def authorize(self, ttl): """Authorise the console token and store in the database. :param ttl: time to live in seconds :returns: an authorized token The expires value is set for ttl seconds in the future and the token hash is stored in the database. This function can only succeed if the token is unique and the object has not already been stored. """ if self.obj_attr_is_set('id'): raise exception.ObjectActionError( action='authorize', reason=_('must be a new object to authorize')) token = uuidutils.generate_uuid() token_hash = utils.get_sha256_str(token) expires = timeutils.utcnow_ts() + ttl updates = self.obj_get_changes() # NOTE(melwitt): token could be in the updates if authorize() has been # called twice on the same object. 'token' is not a database column and # should not be included in the call to create the database record. if 'token' in updates: del updates['token'] updates['token_hash'] = token_hash updates['expires'] = expires try: db_obj = db.console_auth_token_create(self._context, updates) db_obj['token'] = token self._from_db_object(self._context, self, db_obj) except DBDuplicateEntry: # NOTE(PaulMurray) we are generating the token above so this # should almost never happen - but technically its possible raise exception.TokenInUse() LOG.debug( "Authorized token with expiry %(expires)s for console " "connection %(console)s", { 'expires': expires, 'console': strutils.mask_password(self) }) return token
def authorize(self, ttl): """Authorise the console token and store in the database. :param ttl: time to live in seconds :returns: an authorized token The expires value is set for ttl seconds in the future and the token hash is stored in the database. This function can only succeed if the token is unique and the object has not already been stored. """ if self.obj_attr_is_set('id'): raise exception.ObjectActionError( action='authorize', reason=_('must be a new object to authorize')) token = uuidutils.generate_uuid() token_hash = utils.get_sha256_str(token) expires = timeutils.utcnow_ts() + ttl updates = self.obj_get_changes() # NOTE(melwitt): token could be in the updates if authorize() has been # called twice on the same object. 'token' is not a database column and # should not be included in the call to create the database record. if 'token' in updates: del updates['token'] updates['token_hash'] = token_hash updates['expires'] = expires try: db_obj = db.console_auth_token_create(self._context, updates) db_obj['token'] = token self._from_db_object(self._context, self, db_obj) except DBDuplicateEntry: # NOTE(PaulMurray) we are generating the token above so this # should almost never happen - but technically its possible raise exception.TokenInUse() LOG.debug("Authorized token with expiry %(expires)s for console " "connection %(console)s", {'expires': expires, 'console': strutils.mask_password(self)}) return token
def validate(cls, context, token): """Validate the token. :param context: the context :param token: the token for the authorization :returns: The ConsoleAuthToken object if valid The token is valid if the token is in the database and the expires time has not passed. """ token_hash = utils.get_sha256_str(token) db_obj = db.console_auth_token_get_valid(context, token_hash) if db_obj is not None: db_obj['token'] = token obj = cls._from_db_object(context, cls(), db_obj) LOG.debug("Validated token - console connection is " "%(console)s", {'console': strutils.mask_password(obj)}) return obj else: LOG.debug("Token validation failed") raise exception.InvalidToken(token='***')
def validate(cls, context, token): """Validate the token. :param context: the context :param token: the token for the authorization :returns: The ConsoleAuthToken object if valid The token is valid if the token is in the database and the expires time has not passed. """ token_hash = utils.get_sha256_str(token) db_obj = db.console_auth_token_get_valid(context, token_hash) if db_obj is not None: db_obj['token'] = token obj = cls._from_db_object(context, cls(), db_obj) LOG.debug("Validated token - console connection is " "%(console)s", {'console': strutils.mask_password(obj)}) return obj else: LOG.debug("Token validation failed") raise exception.InvalidToken(token='***')
def _fake_console_db(self, **updates): console_db = copy.deepcopy(fake_ca.fake_token_dict) console_db['token_hash'] = utils.get_sha256_str('123-456-789') if updates: console_db.update(updates) return console_db
def _fake_console_db(self, **updates): console_db = copy.deepcopy(fake_ca.fake_token_dict) console_db['token_hash'] = utils.get_sha256_str('123-456-789') if updates: console_db.update(updates) return console_db
# a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from oslo_utils.fixture import uuidsentinel from nova import utils fake_token = uuidsentinel.token fake_token_hash = utils.get_sha256_str(fake_token) fake_instance_uuid = uuidsentinel.instance fake_token_dict = { 'created_at': None, 'updated_at': None, 'id': 123, 'token_hash': fake_token_hash, 'console_type': 'fake-type', 'host': 'fake-host', 'port': 1000, 'internal_access_path': 'fake-path', 'instance_uuid': fake_instance_uuid, 'expires': 100, 'access_url_base': 'http://fake.url.fake/root.html' }
# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from nova.tests import uuidsentinel from nova import utils fake_token = uuidsentinel.token fake_token_hash = utils.get_sha256_str(fake_token) fake_instance_uuid = uuidsentinel.instance fake_token_dict = { 'created_at': None, 'updated_at': None, 'id': 123, 'token_hash': fake_token_hash, 'console_type': 'fake-type', 'host': 'fake-host', 'port': 1000, 'internal_access_path': 'fake-path', 'instance_uuid': fake_instance_uuid, 'expires': 100, }