def delete_token(self, token_id): # Test for existence data = self.get_token(token.unique_id(token_id)) ptk = self._prefix_token_id(token.unique_id(token_id)) result = self.client.delete(ptk) self._add_to_revocation_list(data) return result
def create_token(self, token_id, data): token_id = token.unique_id(token_id) data_copy = copy.deepcopy(data) if 'expires' not in data: data_copy['expires'] = token.default_expire_time() self.db.set('token-%s' % token_id, data_copy) return copy.deepcopy(data_copy)
def test_cleanup_user_index_on_create(self): valid_token_id = uuid.uuid4().hex second_valid_token_id = uuid.uuid4().hex expired_token_id = uuid.uuid4().hex user_id = unicode(uuid.uuid4().hex) expire_delta = datetime.timedelta(seconds=86400) valid_data = {'id': valid_token_id, 'a': 'b', 'user': {'id': user_id}} second_valid_data = {'id': second_valid_token_id, 'a': 'b', 'user': {'id': user_id}} expired_data = {'id': expired_token_id, 'a': 'b', 'user': {'id': user_id}} self.token_api.create_token(valid_token_id, valid_data) self.token_api.create_token(expired_token_id, expired_data) # NOTE(morganfainberg): Directly access the data cache since we need to # get expired tokens as well as valid tokens. token_api.list_tokens() # will not return any expired tokens in the list. user_key = self.token_api._prefix_user_id(user_id) user_record = self.token_api.client.get(user_key) user_token_list = jsonutils.loads('[%s]' % user_record) self.assertEquals(len(user_token_list), 2) expired_token_ptk = self.token_api._prefix_token_id( token.unique_id(expired_token_id)) expired_token = self.token_api.client.get(expired_token_ptk) expired_token['expires'] = (timeutils.utcnow() - expire_delta) self.token_api.client.set(expired_token_ptk, expired_token) self.token_api.create_token(second_valid_token_id, second_valid_data) user_record = self.token_api.client.get(user_key) user_token_list = jsonutils.loads('[%s]' % user_record) self.assertEquals(len(user_token_list), 2)
def delete_token(self, token_id): token_id = token.unique_id(token_id) try: token_ref = self.get_token(token_id) self.db.delete('token-%s' % token_id) self.db.set('revoked-token-%s' % token_id, token_ref) except exception.NotFound: raise exception.TokenNotFound(token_id=token_id)
def create_token(self, token_id, data): token_id = token.unique_id(token_id) data_copy = copy.deepcopy(data) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] self.db.set('token-%s' % token_id, data_copy) return copy.deepcopy(data_copy)
def get_token(self, token_id): if token_id is None: raise exception.TokenNotFound(token_id='') ptk = self._prefix_token_id(token.unique_id(token_id)) token_ref = self.client.get(ptk) if token_ref is None: raise exception.TokenNotFound(token_id=token_id) return token_ref
def create_token(self, token_id, data): token_id = token.unique_id(token_id) data_copy = copy.deepcopy(data) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if 'trust_id' in data and data['trust_id'] is None: data_copy.pop('trust_id') self.db.set('token-%s' % token_id, data_copy) return copy.deepcopy(data_copy)
def delete_token(self, token_id): session = self.get_session() key = token.unique_id(token_id) with session.begin(): token_ref = session.query(TokenModel).get(key) if not token_ref or not token_ref.valid: raise exception.TokenNotFound(token_id=token_id) token_ref.valid = False session.flush()
def get_token(self, token_id): token_id = token.unique_id(token_id) try: ref = self.db.get('token-%s' % token_id) except exception.NotFound: raise exception.TokenNotFound(token_id=token_id) if ref['expires'] is None or ref['expires'] > timeutils.utcnow(): return copy.deepcopy(ref) else: raise exception.TokenNotFound(token_id=token_id)
def delete_token(self, token_id): session = self.get_session() key = token.unique_id(token_id) with session.begin(): token_ref = session.query(TokenModel).filter_by(id=key, valid=True).first() if not token_ref: raise exception.TokenNotFound(token_id=token_id) token_ref.valid = False session.flush()
def get_token(self, token_id): if token_id is None: raise exception.TokenNotFound(token_id=token_id) session = self.get_session() query = session.query(TokenModel) query = query.filter_by(id=token.unique_id(token_id), valid=True) token_ref = query.first() now = datetime.datetime.utcnow() if token_ref and (not token_ref.expires or now < token_ref.expires): return token_ref.to_dict() else: raise exception.TokenNotFound(token_id=token_id)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() token_ref = TokenModel.from_dict(data_copy) token_ref.id = token.unique_id(token_id) token_ref.valid = True session = self.get_session() with session.begin(): session.add(token_ref) session.flush() return token_ref.to_dict()
def get_token(self, token_id): if token_id is None: raise exception.TokenNotFound(token_id=token_id) session = self.get_session() token_ref = session.query(TokenModel).get(token.unique_id(token_id)) now = datetime.datetime.utcnow() if not token_ref or not token_ref.valid: raise exception.TokenNotFound(token_id=token_id) if not token_ref.expires: raise exception.TokenNotFound(token_id=token_id) if now >= token_ref.expires: raise exception.TokenNotFound(token_id=token_id) return token_ref.to_dict()
def get_token(self, token_id): token_id = token.unique_id(token_id) try: ref = self.db.get('token-%s' % token_id) except exception.NotFound: raise exception.TokenNotFound(token_id=token_id) now = timeutils.utcnow() expiry = ref['expires'] if expiry is None: raise exception.TokenNotFound(token_id=token_id) if expiry > now: return copy.deepcopy(ref) else: raise exception.TokenNotFound(token_id=token_id)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] token_ref = TokenModel.from_dict(data_copy) token_ref.id = token.unique_id(token_id) token_ref.valid = True session = self.get_session() with session.begin(): session.add(token_ref) session.flush() return token_ref.to_dict()
def get_token(self, token_id): if token_id is None: raise exception.TokenNotFound(token_id=token_id) session = self.get_session() query = session.query(TokenModel) query = query.filter_by(id=token.unique_id(token_id), valid=True) token_ref = query.first() now = datetime.datetime.utcnow() if not token_ref: raise exception.TokenNotFound(token_id=token_id) if not token_ref.expires: raise exception.TokenNotFound(token_id=token_id) if now >= token_ref.expires: raise exception.TokenNotFound(token_id=token_id) return token_ref.to_dict()
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token.unique_id(token_id)) if 'expires' not in data_copy: data_copy['expires'] = token.default_expire_time() kwargs = {} if data_copy['expires'] is not None: expires_ts = utils.unixtime(data_copy['expires']) kwargs['time'] = expires_ts self.client.set(ptk, data_copy, **kwargs) if 'id' in data['user']: token_data = jsonutils.dumps(token_id) user_id = data['user']['id'] user_key = self._prefix_user_id(user_id) if not self.client.append(user_key, ',%s' % token_data): if not self.client.add(user_key, token_data): if not self.client.append(user_key, ',%s' % token_data): msg = _('Unable to add token user list.') raise exception.UnexpectedError(msg) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token.unique_id(token_id)) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] kwargs = {} if data_copy['expires'] is not None: expires_ts = utils.unixtime(data_copy['expires']) kwargs['time'] = expires_ts self.client.set(ptk, data_copy, **kwargs) if 'id' in data['user']: token_data = jsonutils.dumps(token_id) user_id = data['user']['id'] user_key = self._prefix_user_id(user_id) # Append the new token_id to the token-index-list stored in the # user-key within memcache. self._update_user_list_with_cas(user_key, token_data) return copy.deepcopy(data_copy)
def create_token(self, token_id, data): data_copy = copy.deepcopy(data) ptk = self._prefix_token_id(token.unique_id(token_id)) if not data_copy.get('expires'): data_copy['expires'] = token.default_expire_time() if not data_copy.get('user_id'): data_copy['user_id'] = data_copy['user']['id'] kwargs = {} if data_copy['expires'] is not None: expires_ts = utils.unixtime(data_copy['expires']) kwargs['time'] = expires_ts self.client.set(ptk, data_copy, **kwargs) if 'id' in data['user']: token_data = jsonutils.dumps(token_id) user_id = data['user']['id'] user_key = self._prefix_user_id(user_id) if not self.client.append(user_key, ',%s' % token_data): if not self.client.add(user_key, token_data): if not self.client.append(user_key, ',%s' % token_data): msg = _('Unable to add token user list.') raise exception.UnexpectedError(msg) return copy.deepcopy(data_copy)
def list_tokens(self, user_id, tenant_id=None, trust_id=None): tokens = [] user_key = self._prefix_user_id(user_id) user_record = self.client.get(user_key) or "" token_list = jsonutils.loads('[%s]' % user_record) for token_id in token_list: ptk = self._prefix_token_id(token.unique_id(token_id)) token_ref = self.client.get(ptk) if token_ref: if tenant_id is not None: tenant = token_ref.get('tenant') if not tenant: continue if tenant.get('id') != tenant_id: continue if trust_id is not None: trust = token_ref.get('trust_id') if not trust: continue if trust != trust_id: continue tokens.append(token_id) return tokens
def _update_user_list_with_cas(self, user_key, token_id): cas_retry = 0 max_cas_retry = CONF.memcache.max_compare_and_set_retry current_time = timeutils.normalize_time( timeutils.parse_isotime(timeutils.isotime())) self.client.reset_cas() while cas_retry <= max_cas_retry: # NOTE(morganfainberg): cas or "compare and set" is a function of # memcache. It will return false if the value has changed since the # last call to client.gets(). This is the memcache supported method # of avoiding race conditions on set(). Memcache is already atomic # on the back-end and serializes operations. # # cas_retry is for tracking our iterations before we give up (in # case memcache is down or something horrible happens we don't # iterate forever trying to compare and set the new value. cas_retry += 1 record = self.client.gets(user_key) filtered_list = [] if record is not None: token_list = jsonutils.loads('[%s]' % record) for token_i in token_list: ptk = self._prefix_token_id(token.unique_id(token_i)) token_ref = self.client.get(ptk) if not token_ref: # skip tokens that do not exist in memcache continue if 'expires' in token_ref: expires_at = timeutils.normalize_time( token_ref['expires']) if expires_at < current_time: # skip tokens that are expired. continue # Add the still valid token_id to the list. filtered_list.append(jsonutils.dumps(token_i)) # Add the new token_id to the list. filtered_list.append(token_id) # Use compare-and-set (cas) to set the new value for the # token-index-list for the user-key. Cas is used to prevent race # conditions from causing the loss of valid token ids from this # list. if self.client.cas(user_key, ','.join(filtered_list)): msg = _('Successful set of token-index-list for user-key ' '"%(user_key)s", #%(count)d records') LOG.debug(msg, {'user_key': user_key, 'count': len(filtered_list)}) return filtered_list # The cas function will return true if it succeeded or false if it # failed for any reason, including memcache server being down, cas # id changed since gets() called (the data changed between when # this loop started and this point, etc. error_msg = _('Failed to set token-index-list for user-key ' '"%(user_key)s". Attempt %(cas_retry)d of ' '%(cas_retry_max)d') LOG.debug(error_msg, {'user_key': user_key, 'cas_retry': cas_retry, 'cas_retry_max': max_cas_retry}) # Exceeded the maximum retry attempts. error_msg = _('Unable to add token user list') raise exception.UnexpectedError(error_msg)