shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-26 06:50:09 +03:00
Code Releases Wiki Activity

feature #2796: Add LoginToken class to abstract token management both for sessions and tokens

Browse Source
This commit is contained in:
Ruben S. Montero 2014-09-03 14:10:45 +02:00
parent fc06d0ce18
commit 9167e78c46
4 changed files with 13 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
include/User.h
View File

@ -21,6 +21,7 @@
#include "UserTemplate.h"
#include "ObjectCollection.h"
#include "QuotasSQL.h"
#include "LoginToken.h"
class UserQuotas;
@ -93,7 +94,7 @@ public:
void disable()
{
enabled = false;
invalidate_session();
session.reset();
};
/**
@ -133,7 +134,7 @@ public:
int set_auth_driver(const string& _auth_driver, string& error_str)
{
auth_driver = _auth_driver;
invalidate_session();
session.reset();
return 0;
};
@ -260,50 +261,7 @@ private:
// Authentication session (Private)
// *************************************************************************
/**
* Until when the session_token is valid
*/
time_t session_expiration_time;
/**
* Last authentication token validated by the driver, can
* be trusted until the session_expiration_time
*/
string session_token;
/**
* Checks if a session token is authorized and still valid
*
* @param token The authentication token
* @return true if the token is still valid
*/
bool valid_session(const string& token)
{
return (( session_token == token ) &&
( time(0) < session_expiration_time ) );
};
/**
* Resets the authentication session
*/
void invalidate_session()
{
session_token.clear();
session_expiration_time = 0;
};
/**
* Stores the given session token for a limited time. This eliminates the
* need to call the external authentication driver until the time expires.
*
* @param token The authenticated token
* @param validity_time
*/
void set_session(const string& token, time_t validity_time)
{
session_token = token;
session_expiration_time = time(0) + validity_time;
};
LoginToken session;
// *************************************************************************
// DataBase implementation (Private)
@ -388,9 +346,7 @@ protected:
quota(),
password(_password),
auth_driver(_auth_driver),
enabled(_enabled),
session_expiration_time(0),
session_token("")
enabled(_enabled)
{
obj_template = new UserTemplate;
};

3
src/um/SConstruct
View File

@ -31,7 +31,8 @@ source_files=[
'QuotaImage.cc',
'Quotas.cc',
'DefaultQuotas.cc',
'QuotasSQL.cc'
'QuotasSQL.cc',
'LoginToken.cc'
]
# Build library

2
src/um/User.cc
View File

@ -354,7 +354,7 @@ int User::set_password(const string& passwd, string& error_str)
password = passwd;
}
invalidate_session();
session.reset();
}
else
{

9
src/um/UserPool.cc
View File

@ -37,6 +37,7 @@ const char * UserPool::CORE_AUTH = "core";
const char * UserPool::SERVER_AUTH = "server*";
const char * UserPool::PUBLIC_AUTH = "public";
const char * UserPool::DEFAULT_AUTH = "default";
//const char * UserPool::TOKEN_AUTH = "token";
const char * UserPool::SERVER_NAME = "serveradmin";
@ -446,7 +447,7 @@ bool UserPool::authenticate_internal(User * user,
auth_driver = user->auth_driver;
result = user->valid_session(token);
result = user->session.is_valid(token);
umask = user->get_umask();
@ -494,7 +495,7 @@ bool UserPool::authenticate_internal(User * user,
if (user != 0)
{
user->set_session(token, _session_expiration_time);
user->session.set(token, _session_expiration_time);
user->unlock();
}
@ -589,7 +590,7 @@ bool UserPool::authenticate_server(User * user,
uname = user->name;
gname = user->gname;
result = user->valid_session(second_token);
result = user->session.is_valid(second_token);
umask = user->get_umask();
@ -623,7 +624,7 @@ bool UserPool::authenticate_server(User * user,
if (user != 0)
{
user->set_session(second_token, _session_expiration_time);
user->session.set(second_token, _session_expiration_time);
user->unlock();
}