vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass

Browse source
This commit is contained in:
Joseph Schorr 2015-07-20 11:39:59 -04:00
parent 1245385808
commit 33b54218cc
13 changed files with 541 additions and 495 deletions
Download patch file Download diff file Expand all files Collapse all files

11
util/config/validator.py
View file

@ -7,7 +7,10 @@ import OpenSSL
import logging
from fnmatch import fnmatch
from data.users import LDAPConnection, ExternalJWTAuthN, LDAPUsers, KeystoneUsers
from data.users.keystone import KeystoneUsers
from data.users.externaljwt import ExternalJWTAuthN
from data.users.externalldap import LDAPConnection, LDAPUsers
from flask import Flask
from flask.ext.mail import Mail, Message
from data.database import validate_database_url, User
@ -317,7 +320,7 @@ def _validate_ldap(config, password):
users = LDAPUsers(ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr)
username = get_authenticated_user().username
(result, err_msg) = users.verify_user(username, password)
(result, err_msg) = users.verify_credentials(username, password)
if not result:
raise Exception(('Verification of superuser %s failed: %s. \n\nThe user either does not exist ' +
'in the remote authentication system ' +
@ -345,7 +348,7 @@ def _validate_jwt(config, password):
# Verify that the superuser exists. If not, raise an exception.
username = get_authenticated_user().username
(result, err_msg) = users.verify_user(username, password)
(result, err_msg) = users.verify_credentials(username, password)
if not result:
raise Exception(('Verification of superuser %s failed: %s. \n\nThe user either does not ' +
'exist in the remote authentication system ' +
@ -379,7 +382,7 @@ def _validate_keystone(config, password):
# Verify that the superuser exists. If not, raise an exception.
username = get_authenticated_user().username
(result, err_msg) = users.verify_user(username, password)
(result, err_msg) = users.verify_credentials(username, password)
if not result:
raise Exception(('Verification of superuser %s failed: %s \n\nThe user either does not ' +
'exist in the remote authentication system ' +