Fix Bug 917: Revoke NBI's Auth token once user is deleted 23/8323/1
authordelacruzramo <pedro.delacruzramos@altran.com>
Wed, 4 Dec 2019 12:42:26 +0000 (13:42 +0100)
committerdelacruzramo <pedro.delacruzramos@altran.com>
Wed, 4 Dec 2019 15:42:51 +0000 (16:42 +0100)
Change-Id: I1060af8065d95beab5b9dc3be27abc8e3601f3e8
Signed-off-by: delacruzramo <pedro.delacruzramos@altran.com>
osm_nbi/authconn_internal.py
osm_nbi/engine.py
osm_nbi/nbi.py

index da5e543..50a2123 100644 (file)
@@ -317,7 +317,11 @@ class AuthconnInternal(Authconn):
                         pass
                     except ValueError:
                         pass
-        self.db.set_one("users", {BaseTopic.id_field("users", uid): uid}, user_data)   # CONFIRM
+        idf = BaseTopic.id_field("users", uid)
+        self.db.set_one("users", {idf: uid}, user_data)
+        if user_info.get("remove_project_role_mappings"):
+            self.db.del_list("tokens", {"user_id" if idf == "_id" else idf: uid})
+            self.token_cache.clear()
 
     def delete_user(self, user_id):
         """
@@ -327,6 +331,8 @@ class AuthconnInternal(Authconn):
         :raises AuthconnOperationException: if user deletion failed.
         """
         self.db.del_one("users", {"_id": user_id})
+        self.db.del_list("tokens", {"user_id": user_id})
+        self.token_cache.clear()
         return True
 
     def get_user_list(self, filter_q=None):
index f9fb1e7..5bdbb7e 100644 (file)
@@ -68,7 +68,7 @@ class Engine(object):
         # Add new versions here
     }
 
-    def __init__(self):
+    def __init__(self, token_cache):
         self.db = None
         self.fs = None
         self.msg = None
@@ -78,6 +78,7 @@ class Engine(object):
         self.logger = logging.getLogger("nbi.engine")
         self.map_topic = {}
         self.write_lock = None
+        self.token_cache = token_cache
 
     def start(self, config):
         """
@@ -126,7 +127,7 @@ class Engine(object):
                 if config["authentication"]["backend"] == "keystone":
                     self.auth = AuthconnKeystone(config["authentication"], self.db, None)
                 else:
-                    self.auth = AuthconnInternal(config["authentication"], self.db, dict())
+                    self.auth = AuthconnInternal(config["authentication"], self.db, self.token_cache)
             if not self.operations:
                 if "resources_to_operations" in config["rbac"]:
                     resources_to_operations_file = config["rbac"]["resources_to_operations"]
index ac30a37..b7a2c13 100644 (file)
@@ -482,8 +482,8 @@ class Server(object):
 
     def __init__(self):
         self.instance += 1
-        self.engine = Engine()
         self.authenticator = Authenticator(valid_url_methods, valid_query_string)
+        self.engine = Engine(self.authenticator.tokens_cache)
 
     def _format_in(self, kwargs):
         try: