Gitiles
Code Review Sign In
osm.etsi.org / osm / NBI / 3d6881c23aea64d391e1e648c615f9dbd89e00ad^! / .
commit3d6881c23aea64d391e1e648c615f9dbd89e00ad[log] [tgz]
authordelacruzramo <pedro.delacruzramos@altran.com>Wed Dec 04 13:42:26 2019 +0100
committerdelacruzramo <pedro.delacruzramos@altran.com>Wed Dec 04 16:42:51 2019 +0100
treea9de4c4a94d1511c976b8309868518c6e21f0317
parent332e080919376d26f7bb98478d9ebe14b73f4d03 [diff]
Fix Bug 917: Revoke NBI's Auth token once user is deleted

Change-Id: I1060af8065d95beab5b9dc3be27abc8e3601f3e8
Signed-off-by: delacruzramo <pedro.delacruzramos@altran.com>

diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index da5e543..50a2123 100644
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py

@@ -317,7 +317,11 @@
                         pass
                     except ValueError:
                         pass
-        self.db.set_one("users", {BaseTopic.id_field("users", uid): uid}, user_data)   # CONFIRM
+        idf = BaseTopic.id_field("users", uid)
+        self.db.set_one("users", {idf: uid}, user_data)
+        if user_info.get("remove_project_role_mappings"):
+            self.db.del_list("tokens", {"user_id" if idf == "_id" else idf: uid})
+            self.token_cache.clear()
 
     def delete_user(self, user_id):
         """
@@ -327,6 +331,8 @@
         :raises AuthconnOperationException: if user deletion failed.
         """
         self.db.del_one("users", {"_id": user_id})
+        self.db.del_list("tokens", {"user_id": user_id})
+        self.token_cache.clear()
         return True
 
     def get_user_list(self, filter_q=None):

diff --git a/osm_nbi/engine.py b/osm_nbi/engine.py
index f9fb1e7..5bdbb7e 100644
--- a/osm_nbi/engine.py
+++ b/osm_nbi/engine.py

@@ -68,7 +68,7 @@
         # Add new versions here
     }
 
-    def __init__(self):
+    def __init__(self, token_cache):
         self.db = None
         self.fs = None
         self.msg = None
@@ -78,6 +78,7 @@
         self.logger = logging.getLogger("nbi.engine")
         self.map_topic = {}
         self.write_lock = None
+        self.token_cache = token_cache
 
     def start(self, config):
         """
@@ -126,7 +127,7 @@
                 if config["authentication"]["backend"] == "keystone":
                     self.auth = AuthconnKeystone(config["authentication"], self.db, None)
                 else:
-                    self.auth = AuthconnInternal(config["authentication"], self.db, dict())
+                    self.auth = AuthconnInternal(config["authentication"], self.db, self.token_cache)
             if not self.operations:
                 if "resources_to_operations" in config["rbac"]:
                     resources_to_operations_file = config["rbac"]["resources_to_operations"]

diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py
index ac30a37..b7a2c13 100644
--- a/osm_nbi/nbi.py
+++ b/osm_nbi/nbi.py

@@ -482,8 +482,8 @@
 
     def __init__(self):
         self.instance += 1
-        self.engine = Engine()
         self.authenticator = Authenticator(valid_url_methods, valid_query_string)
+        self.engine = Engine(self.authenticator.tokens_cache)
 
     def _format_in(self, kwargs):
         try: