From: delacruzramo Date: Wed, 4 Dec 2019 12:42:26 +0000 (+0100) Subject: Fix Bug 917: Revoke NBI's Auth token once user is deleted X-Git-Tag: v7.0.0rc1~3 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F23%2F8323%2F1;p=osm%2FNBI.git Fix Bug 917: Revoke NBI's Auth token once user is deleted Change-Id: I1060af8065d95beab5b9dc3be27abc8e3601f3e8 Signed-off-by: delacruzramo --- diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py index da5e543..50a2123 100644 --- a/osm_nbi/authconn_internal.py +++ b/osm_nbi/authconn_internal.py @@ -317,7 +317,11 @@ class AuthconnInternal(Authconn): pass except ValueError: pass - self.db.set_one("users", {BaseTopic.id_field("users", uid): uid}, user_data) # CONFIRM + idf = BaseTopic.id_field("users", uid) + self.db.set_one("users", {idf: uid}, user_data) + if user_info.get("remove_project_role_mappings"): + self.db.del_list("tokens", {"user_id" if idf == "_id" else idf: uid}) + self.token_cache.clear() def delete_user(self, user_id): """ @@ -327,6 +331,8 @@ class AuthconnInternal(Authconn): :raises AuthconnOperationException: if user deletion failed. """ self.db.del_one("users", {"_id": user_id}) + self.db.del_list("tokens", {"user_id": user_id}) + self.token_cache.clear() return True def get_user_list(self, filter_q=None): diff --git a/osm_nbi/engine.py b/osm_nbi/engine.py index f9fb1e7..5bdbb7e 100644 --- a/osm_nbi/engine.py +++ b/osm_nbi/engine.py @@ -68,7 +68,7 @@ class Engine(object): # Add new versions here } - def __init__(self): + def __init__(self, token_cache): self.db = None self.fs = None self.msg = None @@ -78,6 +78,7 @@ class Engine(object): self.logger = logging.getLogger("nbi.engine") self.map_topic = {} self.write_lock = None + self.token_cache = token_cache def start(self, config): """ @@ -126,7 +127,7 @@ class Engine(object): if config["authentication"]["backend"] == "keystone": self.auth = AuthconnKeystone(config["authentication"], self.db, None) else: - self.auth = AuthconnInternal(config["authentication"], self.db, dict()) + self.auth = AuthconnInternal(config["authentication"], self.db, self.token_cache) if not self.operations: if "resources_to_operations" in config["rbac"]: resources_to_operations_file = config["rbac"]["resources_to_operations"] diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py index ac30a37..b7a2c13 100644 --- a/osm_nbi/nbi.py +++ b/osm_nbi/nbi.py @@ -482,8 +482,8 @@ class Server(object): def __init__(self): self.instance += 1 - self.engine = Engine() self.authenticator = Authenticator(valid_url_methods, valid_query_string) + self.engine = Engine(self.authenticator.tokens_cache) def _format_in(self, kwargs): try: