diff options
author | Rob Cresswell <robert.cresswell@outlook.com> | 2016-08-10 09:10:20 +0100 |
---|---|---|
committer | Rob Cresswell <robert.cresswell@outlook.com> | 2016-09-22 11:48:19 +0000 |
commit | 03a6db3074e605b901ba68d210bc58f3769a9560 (patch) | |
tree | 315c08f3d94bbd4ef89834c7c798a7c66659b9c8 | |
parent | d51a0bdfd9f8c380d602753428dea6955eed1f72 (diff) | |
download | django_openstack_auth-03a6db3074e605b901ba68d210bc58f3769a9560.tar.gz |
Add is_authenticated and is_anonymous properties
See
https://docs.djangoproject.com/en/1.10/releases/1.10/#using-user-is-authenticated-and-user-is-anonymous-as-methods
is_anonymous() and is_authenticated() functions are now properties, and
throw critical security warnings when using python manage.py check in
django 1.10
The duplication is just to make it explicit which code paths are being
followed. They could be refactored to remove it, but in a few months
when we move to the next LTS we would just end up removing the refactors
since there would once again be a single path.
We also removed the `margin` parameter, since it is never used anywhere.
This will be documented in a Horizon release note.
Change-Id: I7a92089ae62a9017274002648f26f13bc34709d9
(cherry picked from commit 00346889c99c26f1bbdaf3c392bac6dfefb509c7)
-rw-r--r-- | openstack_auth/user.py | 75 |
1 files changed, 46 insertions, 29 deletions
diff --git a/openstack_auth/user.py b/openstack_auth/user.py index c9200f4..fba75e7 100644 --- a/openstack_auth/user.py +++ b/openstack_auth/user.py @@ -14,9 +14,11 @@ import hashlib import logging +import django from django.conf import settings from django.contrib.auth import models from django.db import models as db_models +from django.utils import deprecation from keystoneauth1 import exceptions as keystone_exceptions from keystoneclient.common import cms as keystone_cms import six @@ -261,35 +263,50 @@ class User(models.AbstractBaseUser, models.AnonymousUser): return None return not utils.is_token_valid(self.token, margin) - def is_authenticated(self, margin=None): - """Checks for a valid authentication. - - :param margin: - A security time margin in seconds before end of authentication. - Will return ``False`` if authentication ends in less than ``margin`` - seconds of time. - A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the - django settings. - - """ - return (self.token is not None and - utils.is_token_valid(self.token, margin)) - - def is_anonymous(self, margin=None): - """Return if the user is not authenticated. - - Returns ``True`` if not authenticated,``False`` otherwise. - - :param margin: - A security time margin in seconds before end of an eventual - authentication. - Will return ``True`` even if authenticated but that authentication - ends in less than ``margin`` seconds of time. - A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the - django settings. - - """ - return not self.is_authenticated(margin) + if django.VERSION >= (1, 10): + @property + def is_authenticated(self): + """Checks for a valid authentication.""" + if (self.token is not None and utils.is_token_valid(self.token)): + return deprecation.CallableTrue + else: + return deprecation.CallableFalse + + @property + def is_anonymous(self): + """Return if the user is not authenticated. + + Returns ``True`` if not authenticated,``False`` otherwise. + """ + return deprecation.CallableBool(not self.is_authenticated) + else: + def is_authenticated(self, margin=None): + """Checks for a valid authentication. + + :param margin: + A security time margin in seconds before end of authentication. + Will return ``False`` if authentication ends in less than + ``margin`` seconds of time. + A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the + django settings. + """ + return (self.token is not None and + utils.is_token_valid(self.token, margin)) + + def is_anonymous(self, margin=None): + """Return if the user is not authenticated. + + Returns ``True`` if not authenticated,``False`` otherwise. + + :param margin: + A security time margin in seconds before end of an eventual + authentication. + Will return ``True`` even if authenticated but that + authentication ends in less than ``margin`` seconds of time. + A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the + django settings. + """ + return not self.is_authenticated(margin) @property def is_active(self): |