openstack/keystonemiddleware
Code Issues Proposed changes

Revert "Don't cache signed tokens"

Browse Source 
This reverts commit 5ba3d06b2063e10cf30dafd3bd6886f8fc24244d.

This caused conflicts in the revert of
f27d7f7 (Disable memory caching of tokens), so to make the revert
clean we'll also revert this one.

We'll consider re-applying this change. (Seems fine to me.)

Change-Id: I7ac9748dd8118f3490615a5f7b923760e1ee251e
This commit is contained in:
Brant Knudson 2016-01-22 09:49:47 -06:00
parent 63f0fc3e61
commit f57a839909
2 changed files with 15 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
keystonemiddleware/auth_token/__init__.py
View File

@ -809,28 +809,26 @@ class AuthProtocol(BaseAuthProtocol):
:raises exc.InvalidToken: if token is rejected
"""
data = None
token_hashes = None
try:
token_hashes = self._token_hashes(token)
offline_data = self._validate_offline(token, token_hashes)
if offline_data:
# NOTE(jamielennox): If we've validated a PKI token we don't
# need to cache it, and revocation check was already performed.
return offline_data
cached = self._token_cache.get_first(*token_hashes)
if cached:
data = cached
if self._check_revocations_for_cached:
# A token might have been revoked, regardless of initial
# mechanism used to validate it, and needs to be checked.
self._revocations.check(token_hashes)
else:
data = self._validate_offline(token, token_hashes)
if not data:
data = self._identity_server.verify_token(token)
return cached
data = self._identity_server.verify_token(token)
self._token_cache.store(token_hashes[0], data)
return data
self._token_cache.store(token_hashes[0], data)
except (ksa_exceptions.ConnectFailure,
ksa_exceptions.RequestTimeout,
@ -848,6 +846,8 @@ class AuthProtocol(BaseAuthProtocol):
self.log.critical(_LC('Unable to validate token'), exc_info=True)
raise webob.exc.HTTPInternalServerError()
return data
def _validate_offline(self, token, token_hashes):
try:
if cms.is_pkiz(token):

21
keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
View File

@ -1015,7 +1015,7 @@ class CommonAuthTokenMiddlewareTest(object):
def test_memcache(self):
self.mock_memcache()
self.set_middleware(conf={'memcached_servers': ['127.0.0.1:4444']})
token = self.token_dict['uuid_token_default']
token = self.token_dict['signed_token_scoped']
self.call_middleware(headers={'X-Auth-Token': token})
self.assertIsNotNone(self._get_cached_token(token))
@ -1048,7 +1048,7 @@ class CommonAuthTokenMiddlewareTest(object):
conf.update(extra_conf)
self.set_middleware(conf=conf)
token = self.token_dict['uuid_token_default']
token = self.token_dict['signed_token_scoped']
self.call_middleware(headers={'X-Auth-Token': token})
req = webob.Request.blank('/')
@ -1275,7 +1275,7 @@ class CommonAuthTokenMiddlewareTest(object):
orig_cache_set = cache.set
cache.set = mock.Mock(side_effect=orig_cache_set)
token = self.token_dict['uuid_token_default']
token = self.token_dict['signed_token_scoped']
self.call_middleware(headers={'X-Auth-Token': token})
@ -1286,21 +1286,6 @@ class CommonAuthTokenMiddlewareTest(object):
# Assert that the token wasn't cached again.
self.assertThat(1, matchers.Equals(cache.set.call_count))
def test_dont_cache_pki_tokens(self):
cache = mock.Mock()
cache.get.return_value = '{}'
self.middleware._token_cache._env_cache_name = 'cache'
self.middleware._token_cache.initialize(env={'cache': cache})
token = self.token_dict['signed_token_scoped']
resp = self.call_middleware(headers={'X-Auth-Token': token})
self.assertEqual(200, resp.status_int)
cache.get.assert_not_called()
cache.set.assert_not_called()
def test_auth_plugin(self):
for service_url in (self.examples.UNVERSIONED_SERVICE_URL,