Merge "auth_token hash pki key PKI tokens on hash in memcached when accessed by auth_token middelware"

This commit is contained in:
Jenkins 2012-11-02 18:29:50 +00:00 committed by Gerrit Code Review
commit a6ef09d943
2 changed files with 15 additions and 7 deletions

View File

@ -472,7 +472,8 @@ class AuthProtocol(object):
"""
try:
cached = self._cache_get(user_token)
token_id = cms.cms_hash_token(user_token)
cached = self._cache_get(token_id)
if cached:
return cached
if cms.is_ans1_token(user_token):
@ -480,7 +481,7 @@ class AuthProtocol(object):
data = json.loads(verified)
else:
data = self.verify_uuid_token(user_token, retry)
self._cache_put(user_token, data)
self._cache_put(token_id, data)
return data
except Exception as e:
LOG.debug('Token validation failure.', exc_info=True)

View File

@ -36,6 +36,9 @@ REVOKED_TOKEN_HASH = None
SIGNED_REVOCATION_LIST = None
SIGNED_TOKEN_SCOPED = None
SIGNED_TOKEN_UNSCOPED = None
SIGNED_TOKEN_SCOPED_KEY = None
SIGNED_TOKEN_UNSCOPED_KEY = None
VALID_SIGNED_REVOCATION_LIST = None
UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
@ -155,11 +158,15 @@ def setUpModule(self):
with open(os.path.join(signing_path, 'revocation_list.pem')) as f:
self.VALID_SIGNED_REVOCATION_LIST = jsonutils.dumps(
{'signed': f.read()})
self.SIGNED_TOKEN_SCOPED_KEY =\
cms.cms_hash_token(self.SIGNED_TOKEN_SCOPED)
self.SIGNED_TOKEN_UNSCOPED_KEY =\
cms.cms_hash_token(self.SIGNED_TOKEN_UNSCOPED)
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED] = {
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_KEY] = {
'access': {
'token': {
'id': self.SIGNED_TOKEN_SCOPED,
'id': self.SIGNED_TOKEN_SCOPED_KEY,
},
'user': {
'id': 'user_id1',
@ -174,10 +181,10 @@ def setUpModule(self):
},
}
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED] = {
self.TOKEN_RESPONSES[SIGNED_TOKEN_UNSCOPED_KEY] = {
'access': {
'token': {
'id': self.SIGNED_TOKEN_UNSCOPED,
'id': SIGNED_TOKEN_UNSCOPED_KEY,
},
'user': {
'id': 'user_id1',
@ -198,7 +205,7 @@ class FakeMemcache(object):
self.token_expiration = None
def get(self, key):
data = TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED].copy()
data = TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED_KEY].copy()
if not data or key != "tokens/%s" % (data['access']['token']['id']):
return
if not self.token_expiration: