Merge "auth_token hash pki key PKI tokens on hash in memcached when accessed by auth_token middelware"

2012-11-02 18:29:50 +00:00 · 2012-11-02 18:29:50 +00:00 · a6ef09d943
commit a6ef09d943
parent 8ee6963506 75496bbe69
2 changed files with 15 additions and 7 deletions
--- a/keystone/middleware/auth_token.py
+++ b/keystone/middleware/auth_token.py
@ -472,7 +472,8 @@ class AuthProtocol(object):

        """
        try:
-            cached = self._cache_get(user_token)
+            token_id = cms.cms_hash_token(user_token)
+            cached = self._cache_get(token_id)
            if cached:
                return cached
            if cms.is_ans1_token(user_token):
@ -480,7 +481,7 @@ class AuthProtocol(object):
                data = json.loads(verified)
            else:
                data = self.verify_uuid_token(user_token, retry)
-            self._cache_put(user_token, data)
+            self._cache_put(token_id, data)
            return data
        except Exception as e:
            LOG.debug('Token validation failure.', exc_info=True)
--- a/tests/test_auth_token_middleware.py
+++ b/tests/test_auth_token_middleware.py
@ -36,6 +36,9 @@ REVOKED_TOKEN_HASH = None
 SIGNED_REVOCATION_LIST = None
 SIGNED_TOKEN_SCOPED = None
 SIGNED_TOKEN_UNSCOPED = None
+SIGNED_TOKEN_SCOPED_KEY = None
+SIGNED_TOKEN_UNSCOPED_KEY = None
+
 VALID_SIGNED_REVOCATION_LIST = None

 UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
@ -155,11 +158,15 @@ def setUpModule(self):
    with open(os.path.join(signing_path, 'revocation_list.pem')) as f:
        self.VALID_SIGNED_REVOCATION_LIST = jsonutils.dumps(
            {'signed': f.read()})
+    self.SIGNED_TOKEN_SCOPED_KEY =\
+        cms.cms_hash_token(self.SIGNED_TOKEN_SCOPED)
+    self.SIGNED_TOKEN_UNSCOPED_KEY =\
+        cms.cms_hash_token(self.SIGNED_TOKEN_UNSCOPED)

-    self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED] = {
+    self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_KEY] = {
        'access': {
            'token': {
-                'id': self.SIGNED_TOKEN_SCOPED,
+                'id': self.SIGNED_TOKEN_SCOPED_KEY,
            },
            'user': {
                'id': 'user_id1',
@ -174,10 +181,10 @@ def setUpModule(self):
        },
    }

-    self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED] = {
+    self.TOKEN_RESPONSES[SIGNED_TOKEN_UNSCOPED_KEY] = {
        'access': {
            'token': {
-                'id': self.SIGNED_TOKEN_UNSCOPED,
+                'id': SIGNED_TOKEN_UNSCOPED_KEY,
            },
            'user': {
                'id': 'user_id1',
@ -198,7 +205,7 @@ class FakeMemcache(object):
        self.token_expiration = None

    def get(self, key):
-        data = TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED].copy()
+        data = TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED_KEY].copy()
        if not data or key != "tokens/%s" % (data['access']['token']['id']):
            return
        if not self.token_expiration: