Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding user password setting api call
Fixes bug 996922 This commit adds a user_crud module that can be used in the public wsgi pipeline, currently the only operation included allows a user to update their own password. In order to change their password a user should make a HTTP PATCH to /v2.0/OS-KSCRUD/users/<userid> with the json data fomated like this {"user": {"password": "DCBA", "original_password": "ABCD"}} in addition to changing the users password, all current tokens will be cleared (for token backends that support listing) and a new token id will be returned. Change-Id: I0cbdafbb29a5b6531ad192f240efb9379f0efd2d
- Loading branch information
1 parent
ec9c038
commit 4ab47ad
Showing
5 changed files
with
222 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
|
||
# Copyright 2012 Red Hat, Inc | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
# not use this file except in compliance with the License. You may obtain | ||
# a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# License for the specific language governing permissions and limitations | ||
# under the License. | ||
|
||
from keystone.contrib.user_crud.core import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
# vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
|
||
# Copyright 2012 Red Hat, Inc | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
# not use this file except in compliance with the License. You may obtain | ||
# a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# License for the specific language governing permissions and limitations | ||
# under the License. | ||
|
||
import copy | ||
import uuid | ||
|
||
from keystone import exception | ||
from keystone.common import logging | ||
from keystone.common import wsgi | ||
from keystone.identity import Manager as IdentityManager | ||
from keystone.identity import UserController as UserManager | ||
from keystone.token import Manager as TokenManager | ||
|
||
|
||
LOG = logging.getLogger(__name__) | ||
|
||
|
||
class UserController(wsgi.Application): | ||
def __init__(self): | ||
self.identity_api = IdentityManager() | ||
self.token_api = TokenManager() | ||
self.user_controller = UserManager() | ||
|
||
def set_user_password(self, context, user_id, user): | ||
token_id = context.get('token_id') | ||
original_password = user.get('original_password') | ||
|
||
token_ref = self.token_api.get_token(context=context, | ||
token_id=token_id) | ||
user_id_from_token = token_ref['user']['id'] | ||
|
||
if user_id_from_token != user_id or original_password is None: | ||
raise exception.Forbidden() | ||
|
||
try: | ||
user_ref = self.identity_api.authenticate( | ||
context=context, | ||
user_id=user_id_from_token, | ||
password=original_password)[0] | ||
if not user_ref.get('enabled', True): | ||
raise exception.Unauthorized() | ||
except AssertionError: | ||
raise exception.Unauthorized() | ||
|
||
update_dict = {'password': user['password'], 'id': user_id} | ||
|
||
admin_context = copy.copy(context) | ||
admin_context['is_admin'] = True | ||
self.user_controller.set_user_password(admin_context, | ||
user_id, | ||
update_dict) | ||
|
||
token_id = uuid.uuid4().hex | ||
new_token_ref = copy.copy(token_ref) | ||
new_token_ref['id'] = token_id | ||
self.token_api.create_token(context=context, token_id=token_id, | ||
data=new_token_ref) | ||
logging.debug('TOKEN_REF %s', new_token_ref) | ||
return {'access': {'token': new_token_ref}} | ||
|
||
|
||
class CrudExtension(wsgi.ExtensionRouter): | ||
""" | ||
Provides a subset of CRUD operations for internal data types. | ||
""" | ||
|
||
def add_routes(self, mapper): | ||
user_controller = UserController() | ||
|
||
mapper.connect('/OS-KSCRUD/users/{user_id}', | ||
controller=user_controller, | ||
action='set_user_password', | ||
conditions=dict(method=['PATCH'])) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters