diff --git a/include/User.h b/include/User.h index 6e7a1520a9..51879687bc 100644 --- a/include/User.h +++ b/include/User.h @@ -21,6 +21,7 @@ #include "UserTemplate.h" #include "ObjectCollection.h" #include "QuotasSQL.h" +#include "LoginToken.h" class UserQuotas; @@ -93,7 +94,7 @@ public: void disable() { enabled = false; - invalidate_session(); + session.reset(); }; /** @@ -133,7 +134,7 @@ public: int set_auth_driver(const string& _auth_driver, string& error_str) { auth_driver = _auth_driver; - invalidate_session(); + session.reset(); return 0; }; @@ -260,50 +261,7 @@ private: // Authentication session (Private) // ************************************************************************* - /** - * Until when the session_token is valid - */ - time_t session_expiration_time; - - /** - * Last authentication token validated by the driver, can - * be trusted until the session_expiration_time - */ - string session_token; - - /** - * Checks if a session token is authorized and still valid - * - * @param token The authentication token - * @return true if the token is still valid - */ - bool valid_session(const string& token) - { - return (( session_token == token ) && - ( time(0) < session_expiration_time ) ); - }; - - /** - * Resets the authentication session - */ - void invalidate_session() - { - session_token.clear(); - session_expiration_time = 0; - }; - - /** - * Stores the given session token for a limited time. This eliminates the - * need to call the external authentication driver until the time expires. - * - * @param token The authenticated token - * @param validity_time - */ - void set_session(const string& token, time_t validity_time) - { - session_token = token; - session_expiration_time = time(0) + validity_time; - }; + LoginToken session; // ************************************************************************* // DataBase implementation (Private) @@ -388,9 +346,7 @@ protected: quota(), password(_password), auth_driver(_auth_driver), - enabled(_enabled), - session_expiration_time(0), - session_token("") + enabled(_enabled) { obj_template = new UserTemplate; }; diff --git a/src/um/SConstruct b/src/um/SConstruct index d6e6d47531..2d13eea2d9 100644 --- a/src/um/SConstruct +++ b/src/um/SConstruct @@ -31,7 +31,8 @@ source_files=[ 'QuotaImage.cc', 'Quotas.cc', 'DefaultQuotas.cc', - 'QuotasSQL.cc' + 'QuotasSQL.cc', + 'LoginToken.cc' ] # Build library diff --git a/src/um/User.cc b/src/um/User.cc index 30a4196e9c..089988d532 100644 --- a/src/um/User.cc +++ b/src/um/User.cc @@ -354,7 +354,7 @@ int User::set_password(const string& passwd, string& error_str) password = passwd; } - invalidate_session(); + session.reset(); } else { diff --git a/src/um/UserPool.cc b/src/um/UserPool.cc index dbfc725b6e..b63de6cb3d 100644 --- a/src/um/UserPool.cc +++ b/src/um/UserPool.cc @@ -37,6 +37,7 @@ const char * UserPool::CORE_AUTH = "core"; const char * UserPool::SERVER_AUTH = "server*"; const char * UserPool::PUBLIC_AUTH = "public"; const char * UserPool::DEFAULT_AUTH = "default"; +//const char * UserPool::TOKEN_AUTH = "token"; const char * UserPool::SERVER_NAME = "serveradmin"; @@ -446,7 +447,7 @@ bool UserPool::authenticate_internal(User * user, auth_driver = user->auth_driver; - result = user->valid_session(token); + result = user->session.is_valid(token); umask = user->get_umask(); @@ -494,7 +495,7 @@ bool UserPool::authenticate_internal(User * user, if (user != 0) { - user->set_session(token, _session_expiration_time); + user->session.set(token, _session_expiration_time); user->unlock(); } @@ -589,7 +590,7 @@ bool UserPool::authenticate_server(User * user, uname = user->name; gname = user->gname; - result = user->valid_session(second_token); + result = user->session.is_valid(second_token); umask = user->get_umask(); @@ -623,7 +624,7 @@ bool UserPool::authenticate_server(User * user, if (user != 0) { - user->set_session(second_token, _session_expiration_time); + user->session.set(second_token, _session_expiration_time); user->unlock(); }