def delete_token(self, token_id):
# Test for existence
data = self.get_token(token.unique_id(token_id))
ptk = self._prefix_token_id(token.unique_id(token_id))
result = self.client.delete(ptk)
self._add_to_revocation_list(data)
return result
def delete_token(self, token_id):
# Test for existence
data = self.get_token(token.unique_id(token_id))
ptk = self._prefix_token_id(token.unique_id(token_id))
result = self.client.delete(ptk)
self._add_to_revocation_list(data)
return result
def create_token(self, token_id, data):
token_id = token.unique_id(token_id)
data_copy = copy.deepcopy(data)
if 'expires' not in data:
data_copy['expires'] = token.default_expire_time()
self.db.set('token-%s' % token_id, data_copy)
return copy.deepcopy(data_copy)
def test_cleanup_user_index_on_create(self):
valid_token_id = uuid.uuid4().hex
second_valid_token_id = uuid.uuid4().hex
expired_token_id = uuid.uuid4().hex
user_id = unicode(uuid.uuid4().hex)
expire_delta = datetime.timedelta(seconds=86400)
valid_data = {'id': valid_token_id, 'a': 'b',
'user': {'id': user_id}}
second_valid_data = {'id': second_valid_token_id, 'a': 'b',
'user': {'id': user_id}}
expired_data = {'id': expired_token_id, 'a': 'b',
'user': {'id': user_id}}
self.token_api.create_token(valid_token_id, valid_data)
self.token_api.create_token(expired_token_id, expired_data)
# NOTE(morganfainberg): Directly access the data cache since we need to
# get expired tokens as well as valid tokens. token_api.list_tokens()
# will not return any expired tokens in the list.
user_key = self.token_api._prefix_user_id(user_id)
user_record = self.token_api.client.get(user_key)
user_token_list = jsonutils.loads('[%s]' % user_record)
self.assertEquals(len(user_token_list), 2)
expired_token_ptk = self.token_api._prefix_token_id(
token.unique_id(expired_token_id))
expired_token = self.token_api.client.get(expired_token_ptk)
expired_token['expires'] = (timeutils.utcnow() - expire_delta)
self.token_api.client.set(expired_token_ptk, expired_token)
self.token_api.create_token(second_valid_token_id, second_valid_data)
user_record = self.token_api.client.get(user_key)
user_token_list = jsonutils.loads('[%s]' % user_record)
self.assertEquals(len(user_token_list), 2)
def delete_token(self, token_id):
token_id = token.unique_id(token_id)
try:
token_ref = self.get_token(token_id)
self.db.delete('token-%s' % token_id)
self.db.set('revoked-token-%s' % token_id, token_ref)
except exception.NotFound:
raise exception.TokenNotFound(token_id=token_id)
def delete_token(self, token_id):
token_id = token.unique_id(token_id)
try:
token_ref = self.get_token(token_id)
self.db.delete('token-%s' % token_id)
self.db.set('revoked-token-%s' % token_id, token_ref)
except exception.NotFound:
raise exception.TokenNotFound(token_id=token_id)
def create_token(self, token_id, data):
token_id = token.unique_id(token_id)
data_copy = copy.deepcopy(data)
if not data_copy.get('expires'):
data_copy['expires'] = token.default_expire_time()
if not data_copy.get('user_id'):
data_copy['user_id'] = data_copy['user']['id']
self.db.set('token-%s' % token_id, data_copy)
return copy.deepcopy(data_copy)
def get_token(self, token_id):
if token_id is None:
raise exception.TokenNotFound(token_id='')
ptk = self._prefix_token_id(token.unique_id(token_id))
token_ref = self.client.get(ptk)
if token_ref is None:
raise exception.TokenNotFound(token_id=token_id)
return token_ref
def create_token(self, token_id, data):
token_id = token.unique_id(token_id)
data_copy = copy.deepcopy(data)
if not data_copy.get('expires'):
data_copy['expires'] = token.default_expire_time()
if 'trust_id' in data and data['trust_id'] is None:
data_copy.pop('trust_id')
self.db.set('token-%s' % token_id, data_copy)
return copy.deepcopy(data_copy)
def delete_token(self, token_id):
session = self.get_session()
key = token.unique_id(token_id)
with session.begin():
token_ref = session.query(TokenModel).get(key)
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
token_ref.valid = False
session.flush()
def get_token(self, token_id):
if token_id is None:
raise exception.TokenNotFound(token_id='')
ptk = self._prefix_token_id(token.unique_id(token_id))
token_ref = self.client.get(ptk)
if token_ref is None:
raise exception.TokenNotFound(token_id=token_id)
return token_ref
def create_token(self, token_id, data):
token_id = token.unique_id(token_id)
data_copy = copy.deepcopy(data)
if not data_copy.get('expires'):
data_copy['expires'] = token.default_expire_time()
if not data_copy.get('user_id'):
data_copy['user_id'] = data_copy['user']['id']
self.db.set('token-%s' % token_id, data_copy)
return copy.deepcopy(data_copy)
def delete_token(self, token_id):
session = self.get_session()
key = token.unique_id(token_id)
with session.begin():
token_ref = session.query(TokenModel).get(key)
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
token_ref.valid = False
session.flush()
def get_token(self, token_id):
token_id = token.unique_id(token_id)
try:
ref = self.db.get('token-%s' % token_id)
except exception.NotFound:
raise exception.TokenNotFound(token_id=token_id)
if ref['expires'] is None or ref['expires'] > timeutils.utcnow():
return copy.deepcopy(ref)
else:
raise exception.TokenNotFound(token_id=token_id)
def delete_token(self, token_id):
session = self.get_session()
key = token.unique_id(token_id)
with session.begin():
token_ref = session.query(TokenModel).filter_by(id=key,
valid=True).first()
if not token_ref:
raise exception.TokenNotFound(token_id=token_id)
token_ref.valid = False
session.flush()
def get_token(self, token_id):
if token_id is None:
raise exception.TokenNotFound(token_id=token_id)
session = self.get_session()
query = session.query(TokenModel)
query = query.filter_by(id=token.unique_id(token_id), valid=True)
token_ref = query.first()
now = datetime.datetime.utcnow()
if token_ref and (not token_ref.expires or now < token_ref.expires):
return token_ref.to_dict()
else:
raise exception.TokenNotFound(token_id=token_id)
def create_token(self, token_id, data):
data_copy = copy.deepcopy(data)
if not data_copy.get('expires'):
data_copy['expires'] = token.default_expire_time()
token_ref = TokenModel.from_dict(data_copy)
token_ref.id = token.unique_id(token_id)
token_ref.valid = True
session = self.get_session()
with session.begin():
session.add(token_ref)
session.flush()
return token_ref.to_dict()
def get_token(self, token_id):
if token_id is None:
raise exception.TokenNotFound(token_id=token_id)
session = self.get_session()
token_ref = session.query(TokenModel).get(token.unique_id(token_id))
now = datetime.datetime.utcnow()
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
if not token_ref.expires:
raise exception.TokenNotFound(token_id=token_id)
if now >= token_ref.expires:
raise exception.TokenNotFound(token_id=token_id)
return token_ref.to_dict()
def get_token(self, token_id):
if token_id is None:
raise exception.TokenNotFound(token_id=token_id)
session = self.get_session()
token_ref = session.query(TokenModel).get(token.unique_id(token_id))
now = datetime.datetime.utcnow()
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
if not token_ref.expires:
raise exception.TokenNotFound(token_id=token_id)
if now >= token_ref.expires:
raise exception.TokenNotFound(token_id=token_id)
return token_ref.to_dict()
def get_token(self, token_id):
token_id = token.unique_id(token_id)
try:
ref = self.db.get('token-%s' % token_id)
except exception.NotFound:
raise exception.TokenNotFound(token_id=token_id)
now = timeutils.utcnow()
expiry = ref['expires']
if expiry is None:
raise exception.TokenNotFound(token_id=token_id)
if expiry > now:
return copy.deepcopy(ref)
else:
raise exception.TokenNotFound(token_id=token_id)
def create_token(self, token_id, data):
data_copy = copy.deepcopy(data)
if not data_copy.get('expires'):
data_copy['expires'] = token.default_expire_time()
if not data_copy.get('user_id'):
data_copy['user_id'] = data_copy['user']['id']
token_ref = TokenModel.from_dict(data_copy)
token_ref.id = token.unique_id(token_id)
token_ref.valid = True
session = self.get_session()
with session.begin():
session.add(token_ref)
session.flush()
return token_ref.to_dict()
def get_token(self, token_id):
if token_id is None:
raise exception.TokenNotFound(token_id=token_id)
session = self.get_session()
query = session.query(TokenModel)
query = query.filter_by(id=token.unique_id(token_id), valid=True)
token_ref = query.first()
now = datetime.datetime.utcnow()
if not token_ref:
raise exception.TokenNotFound(token_id=token_id)
if not token_ref.expires:
raise exception.TokenNotFound(token_id=token_id)
if now >= token_ref.expires:
raise exception.TokenNotFound(token_id=token_id)
return token_ref.to_dict()
def create_token(self, token_id, data):
data_copy = copy.deepcopy(data)
ptk = self._prefix_token_id(token.unique_id(token_id))
if 'expires' not in data_copy:
data_copy['expires'] = token.default_expire_time()
kwargs = {}
if data_copy['expires'] is not None:
expires_ts = utils.unixtime(data_copy['expires'])
kwargs['time'] = expires_ts
self.client.set(ptk, data_copy, **kwargs)
if 'id' in data['user']:
token_data = jsonutils.dumps(token_id)
user_id = data['user']['id']
user_key = self._prefix_user_id(user_id)
if not self.client.append(user_key, ',%s' % token_data):
if not self.client.add(user_key, token_data):
if not self.client.append(user_key, ',%s' % token_data):
msg = _('Unable to add token user list.')
raise exception.UnexpectedError(msg)
return copy.deepcopy(data_copy)
def create_token(self, token_id, data):
data_copy = copy.deepcopy(data)
ptk = self._prefix_token_id(token.unique_id(token_id))
if not data_copy.get('expires'):
data_copy['expires'] = token.default_expire_time()
if not data_copy.get('user_id'):
data_copy['user_id'] = data_copy['user']['id']
kwargs = {}
if data_copy['expires'] is not None:
expires_ts = utils.unixtime(data_copy['expires'])
kwargs['time'] = expires_ts
self.client.set(ptk, data_copy, **kwargs)
if 'id' in data['user']:
token_data = jsonutils.dumps(token_id)
user_id = data['user']['id']
user_key = self._prefix_user_id(user_id)
# Append the new token_id to the token-index-list stored in the
# user-key within memcache.
self._update_user_list_with_cas(user_key, token_data)
return copy.deepcopy(data_copy)
def create_token(self, token_id, data):
data_copy = copy.deepcopy(data)
ptk = self._prefix_token_id(token.unique_id(token_id))
if not data_copy.get('expires'):
data_copy['expires'] = token.default_expire_time()
if not data_copy.get('user_id'):
data_copy['user_id'] = data_copy['user']['id']
kwargs = {}
if data_copy['expires'] is not None:
expires_ts = utils.unixtime(data_copy['expires'])
kwargs['time'] = expires_ts
self.client.set(ptk, data_copy, **kwargs)
if 'id' in data['user']:
token_data = jsonutils.dumps(token_id)
user_id = data['user']['id']
user_key = self._prefix_user_id(user_id)
if not self.client.append(user_key, ',%s' % token_data):
if not self.client.add(user_key, token_data):
if not self.client.append(user_key, ',%s' % token_data):
msg = _('Unable to add token user list.')
raise exception.UnexpectedError(msg)
return copy.deepcopy(data_copy)
def list_tokens(self, user_id, tenant_id=None, trust_id=None):
tokens = []
user_key = self._prefix_user_id(user_id)
user_record = self.client.get(user_key) or ""
token_list = jsonutils.loads('[%s]' % user_record)
for token_id in token_list:
ptk = self._prefix_token_id(token.unique_id(token_id))
token_ref = self.client.get(ptk)
if token_ref:
if tenant_id is not None:
tenant = token_ref.get('tenant')
if not tenant:
continue
if tenant.get('id') != tenant_id:
continue
if trust_id is not None:
trust = token_ref.get('trust_id')
if not trust:
continue
if trust != trust_id:
continue
tokens.append(token_id)
return tokens
def list_tokens(self, user_id, tenant_id=None, trust_id=None):
tokens = []
user_key = self._prefix_user_id(user_id)
user_record = self.client.get(user_key) or ""
token_list = jsonutils.loads('[%s]' % user_record)
for token_id in token_list:
ptk = self._prefix_token_id(token.unique_id(token_id))
token_ref = self.client.get(ptk)
if token_ref:
if tenant_id is not None:
tenant = token_ref.get('tenant')
if not tenant:
continue
if tenant.get('id') != tenant_id:
continue
if trust_id is not None:
trust = token_ref.get('trust_id')
if not trust:
continue
if trust != trust_id:
continue
tokens.append(token_id)
return tokens
def _update_user_list_with_cas(self, user_key, token_id):
cas_retry = 0
max_cas_retry = CONF.memcache.max_compare_and_set_retry
current_time = timeutils.normalize_time(
timeutils.parse_isotime(timeutils.isotime()))
self.client.reset_cas()
while cas_retry <= max_cas_retry:
# NOTE(morganfainberg): cas or "compare and set" is a function of
# memcache. It will return false if the value has changed since the
# last call to client.gets(). This is the memcache supported method
# of avoiding race conditions on set(). Memcache is already atomic
# on the back-end and serializes operations.
#
# cas_retry is for tracking our iterations before we give up (in
# case memcache is down or something horrible happens we don't
# iterate forever trying to compare and set the new value.
cas_retry += 1
record = self.client.gets(user_key)
filtered_list = []
if record is not None:
token_list = jsonutils.loads('[%s]' % record)
for token_i in token_list:
ptk = self._prefix_token_id(token.unique_id(token_i))
token_ref = self.client.get(ptk)
if not token_ref:
# skip tokens that do not exist in memcache
continue
if 'expires' in token_ref:
expires_at = timeutils.normalize_time(
token_ref['expires'])
if expires_at < current_time:
# skip tokens that are expired.
continue
# Add the still valid token_id to the list.
filtered_list.append(jsonutils.dumps(token_i))
# Add the new token_id to the list.
filtered_list.append(token_id)
# Use compare-and-set (cas) to set the new value for the
# token-index-list for the user-key. Cas is used to prevent race
# conditions from causing the loss of valid token ids from this
# list.
if self.client.cas(user_key, ','.join(filtered_list)):
msg = _('Successful set of token-index-list for user-key '
'"%(user_key)s", #%(count)d records')
LOG.debug(msg, {'user_key': user_key,
'count': len(filtered_list)})
return filtered_list
# The cas function will return true if it succeeded or false if it
# failed for any reason, including memcache server being down, cas
# id changed since gets() called (the data changed between when
# this loop started and this point, etc.
error_msg = _('Failed to set token-index-list for user-key '
'"%(user_key)s". Attempt %(cas_retry)d of '
'%(cas_retry_max)d')
LOG.debug(error_msg,
{'user_key': user_key,
'cas_retry': cas_retry,
'cas_retry_max': max_cas_retry})
# Exceeded the maximum retry attempts.
error_msg = _('Unable to add token user list')
raise exception.UnexpectedError(error_msg)
