diff options
author | Jamie Lennox <jamielennox@redhat.com> | 2015-03-25 08:18:26 +1100 |
---|---|---|
committer | Jamie Lennox <jamielennox@redhat.com> | 2015-03-25 09:06:20 +1100 |
commit | 961e11225f2648a0bd1e08689412f8f8aac06669 (patch) | |
tree | 871f4461fc9743133386e2bf9a324ae6c183bbb0 | |
parent | e6c25ad380dc1feb0ed121d088151d9fde8cacef (diff) | |
download | django_openstack_auth-961e11225f2648a0bd1e08689412f8f8aac06669.tar.gz |
Follow ups to Authentication Plugins
Address the comments made in the original authentication plugins patch.
* Add some additional logging to the standard username and password
plugin.
* Change the login error message to reflect additional authentication
mechanisms.
* Log a warning if no suitable authentication plugin is found. Given
the way horizon relies solely upon DOA the only real way this should
happen is a configuration error.
Change-Id: Ib827f26da793ef2e43b8f5a0f194293f442b3341
-rw-r--r-- | openstack_auth/backend.py | 6 | ||||
-rw-r--r-- | openstack_auth/plugin/password.py | 5 | ||||
-rw-r--r-- | openstack_auth/tests/tests.py | 4 |
3 files changed, 11 insertions, 4 deletions
diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py index 437b09b..c3104b5 100644 --- a/openstack_auth/backend.py +++ b/openstack_auth/backend.py @@ -94,6 +94,9 @@ class KeystoneBackend(object): if unscoped_auth: break else: + LOG.warn('No authentication backend could be determined to ' + 'handle the provided credentials. This is likely a ' + 'configuration error that should be addressed.') return None session = utils.get_session() @@ -104,9 +107,8 @@ class KeystoneBackend(object): except (keystone_exceptions.Unauthorized, keystone_exceptions.Forbidden, keystone_exceptions.NotFound) as exc: - msg = _('Invalid user name or password.') LOG.debug(str(exc)) - raise exceptions.KeystoneAuthException(msg) + raise exceptions.KeystoneAuthException(_('Invalid credentials.')) except (keystone_exceptions.ClientException, keystone_exceptions.AuthorizationFailure) as exc: msg = _("An error occurred authenticating. " diff --git a/openstack_auth/plugin/password.py b/openstack_auth/plugin/password.py index 4a1e7c1..484adc2 100644 --- a/openstack_auth/plugin/password.py +++ b/openstack_auth/plugin/password.py @@ -10,12 +10,15 @@ # License for the specific language governing permissions and limitations # under the License. +import logging + from keystoneclient.auth.identity import v2 as v2_auth from keystoneclient.auth.identity import v3 as v3_auth from openstack_auth.plugin import base from openstack_auth import utils +LOG = logging.getLogger(__name__) __all__ = ['PasswordPlugin'] @@ -33,6 +36,8 @@ class PasswordPlugin(base.BasePlugin): if not all((auth_url, username, password)): return None + LOG.debug('Attempting to authenticate for %s', username) + if utils.get_keystone_version() >= 3: return v3_auth.Password(auth_url=auth_url, username=username, diff --git a/openstack_auth/tests/tests.py b/openstack_auth/tests/tests.py index 7baa896..dbfa345 100644 --- a/openstack_auth/tests/tests.py +++ b/openstack_auth/tests/tests.py @@ -280,7 +280,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase): # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') - self.assertContains(response, "Invalid user name or password.") + self.assertContains(response, "Invalid credentials.") def test_exception(self): user = self.data.user @@ -628,7 +628,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase): # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') - self.assertContains(response, "Invalid user name or password.") + self.assertContains(response, "Invalid credentials.") def test_exception(self): user = self.data.user |