if err != nil { return "", err } token, err := result.ExtractToken() if err != nil { return "", err } if token.Tenant.Name != b.Tenant { return "", WrongCredentials } isAdmin := false for _, role := range user.Roles { if role.Name == "admin" { isAdmin = true break } } if !isAdmin { return "", WrongCredentials } return user.UserName, nil }
func TestAuthenticateAndValidate(t *testing.T) { // 1. TestAuthenticate ao := v2AuthOptions(t) service := unauthenticatedClient(t) // Authenticated! result := tokens2.Create(service, tokens2.WrapOptions(ao)) // Extract and print the token. token, err := result.ExtractToken() th.AssertNoErr(t, err) t.Logf("Acquired token: [%s]", token.ID) t.Logf("The token will expire at: [%s]", token.ExpiresAt.String()) t.Logf("The token is valid for tenant: [%#v]", token.Tenant) // Extract and print the service catalog. catalog, err := result.ExtractServiceCatalog() th.AssertNoErr(t, err) t.Logf("Acquired service catalog listing [%d] services", len(catalog.Entries)) for i, entry := range catalog.Entries { t.Logf("[%02d]: name=[%s], type=[%s]", i, entry.Name, entry.Type) for _, endpoint := range entry.Endpoints { t.Logf(" - region=[%s] publicURL=[%s]", endpoint.Region, endpoint.PublicURL) } } // 2. TestValidate client := authenticatedClient(t) // Validate Token! getResult := tokens2.Get(client, token.ID) // Extract and print the user. user, err := getResult.ExtractUser() th.AssertNoErr(t, err) t.Logf("Acquired User: [%s]", user.Name) t.Logf("The User id: [%s]", user.ID) t.Logf("The User username: [%s]", user.UserName) t.Logf("The User roles: [%#v]", user.Roles) }