Source code for keystone.receipt.handlers

# Copyright 2018 Catalyst Cloud Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import flask
import http.client
from oslo_serialization import jsonutils

from keystone.common import authorization
from keystone.common import provider_api
from keystone import exception


PROVIDERS = provider_api.ProviderAPIs


[docs]def extract_receipt(auth_context): receipt_id = flask.request.headers.get( authorization.AUTH_RECEIPT_HEADER, None) if receipt_id: receipt = PROVIDERS.receipt_provider_api.validate_receipt( receipt_id) if auth_context['user_id'] != receipt.user_id: raise exception.ReceiptNotFound( "AuthContext user_id: %s does not match " "user_id for supplied auth receipt: %s" % (auth_context['user_id'], receipt.user_id), receipt_id=receipt_id ) else: receipt = None return receipt
def _render_receipt_response_from_model(receipt): receipt_reference = { 'receipt': { 'methods': receipt.methods, 'user': { 'id': receipt.user['id'], 'name': receipt.user['name'], 'domain': { 'id': receipt.user_domain['id'], 'name': receipt.user_domain['name'], } }, 'expires_at': receipt.expires_at, 'issued_at': receipt.issued_at, }, 'required_auth_methods': receipt.required_methods, } return receipt_reference
[docs]def build_receipt(mfa_error): receipt = PROVIDERS.receipt_provider_api. \ issue_receipt(mfa_error.user_id, mfa_error.methods) resp_data = _render_receipt_response_from_model(receipt) resp_body = jsonutils.dumps(resp_data) response = flask.make_response(resp_body, http.client.UNAUTHORIZED) response.headers[authorization.AUTH_RECEIPT_HEADER] = receipt.id response.headers['Content-Type'] = 'application/json' return response