feature #2796: Support for not-expiring tokens

2025-03-21 14:50:08 +03:00 · 2014-09-24 16:44:50 +02:00 · 2014-09-24 16:44:50 +02:00 · b0cee246a7
commit b0cee246a7
parent ef510dfcd0
4 changed files with 45 additions and 8 deletions
--- a/src/cli/one_helper/oneuser_helper.rb
+++ b/src/cli/one_helper/oneuser_helper.rb
@ -349,8 +349,21 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
        puts str % ["SECONDARY GROUPS", groups.join(',') ] if groups.size > 1
        puts str % ["PASSWORD",    user['PASSWORD']]
        puts str % ["AUTH_DRIVER", user['AUTH_DRIVER']]
-        puts str % ["LOGIN_TOKEN", user['LOGIN_TOKEN/TOKEN']] if !user['LOGIN_TOKEN/TOKEN'].nil?
-        puts str % ["TOKEN VALIDITY", "not after #{Time.at(user['LOGIN_TOKEN/EXPIRATION_TIME'].to_i)}"] if !user['LOGIN_TOKEN/EXPIRATION_TIME'].nil?
+
+        if !user['LOGIN_TOKEN/TOKEN'].nil?
+            puts str % ["LOGIN_TOKEN", user['LOGIN_TOKEN/TOKEN']]
+
+            etime = user['LOGIN_TOKEN/EXPIRATION_TIME']
+
+            validity_str = case etime
+                when nil  then ""
+                when "-1" then "not expires"
+                else "not after #{Time.at(etime.to_i)}"
+            end
+
+            puts str % ["TOKEN VALIDITY", validity_str ]
+        end
+
        puts str % ["ENABLED",
            OpenNebulaHelper.boolean_to_str(user['ENABLED'])]

--- a/src/cli/oneuser
+++ b/src/cli/oneuser
@ -121,7 +121,10 @@ cmd=CommandParser::CmdParser.new(ARGV) do
        :name  => "time",
        :large => "--time x",
        :format => Integer,
-        :description => "Token duration in seconds, defaults to 3600 (1 h)"
+        :description => "Token duration in seconds, defaults to 36000 (10 h). "\
+                        "To reset the token set time to 0." \
+                        "To generate a non-expiring token use -1"\
+                        " (not valid for ssh and x509 tokens). "\
    }

    DRIVER={
@ -339,7 +342,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do

    command :login, login_desc, :username, :options=>login_options do

-        options[:time] ||= 3600
+        options[:time] ||= 36000

        helper.login(args[0], options)
    end
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@ -446,16 +446,25 @@ void UserLogin::request_execute(xmlrpc_c::paramList const& paramList,
        return;
    }

-    if (valid <= 0) //Reset token
+    if (valid == 0) //Reset token
    {
        user->login_token.reset();

        token = "";
    }
-    else
+    else if (valid > 0 || valid == -1)
    {
        token = user->login_token.set(token, valid);
    }
+    else
+    {
+        failure_response(XML_RPC_API,
+            request_error("Wrong valid period for token",""), att);
+
+        user->unlock();
+
+        return;
+    }

    pool->update(user);

--- a/src/um/LoginToken.cc
+++ b/src/um/LoginToken.cc
@ -24,7 +24,8 @@ using namespace std;

 bool LoginToken::is_valid(const string& user_token) const
 {
-    return ((user_token == token) && (time(0) < expiration_time));
+    return ((user_token == token) &&
+            ((expiration_time == -1) || (time(0) < expiration_time)));
 }

 /* -------------------------------------------------------------------------- */
@ -32,7 +33,18 @@ bool LoginToken::is_valid(const string& user_token) const

 const std::string& LoginToken::set(const std::string& user_token, time_t valid)
 {
-    expiration_time = time(0) + valid;
+    if (valid == -1)
+    {
+        expiration_time = -1;
+    }
+    else if (valid > 0 )
+    {
+        expiration_time = time(0) + valid;
+    }
+    else
+    {
+        expiration_time = 0;
+    }

    if (user_token.empty())
    {