diff --git a/src/cloud/common/CloudAuth.rb b/src/cloud/common/CloudAuth.rb index b69934dd81..3177e95247 100644 --- a/src/cloud/common/CloudAuth.rb +++ b/src/cloud/common/CloudAuth.rb @@ -33,7 +33,8 @@ class CloudAuth # Default interval for timestamps. Tokens will be generated using the same # timestamp for this interval of time. - EXPIRE_DELTA = 36000 + # THIS VALUE CANNOT BE LOWER THAN EXPIRE_MARGIN + EXPIRE_DELTA = 1800 # Tokens will be generated if time > EXPIRE_TIME - EXPIRE_MARGIN EXPIRE_MARGIN = 300 @@ -44,11 +45,7 @@ class CloudAuth def initialize(conf) @conf = conf - # @token_expiration_delta: Number of seconds that will be used - # the same timestamp for the token generation - # @token_expiration_time: Current timestamp to be used in tokens. - @token_expiration_delta = @conf[:token_expiration_delta] || EXPIRE_DELTA - @token_expiration_time = Time.now.to_i + @token_expiration_delta + @token_expiration_time = Time.now.to_i + EXPIRE_DELTA if AUTH_MODULES.include?(@conf[:auth]) require 'CloudAuth/' + AUTH_MODULES[@conf[:auth]] @@ -90,13 +87,24 @@ class CloudAuth end end + def auth(env, params={}) + username = do_auth(env, params) + + if username.nil? + update_userpool_cache + do_auth(env, params) + else + username + end + end + protected def expiration_time time_now = Time.now.to_i if time_now > @token_expiration_time - EXPIRE_MARGIN - @token_expiration_time = time_now + @token_expiration_delta + @token_expiration_time = time_now + EXPIRE_DELTA update_userpool_cache end diff --git a/src/cloud/common/CloudAuth/EC2CloudAuth.rb b/src/cloud/common/CloudAuth/EC2CloudAuth.rb index e60f653648..bad85c6cac 100644 --- a/src/cloud/common/CloudAuth/EC2CloudAuth.rb +++ b/src/cloud/common/CloudAuth/EC2CloudAuth.rb @@ -15,7 +15,7 @@ #--------------------------------------------------------------------------- # module EC2CloudAuth - def auth(env, params={}) + def do_auth(env, params={}) username = params['AWSAccessKeyId'] one_pass = get_password(username) return nil unless one_pass diff --git a/src/cloud/common/CloudAuth/OCCICloudAuth.rb b/src/cloud/common/CloudAuth/OCCICloudAuth.rb index e6f80c4f67..4fac9905d9 100644 --- a/src/cloud/common/CloudAuth/OCCICloudAuth.rb +++ b/src/cloud/common/CloudAuth/OCCICloudAuth.rb @@ -15,7 +15,7 @@ #--------------------------------------------------------------------------- # module OCCICloudAuth - def auth(env, params={}) + def do_auth(env, params={}) auth = Rack::Auth::Basic::Request.new(env) if auth.provided? && auth.basic? @@ -28,6 +28,6 @@ module OCCICloudAuth end end - return nil - end + return nil + end end \ No newline at end of file diff --git a/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb b/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb index 9fa855b1d0..69fcb42db5 100644 --- a/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb +++ b/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb @@ -15,7 +15,7 @@ #--------------------------------------------------------------------------- # module SunstoneCloudAuth - def auth(env, params={}) + def do_auth(env, params={}) auth = Rack::Auth::Basic::Request.new(env) if auth.provided? && auth.basic? @@ -28,6 +28,6 @@ module SunstoneCloudAuth end end - return nil - end + return nil + end end \ No newline at end of file diff --git a/src/cloud/common/CloudAuth/X509CloudAuth.rb b/src/cloud/common/CloudAuth/X509CloudAuth.rb index 60f52a0562..5e8613eef7 100644 --- a/src/cloud/common/CloudAuth/X509CloudAuth.rb +++ b/src/cloud/common/CloudAuth/X509CloudAuth.rb @@ -15,7 +15,7 @@ #--------------------------------------------------------------------------- # module X509CloudAuth - def auth(env, params={}) + def do_auth(env, params={}) # For https, the web service should be set to include the user cert in the environment. cert_line = env['HTTP_SSL_CLIENT_CERT'] cert_line = nil if cert_line == '(null)' # For Apache mod_ssl diff --git a/src/cloud/ec2/etc/econe.conf b/src/cloud/ec2/etc/econe.conf index 2f681596c7..9ef6851f2b 100644 --- a/src/cloud/ec2/etc/econe.conf +++ b/src/cloud/ec2/etc/econe.conf @@ -33,8 +33,6 @@ # cipher, for symmetric cipher encryption of tokens # x509, for x509 certificate encryption of tokens :core_auth: cipher -# Life-time in seconds for token renewal (that used to handle OpenNebula auths) -:token_expiration_delta: 1800 # VM types allowed and its template file (inside templates directory) :instance_types: diff --git a/src/cloud/occi/etc/occi-server.conf b/src/cloud/occi/etc/occi-server.conf index f81fa1924a..6304fa24f5 100644 --- a/src/cloud/occi/etc/occi-server.conf +++ b/src/cloud/occi/etc/occi-server.conf @@ -36,8 +36,6 @@ # cipher, for symmetric cipher encryption of tokens # x509, for x509 certificate encryption of tokens :core_auth: cipher -# Life-time in seconds for token renewal (that used to handle OpenNebula auths) -:token_expiration_delta: 1800 # VM types allowed and its template file (inside templates directory) :instance_types: diff --git a/src/sunstone/etc/sunstone-server.conf b/src/sunstone/etc/sunstone-server.conf index 2311501782..4391ca8a5f 100644 --- a/src/sunstone/etc/sunstone-server.conf +++ b/src/sunstone/etc/sunstone-server.conf @@ -14,9 +14,7 @@ # cipher, for symmetric cipher encryption of tokens # x509, for x509 certificate encryption of tokens :core_auth: cipher -# Life-time in seconds for token renewal (that used to handle OpenNebula auths) -:token_expiration_delta: 1800 - + # VNC Configuration :vnc_proxy_base_port: 29876 -:novnc_path: +:novnc_path: