[Kimchi-devel] [PATCH] auth enhancement: expire the session when the request periodic access
From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
Now UI will periodic access the vms and host.
The will never make the session be timeout.
This patch fix this problem.
Now the UI can set "User-Agent" as "kimchi-robot" when it want to
periodic access the vms and host.
If the "User-Agent" starts with "kimchi-robot" for a long time,
kimchi
will expire the session.
A UI patch will send later.
Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
---
src/kimchi/auth.py | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index f8ccea1..b1c08db 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -22,6 +22,7 @@ import cherrypy
import grp
import PAM
import re
+import time
from kimchi import template
@@ -32,6 +33,7 @@ from kimchi.utils import run_command
USER_ID = 'userid'
USER_GROUPS = 'groups'
USER_SUDO = 'sudo'
+REFRESH = 'robot-refresh'
def debug(msg):
@@ -131,6 +133,13 @@ def check_auth_session():
cherrypy.session.release_lock()
if session is not None:
debug("Session authenticated for user %s" % session)
+ userAgent = cherrypy.request.headers.get('User-Agent')
+ if userAgent.startswith("kimchi-robot"):
+ if (time.time() - cherrypy.session[REFRESH] >
+ cherrypy.session.timeout * 60):
+ cherrypy.lib.sessions.expire()
+ else:
+ cherrypy.session[REFRESH] = time.time()
return True
debug("Session not found")
@@ -172,6 +181,7 @@ def login(userid, password):
cherrypy.session[USER_ID] = userid
cherrypy.session[USER_GROUPS] = user.get_groups()
cherrypy.session[USER_SUDO] = user.has_sudo()
+ cherrypy.session[REFRESH] = time.time()
cherrypy.session.release_lock()
return user.get_user()
@@ -179,6 +189,7 @@ def login(userid, password):
def logout():
cherrypy.session.acquire_lock()
cherrypy.session[USER_ID] = None
+ cherrypy.session[REFRESH] = 0
cherrypy.session.release_lock()
cherrypy.lib.sessions.expire()
--
1.8.4.2