The User Module

class openstack_auth.user.Token(auth_ref, unscoped_token=None)[source]

Encapsulates the AccessInfo object from keystoneclient.

Token object provides a consistent interface for accessing the keystone token information and service catalog.

Added for maintaining backward compatibility with horizon that expects Token object in the user object.

class openstack_auth.user.User(id=None, token=None, user=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, project_id=None, project_name=None, is_federated=False, unscoped_token=None, password=None, password_expires_at=None, system_scoped=False)[source]

A User class with some extra special sauce for Keystone.

In addition to the standard Django user attributes, this class also has the following:


The Keystone token object associated with the current user/tenant.

The token object is deprecated, user auth_ref instead.


The id of the Keystone tenant for the current user/token.

The tenant_id keyword argument is deprecated, use project_id instead.


The name of the Keystone tenant for the current user/token.

The tenant_name keyword argument is deprecated, use project_name instead.


The id of the Keystone project for the current user/token.


The name of the Keystone project for the current user/token.


The ServiceCatalog data returned by Keystone.


A list of dictionaries containing role names and ids as returned by Keystone.


A list of non-identity service endpoint regions extracted from the service catalog.


The domain id of the current user.


The domain name of the current user.


The id of the Keystone domain scoped for the current user/token.


Whether user is federated Keystone user. (Boolean)


Unscoped Keystone token.


Password expiration date.

exception DoesNotExist
exception MultipleObjectsReturned
property authorized_tenants

Returns a memoized list of tenants this user may access.

property available_services_regions

Returns list of unique region name values in service catalog.

has_a_matching_perm(perm_list, obj=None)[source]

Returns True if the user has one of the specified permissions.

If object is passed, it checks if the user has any of the required perms for this object.

has_perms(perm_list, obj=None)[source]

Returns True if the user has all of the specified permissions.

Tuples in the list will possess the required permissions if the user has a permissions matching one of the elements of that tuple

property is_active

bool(x) -> bool

Returns True when the argument x is true, False otherwise. The builtins True and False are the only two instances of the class bool. The class bool is a subclass of the class int, and cannot be subclassed.

property is_anonymous

Return if the user is not authenticated.


True if not authenticated,``False`` otherwise.

property is_authenticated

Checks for a valid authentication.

property is_superuser

Evaluates whether this user has admin privileges.


True or False.

property is_system_user

Check if the user has access to the system scope.


Determine if the token is expired.


True if the token is expired, False if not, and None if there is no token set.


margin – A security time margin in seconds before real expiration. Will return True if the token expires in less than margin seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.

save(*args, **kwargs)[source]

Save the current instance. Override this in a subclass if you want to control the saving process.

The ‘force_insert’ and ‘force_update’ parameters can be used to insist that the “save” must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.


Returns the number of remaining days until user’s password expires.

Calculates the number days until the user must change their password, once the password expires the user will not able to log in until an admin changes its password.