X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauth.py;h=3047c9fb367268a2ea66c7b38547b2d27454ceea;hp=94eb1e9e74bc75b3d709420c4d0cd0e4a4c9f433;hb=9c63011a8f3ff8f42ad90359323606b9aa9f2e7a;hpb=01b15d3166ea28266fb3d994d0615e4091c43c08 diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py index 94eb1e9..3047c9f 100644 --- a/osm_nbi/auth.py +++ b/osm_nbi/auth.py @@ -39,9 +39,9 @@ from http import HTTPStatus from time import time from os import path -from authconn import AuthException, AuthExceptionUnauthorized -from authconn_keystone import AuthconnKeystone -from authconn_internal import AuthconnInternal # Comment out for testing&debugging, uncomment when ready +from osm_nbi.authconn import AuthException, AuthExceptionUnauthorized +from osm_nbi.authconn_keystone import AuthconnKeystone +from osm_nbi.authconn_internal import AuthconnInternal # Comment out for testing&debugging, uncomment when ready from osm_common import dbmongo from osm_common import dbmemory from osm_common.dbbase import DbException @@ -259,6 +259,8 @@ class Authenticator: pid = self.create_admin_project() self.create_admin_user(pid) + # self.backend.update_user({"_id": "admin", + # "add_project_role_mappings": {"project": "admin", "role": "system_admin"}}) if self.config["authentication"]["backend"] == "keystone": try: self.backend.assign_role_to_user("admin", "admin", "system_admin") @@ -346,6 +348,12 @@ class Authenticator: if cherrypy.session.get('Authorization'): del cherrypy.session['Authorization'] cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e) + elif self.config.get("user_not_authorized"): + # TODO provide user_id, roles id (not name), project_id + return {"id": "fake-token-id-for-test", + "project_id": self.config.get("project_not_authorized", "admin"), + "username": self.config["user_not_authorized"], + "roles": ["system_admin"]} raise def new_token(self, token_info, indata, remote):