- user_id = list(filter(lambda x: x.name == user, self.keystone.users.list()))[0].id
- project_names = [project.name for project in self.keystone.projects.list(user=user_id)]
-
- token = self.keystone.get_raw_token_from_identity_service(
- auth_url=self.auth_url,
- username=user,
- password=password,
- user_domain_name=self.user_domain_name,
- project_domain_name=self.project_domain_name)
-
- return token["auth_token"], project_names
- except ClientException:
- self.logger.exception("Error during user authentication using keystone. Method: basic")
- raise AuthException("Error during user authentication using Keystone", http_code=HTTPStatus.UNAUTHORIZED)
-
- def authenticate_with_token(self, token, project=None):
- """
- Authenticate a user using a token. Can be used to revalidate the token
- or to get a scoped token.
-
- :param token: a valid token.
- :param project: (optional) project for a scoped token.
- :return: return a revalidated token, scoped if a project was passed or
- the previous token was already scoped.
- """
- try:
- token_info = self.keystone.tokens.validate(token=token)
- projects = self.keystone.projects.list(user=token_info["user"]["id"])
- project_names = [project.name for project in projects]
+ username = None
+ user_id = None
+ project_id = None
+ project_name = None
+
+ if user:
+ if is_valid_uuid(user):
+ user_id = user
+ else:
+ username = user
+
+ # get an unscoped token firstly
+ unscoped_token = self.keystone.get_raw_token_from_identity_service(
+ auth_url=self.auth_url,
+ user_id=user_id,
+ username=username,
+ password=password,
+ user_domain_name=self.user_domain_name,
+ project_domain_name=self.project_domain_name)
+ elif token_info:
+ unscoped_token = self.keystone.tokens.validate(token=token_info.get("_id"))
+ else:
+ raise AuthException("Provide credentials: username/password or Authorization Bearer token",
+ http_code=HTTPStatus.UNAUTHORIZED)
+
+ if not project:
+ # get first project for the user
+ project_list = self.keystone.projects.list(user=unscoped_token["user"]["id"])
+ if not project_list:
+ raise AuthException("The user {} has not any project and cannot be used for authentication".
+ format(user), http_code=HTTPStatus.UNAUTHORIZED)
+ project_id = project_list[0].id
+ else:
+ if is_valid_uuid(project):
+ project_id = project
+ else:
+ project_name = project