diff options
Diffstat (limited to 'keystone/token/backends/sql.py')
| -rw-r--r-- | keystone/token/backends/sql.py | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/keystone/token/backends/sql.py b/keystone/token/backends/sql.py index 82eab651..5d24fb4f 100644 --- a/keystone/token/backends/sql.py +++ b/keystone/token/backends/sql.py @@ -78,7 +78,8 @@ class Token(sql.Base, token.Driver): token_ref.valid = False session.flush() - def delete_tokens(self, user_id, tenant_id=None, trust_id=None): + def delete_tokens(self, user_id, tenant_id=None, trust_id=None, + consumer_id=None): """Deletes all tokens in one session The user_id will be ignored if the trust_id is specified. user_id @@ -103,6 +104,11 @@ class Token(sql.Base, token.Driver): token_ref_dict = token_ref.to_dict() if not self._tenant_matches(tenant_id, token_ref_dict): continue + if consumer_id: + token_ref_dict = token_ref.to_dict() + if not self._consumer_matches(consumer_id, token_ref_dict): + continue + token_ref.valid = False session.flush() @@ -112,6 +118,13 @@ class Token(sql.Base, token.Driver): (token_ref_dict.get('tenant') and token_ref_dict['tenant'].get('id') == tenant_id)) + def _consumer_matches(self, consumer_id, token_ref_dict): + if consumer_id is None: + return True + else: + oauth = token_ref_dict['token_data']['token'].get('OS-OAUTH1', {}) + return oauth and oauth['consumer_id'] == consumer_id + def _list_tokens_for_trust(self, trust_id): session = self.get_session() tokens = [] @@ -141,9 +154,29 @@ class Token(sql.Base, token.Driver): tokens.append(token_ref['id']) return tokens - def list_tokens(self, user_id, tenant_id=None, trust_id=None): + def _list_tokens_for_consumer(self, user_id, consumer_id): + tokens = [] + session = self.get_session() + with session.begin(): + now = timeutils.utcnow() + query = session.query(TokenModel) + query = query.filter(TokenModel.expires > now) + query = query.filter(TokenModel.user_id == user_id) + token_references = query.filter_by(valid=True) + + for token_ref in token_references: + token_ref_dict = token_ref.to_dict() + if self._consumer_matches(consumer_id, token_ref_dict): + tokens.append(token_ref_dict['id']) + session.flush() + return tokens + + def list_tokens(self, user_id, tenant_id=None, trust_id=None, + consumer_id=None): if trust_id: return self._list_tokens_for_trust(trust_id) + if consumer_id: + return self._list_tokens_for_consumer(user_id, consumer_id) else: return self._list_tokens_for_user(user_id, tenant_id) |