How to use the keystonemiddleware.auth_token.__init__._BIND_MODE function in keystonemiddleware
To help you get started, we’ve selected a few keystonemiddleware examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
openstack / keystonemiddleware / keystonemiddleware / auth_token / __init__.py View on Github 
return
# permissive and strict modes don't require there to be a bind
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
_BIND_MODE.STRICT)
if not auth_ref.bind:
if permissive:
# no bind provided and none required
return
else:
self.log.info(_LI('No bind information present in token.'))
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:
name = None
else:
name = self._enforce_token_bind
if name and name not in auth_ref.bind:
self.log.info(_LI('Named bind mode %s not in bind information'),
name)
self._invalid_user_token()
for bind_type, identifier in six.iteritems(auth_ref.bind):
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info(_LI('Kerberos credentials required and '
'not present.'))
self._invalid_user_token()self.log.info('No bind information present in token.')
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:
name = None
else:
name = self._enforce_token_bind
if name and name not in auth_ref.bind:
self.log.info('Named bind mode %s not in bind information',
name)
self._invalid_user_token()
for bind_type, identifier in auth_ref.bind.items():
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info('Kerberos credentials required and '
'not present.')
self._invalid_user_token()
if req.remote_user != identifier:
self.log.info('Kerberos credentials do not match '
'those in bind.')
self._invalid_user_token()
self.log.debug('Kerberos bind authentication successful.')
elif self._enforce_token_bind == _BIND_MODE.PERMISSIVE:
self.log.debug('Ignoring Unknown bind for permissive mode: '
'%(bind_type)s: %(identifier)s.',
{'bind_type': bind_type,def _confirm_token_bind(self, auth_ref, req):
if self._enforce_token_bind == _BIND_MODE.DISABLED:
return
# permissive and strict modes don't require there to be a bind
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
_BIND_MODE.STRICT)
if not auth_ref.bind:
if permissive:
# no bind provided and none required
return
else:
self.log.info(_LI('No bind information present in token.'))
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:return
# permissive and strict modes don't require there to be a bind
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
_BIND_MODE.STRICT)
if not auth_ref.bind:
if permissive:
# no bind provided and none required
return
else:
self.log.info('No bind information present in token.')
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:
name = None
else:
name = self._enforce_token_bind
if name and name not in auth_ref.bind:
self.log.info('Named bind mode %s not in bind information',
name)
self._invalid_user_token()
for bind_type, identifier in auth_ref.bind.items():
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info('Kerberos credentials required and '
'not present.')
self._invalid_user_token()def _confirm_token_bind(self, auth_ref, req):
if self._enforce_token_bind == _BIND_MODE.DISABLED:
return
# permissive and strict modes don't require there to be a bind
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
_BIND_MODE.STRICT)
if not auth_ref.bind:
if permissive:
# no bind provided and none required
return
else:
self.log.info('No bind information present in token.')
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:def _confirm_token_bind(self, auth_ref, req):
if self._enforce_token_bind == _BIND_MODE.DISABLED:
return
# permissive and strict modes don't require there to be a bind
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
_BIND_MODE.STRICT)
if not auth_ref.bind:
if permissive:
# no bind provided and none required
return
else:
self.log.info('No bind information present in token.')
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:
name = None
else:
name = self._enforce_token_bind
if name and name not in auth_ref.bind:self.log.info(_LI('No bind information present in token.'))
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:
name = None
else:
name = self._enforce_token_bind
if name and name not in auth_ref.bind:
self.log.info(_LI('Named bind mode %s not in bind information'),
name)
self._invalid_user_token()
for bind_type, identifier in six.iteritems(auth_ref.bind):
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info(_LI('Kerberos credentials required and '
'not present.'))
self._invalid_user_token()
if req.remote_user != identifier:
self.log.info(_LI('Kerberos credentials do not match '
'those in bind.'))
self._invalid_user_token()
self.log.debug('Kerberos bind authentication successful.')
elif self._enforce_token_bind == _BIND_MODE.PERMISSIVE:
self.log.debug('Ignoring Unknown bind for permissive mode: '
'%(bind_type)s: %(identifier)s.',
{'bind_type': bind_type,for bind_type, identifier in six.iteritems(auth_ref.bind):
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info(_LI('Kerberos credentials required and '
'not present.'))
self._invalid_user_token()
if req.remote_user != identifier:
self.log.info(_LI('Kerberos credentials do not match '
'those in bind.'))
self._invalid_user_token()
self.log.debug('Kerberos bind authentication successful.')
elif self._enforce_token_bind == _BIND_MODE.PERMISSIVE:
self.log.debug('Ignoring Unknown bind for permissive mode: '
'%(bind_type)s: %(identifier)s.',
{'bind_type': bind_type,
'identifier': identifier})
else:
self.log.info(
_LI('Couldn`t verify unknown bind: %(bind_type)s: '
'%(identifier)s.'),
{'bind_type': bind_type, 'identifier': identifier})
self._invalid_user_token()for bind_type, identifier in auth_ref.bind.items():
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info('Kerberos credentials required and '
'not present.')
self._invalid_user_token()
if req.remote_user != identifier:
self.log.info('Kerberos credentials do not match '
'those in bind.')
self._invalid_user_token()
self.log.debug('Kerberos bind authentication successful.')
elif self._enforce_token_bind == _BIND_MODE.PERMISSIVE:
self.log.debug('Ignoring Unknown bind for permissive mode: '
'%(bind_type)s: %(identifier)s.',
{'bind_type': bind_type,
'identifier': identifier})
else:
self.log.info(
'Couldn`t verify unknown bind: %(bind_type)s: '
'%(identifier)s.',
{'bind_type': bind_type, 'identifier': identifier})
self._invalid_user_token()def _confirm_token_bind(self, auth_ref, req):
if self._enforce_token_bind == _BIND_MODE.DISABLED:
return
# permissive and strict modes don't require there to be a bind
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
_BIND_MODE.STRICT)
if not auth_ref.bind:
if permissive:
# no bind provided and none required
return
else:
self.log.info(_LI('No bind information present in token.'))
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:
name = None
else:
name = self._enforce_token_bind
if name and name not in auth_ref.bind:keystonemiddleware
Middleware for OpenStack Identity
Package Health Score
82 / 100Popular keystonemiddleware functions
- keystonemiddleware.auth_token
- keystonemiddleware.auth_token.__init__._BIND_MODE
- keystonemiddleware.auth_token._auth
- keystonemiddleware.auth_token._base
- keystonemiddleware.auth_token._base.AUTHTOKEN_GROUP
- keystonemiddleware.auth_token._cache.SecureTokenCache
- keystonemiddleware.auth_token._cache.TokenCache
- keystonemiddleware.auth_token._exceptions
- keystonemiddleware.auth_token._exceptions.ConfigurationError
- keystonemiddleware.auth_token._exceptions.InvalidToken
- keystonemiddleware.auth_token._exceptions.ServiceError
- keystonemiddleware.auth_token._user_plugin.UserAuthPlugin
- keystonemiddleware.auth_token.AuthProtocol
- keystonemiddleware.auth_token.filter_factory
- keystonemiddleware.i18n._
- keystonemiddleware.i18n._LI
- keystonemiddleware.i18n._LW
- keystonemiddleware.openstack.common.gettextutils.Message