Fix Bug 917: Revoke NBI's Auth token once user is deleted

Change-Id: I1060af8065d95beab5b9dc3be27abc8e3601f3e8
Signed-off-by: delacruzramo <pedro.delacruzramos@altran.com>

diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index da5e543..50a2123 100644 (file)
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py
@@ -317,7 +317,11 @@ class AuthconnInternal(Authconn):
                         pass
                     except ValueError:
                         pass
                         pass
                     except ValueError:
                         pass

-        self.db.set_one("users", {BaseTopic.id_field("users", uid): uid}, user_data)   # CONFIRM
+        idf = BaseTopic.id_field("users", uid)
+        self.db.set_one("users", {idf: uid}, user_data)
+        if user_info.get("remove_project_role_mappings"):
+            self.db.del_list("tokens", {"user_id" if idf == "_id" else idf: uid})
+            self.token_cache.clear()

 
     def delete_user(self, user_id):
         """
 
     def delete_user(self, user_id):
         """


@@ -327,6 +331,8 @@ class AuthconnInternal(Authconn):
         :raises AuthconnOperationException: if user deletion failed.
         """
         self.db.del_one("users", {"_id": user_id})
         :raises AuthconnOperationException: if user deletion failed.
         """
         self.db.del_one("users", {"_id": user_id})

+        self.db.del_list("tokens", {"user_id": user_id})
+        self.token_cache.clear()

         return True
 
     def get_user_list(self, filter_q=None):
         return True
 
     def get_user_list(self, filter_q=None):

diff --git a/osm_nbi/engine.py b/osm_nbi/engine.py
index f9fb1e7..5bdbb7e 100644 (file)
--- a/osm_nbi/engine.py
+++ b/osm_nbi/engine.py
@@ -68,7 +68,7 @@ class Engine(object):
         # Add new versions here
     }
 
         # Add new versions here
     }
 

-    def __init__(self):
+    def __init__(self, token_cache):

         self.db = None
         self.fs = None
         self.msg = None
         self.db = None
         self.fs = None
         self.msg = None


@@ -78,6 +78,7 @@ class Engine(object):
         self.logger = logging.getLogger("nbi.engine")
         self.map_topic = {}
         self.write_lock = None
         self.logger = logging.getLogger("nbi.engine")
         self.map_topic = {}
         self.write_lock = None

+        self.token_cache = token_cache

 
     def start(self, config):
         """
 
     def start(self, config):
         """


@@ -126,7 +127,7 @@ class Engine(object):
                 if config["authentication"]["backend"] == "keystone":
                     self.auth = AuthconnKeystone(config["authentication"], self.db, None)
                 else:
                 if config["authentication"]["backend"] == "keystone":
                     self.auth = AuthconnKeystone(config["authentication"], self.db, None)
                 else:

-                    self.auth = AuthconnInternal(config["authentication"], self.db, dict())
+                    self.auth = AuthconnInternal(config["authentication"], self.db, self.token_cache)

             if not self.operations:
                 if "resources_to_operations" in config["rbac"]:
                     resources_to_operations_file = config["rbac"]["resources_to_operations"]
             if not self.operations:
                 if "resources_to_operations" in config["rbac"]:
                     resources_to_operations_file = config["rbac"]["resources_to_operations"]

diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py
index ac30a37..b7a2c13 100644 (file)
--- a/osm_nbi/nbi.py
+++ b/osm_nbi/nbi.py
@@ -482,8 +482,8 @@ class Server(object):
 
     def __init__(self):
         self.instance += 1
 
     def __init__(self):
         self.instance += 1

-        self.engine = Engine()

         self.authenticator = Authenticator(valid_url_methods, valid_query_string)
         self.authenticator = Authenticator(valid_url_methods, valid_query_string)

+        self.engine = Engine(self.authenticator.tokens_cache)

 
     def _format_in(self, kwargs):
         try:
 
     def _format_in(self, kwargs):
         try: