[Kimchi-devel] [PATCH] auth enhancement: expire the session when the request periodic access

shaohef at linux.vnet.ibm.com shaohef at linux.vnet.ibm.com
Mon Mar 3 14:54:21 UTC 2014 

From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>

Now UI will periodic access the vms and host.
The will never make the session be timeout.
This patch fix this problem.
Now the UI can set "User-Agent" as "kimchi-robot" when it want to
periodic access the vms and host.
If the "User-Agent" starts with "kimchi-robot" for a long time, kimchi
will expire the session.

A UI patch will send later.

Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
---
 src/kimchi/auth.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index f8ccea1..b1c08db 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -22,6 +22,7 @@ import cherrypy
 import grp
 import PAM
 import re
+import time
 
 
 from kimchi import template
@@ -32,6 +33,7 @@ from kimchi.utils import run_command
 USER_ID = 'userid'
 USER_GROUPS = 'groups'
 USER_SUDO = 'sudo'
+REFRESH = 'robot-refresh'
 
 
 def debug(msg):
@@ -131,6 +133,13 @@ def check_auth_session():
     cherrypy.session.release_lock()
     if session is not None:
         debug("Session authenticated for user %s" % session)
+        userAgent = cherrypy.request.headers.get('User-Agent')
+        if userAgent.startswith("kimchi-robot"):
+            if (time.time() - cherrypy.session[REFRESH] >
+               cherrypy.session.timeout * 60):
+                cherrypy.lib.sessions.expire()
+        else:
+            cherrypy.session[REFRESH] = time.time()
         return True
 
     debug("Session not found")
@@ -172,6 +181,7 @@ def login(userid, password):
     cherrypy.session[USER_ID] = userid
     cherrypy.session[USER_GROUPS] = user.get_groups()
     cherrypy.session[USER_SUDO] = user.has_sudo()
+    cherrypy.session[REFRESH] = time.time()
     cherrypy.session.release_lock()
     return user.get_user()
 
@@ -179,6 +189,7 @@ def login(userid, password):
 def logout():
     cherrypy.session.acquire_lock()
     cherrypy.session[USER_ID] = None
+    cherrypy.session[REFRESH] = 0
     cherrypy.session.release_lock()
     cherrypy.lib.sessions.expire()
 
-- 
1.8.4.2

More information about the Kimchi-devel mailing list