Merge "auth_token hash pki key PKI tokens on hash in memcached when accessed by auth_token middelware"
This commit is contained in:
commit
a6ef09d943
|
@ -472,7 +472,8 @@ class AuthProtocol(object):
|
||||||
|
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
cached = self._cache_get(user_token)
|
token_id = cms.cms_hash_token(user_token)
|
||||||
|
cached = self._cache_get(token_id)
|
||||||
if cached:
|
if cached:
|
||||||
return cached
|
return cached
|
||||||
if cms.is_ans1_token(user_token):
|
if cms.is_ans1_token(user_token):
|
||||||
|
@ -480,7 +481,7 @@ class AuthProtocol(object):
|
||||||
data = json.loads(verified)
|
data = json.loads(verified)
|
||||||
else:
|
else:
|
||||||
data = self.verify_uuid_token(user_token, retry)
|
data = self.verify_uuid_token(user_token, retry)
|
||||||
self._cache_put(user_token, data)
|
self._cache_put(token_id, data)
|
||||||
return data
|
return data
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
LOG.debug('Token validation failure.', exc_info=True)
|
LOG.debug('Token validation failure.', exc_info=True)
|
||||||
|
|
|
@ -36,6 +36,9 @@ REVOKED_TOKEN_HASH = None
|
||||||
SIGNED_REVOCATION_LIST = None
|
SIGNED_REVOCATION_LIST = None
|
||||||
SIGNED_TOKEN_SCOPED = None
|
SIGNED_TOKEN_SCOPED = None
|
||||||
SIGNED_TOKEN_UNSCOPED = None
|
SIGNED_TOKEN_UNSCOPED = None
|
||||||
|
SIGNED_TOKEN_SCOPED_KEY = None
|
||||||
|
SIGNED_TOKEN_UNSCOPED_KEY = None
|
||||||
|
|
||||||
VALID_SIGNED_REVOCATION_LIST = None
|
VALID_SIGNED_REVOCATION_LIST = None
|
||||||
|
|
||||||
UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
|
UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
|
||||||
|
@ -155,11 +158,15 @@ def setUpModule(self):
|
||||||
with open(os.path.join(signing_path, 'revocation_list.pem')) as f:
|
with open(os.path.join(signing_path, 'revocation_list.pem')) as f:
|
||||||
self.VALID_SIGNED_REVOCATION_LIST = jsonutils.dumps(
|
self.VALID_SIGNED_REVOCATION_LIST = jsonutils.dumps(
|
||||||
{'signed': f.read()})
|
{'signed': f.read()})
|
||||||
|
self.SIGNED_TOKEN_SCOPED_KEY =\
|
||||||
|
cms.cms_hash_token(self.SIGNED_TOKEN_SCOPED)
|
||||||
|
self.SIGNED_TOKEN_UNSCOPED_KEY =\
|
||||||
|
cms.cms_hash_token(self.SIGNED_TOKEN_UNSCOPED)
|
||||||
|
|
||||||
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED] = {
|
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_KEY] = {
|
||||||
'access': {
|
'access': {
|
||||||
'token': {
|
'token': {
|
||||||
'id': self.SIGNED_TOKEN_SCOPED,
|
'id': self.SIGNED_TOKEN_SCOPED_KEY,
|
||||||
},
|
},
|
||||||
'user': {
|
'user': {
|
||||||
'id': 'user_id1',
|
'id': 'user_id1',
|
||||||
|
@ -174,10 +181,10 @@ def setUpModule(self):
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED] = {
|
self.TOKEN_RESPONSES[SIGNED_TOKEN_UNSCOPED_KEY] = {
|
||||||
'access': {
|
'access': {
|
||||||
'token': {
|
'token': {
|
||||||
'id': self.SIGNED_TOKEN_UNSCOPED,
|
'id': SIGNED_TOKEN_UNSCOPED_KEY,
|
||||||
},
|
},
|
||||||
'user': {
|
'user': {
|
||||||
'id': 'user_id1',
|
'id': 'user_id1',
|
||||||
|
@ -198,7 +205,7 @@ class FakeMemcache(object):
|
||||||
self.token_expiration = None
|
self.token_expiration = None
|
||||||
|
|
||||||
def get(self, key):
|
def get(self, key):
|
||||||
data = TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED].copy()
|
data = TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED_KEY].copy()
|
||||||
if not data or key != "tokens/%s" % (data['access']['token']['id']):
|
if not data or key != "tokens/%s" % (data['access']['token']['id']):
|
||||||
return
|
return
|
||||||
if not self.token_expiration:
|
if not self.token_expiration:
|
||||||
|
|
Loading…
Reference in New Issue