diff options
| author | Adam Young <ayoung@redhat.com> | 2012-10-30 20:22:24 -0400 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2012-11-01 14:10:28 -0400 |
| commit | 75496bbe6940e72fd42dcaacbfc92b6cf92b1149 (patch) | |
| tree | d12450ea11671065bc742b75c25a78d6dc7282b6 | |
| parent | 23aa49ee3d5d71c0cca25c7e16fb5fc7771d5c02 (diff) | |
| download | keystone-75496bbe6940e72fd42dcaacbfc92b6cf92b1149.tar.gz keystone-75496bbe6940e72fd42dcaacbfc92b6cf92b1149.tar.xz keystone-75496bbe6940e72fd42dcaacbfc92b6cf92b1149.zip | |
auth_token hash pki
key PKI tokens on hash in memcached when accessed by auth_token
middelware
Bug 1073343
Change-Id: I32e5481f82fd110c855d7e1138c3d43c73099bbb
| -rw-r--r-- | keystone/middleware/auth_token.py | 5 | ||||
| -rw-r--r-- | tests/test_auth_token_middleware.py | 17 |
2 files changed, 15 insertions, 7 deletions
diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py index 5c198e83..e8ed99b3 100644 --- a/keystone/middleware/auth_token.py +++ b/keystone/middleware/auth_token.py @@ -472,7 +472,8 @@ class AuthProtocol(object): """ try: - cached = self._cache_get(user_token) + token_id = cms.cms_hash_token(user_token) + cached = self._cache_get(token_id) if cached: return cached if cms.is_ans1_token(user_token): @@ -480,7 +481,7 @@ class AuthProtocol(object): data = json.loads(verified) else: data = self.verify_uuid_token(user_token, retry) - self._cache_put(user_token, data) + self._cache_put(token_id, data) return data except Exception as e: LOG.debug('Token validation failure.', exc_info=True) diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py index 01b4070f..77c4a0cb 100644 --- a/tests/test_auth_token_middleware.py +++ b/tests/test_auth_token_middleware.py @@ -36,6 +36,9 @@ REVOKED_TOKEN_HASH = None SIGNED_REVOCATION_LIST = None SIGNED_TOKEN_SCOPED = None SIGNED_TOKEN_UNSCOPED = None +SIGNED_TOKEN_SCOPED_KEY = None +SIGNED_TOKEN_UNSCOPED_KEY = None + VALID_SIGNED_REVOCATION_LIST = None UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d" @@ -155,11 +158,15 @@ def setUpModule(self): with open(os.path.join(signing_path, 'revocation_list.pem')) as f: self.VALID_SIGNED_REVOCATION_LIST = jsonutils.dumps( {'signed': f.read()}) + self.SIGNED_TOKEN_SCOPED_KEY =\ + cms.cms_hash_token(self.SIGNED_TOKEN_SCOPED) + self.SIGNED_TOKEN_UNSCOPED_KEY =\ + cms.cms_hash_token(self.SIGNED_TOKEN_UNSCOPED) - self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED] = { + self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_KEY] = { 'access': { 'token': { - 'id': self.SIGNED_TOKEN_SCOPED, + 'id': self.SIGNED_TOKEN_SCOPED_KEY, }, 'user': { 'id': 'user_id1', @@ -174,10 +181,10 @@ def setUpModule(self): }, } - self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED] = { + self.TOKEN_RESPONSES[SIGNED_TOKEN_UNSCOPED_KEY] = { 'access': { 'token': { - 'id': self.SIGNED_TOKEN_UNSCOPED, + 'id': SIGNED_TOKEN_UNSCOPED_KEY, }, 'user': { 'id': 'user_id1', @@ -198,7 +205,7 @@ class FakeMemcache(object): self.token_expiration = None def get(self, key): - data = TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED].copy() + data = TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED_KEY].copy() if not data or key != "tokens/%s" % (data['access']['token']['id']): return if not self.token_expiration: |