[Kimchi-devel] [PATCH V2 1/2] auth enhancement: expire the session when the request access periodically
shaohef at linux.vnet.ibm.com
shaohef at linux.vnet.ibm.com
Tue Mar 4 09:45:47 UTC 2014
From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
Now UI will access the vms and host periodically.
That will never make the session expire.
This patch fix this problem.
Now the UI can set "Kimchi-Robot" header when it wants to access the vms
and host periodically.
If the all requests with "Kimchi-Robot" header access for a long time, kimchi
will expire the session.
Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
---
src/kimchi/auth.py | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index f8ccea1..8a07e05 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -22,6 +22,7 @@ import cherrypy
import grp
import PAM
import re
+import time
from kimchi import template
@@ -32,6 +33,7 @@ from kimchi.utils import run_command
USER_ID = 'userid'
USER_GROUPS = 'groups'
USER_SUDO = 'sudo'
+REFRESH = 'robot-refresh'
def debug(msg):
@@ -131,6 +133,15 @@ def check_auth_session():
cherrypy.session.release_lock()
if session is not None:
debug("Session authenticated for user %s" % session)
+ kimchiRobot = cherrypy.request.headers.get('Kimchi-Robot')
+ if kimchiRobot and kimchiRobot.startswith("kimchi-robot"):
+ if (time.time() - cherrypy.session[REFRESH] >
+ cherrypy.session.timeout * 60):
+ cherrypy.session[USER_ID] = None
+ cherrypy.lib.sessions.expire()
+ raise cherrypy.HTTPError(403)
+ else:
+ cherrypy.session[REFRESH] = time.time()
return True
debug("Session not found")
@@ -172,6 +183,7 @@ def login(userid, password):
cherrypy.session[USER_ID] = userid
cherrypy.session[USER_GROUPS] = user.get_groups()
cherrypy.session[USER_SUDO] = user.has_sudo()
+ cherrypy.session[REFRESH] = time.time()
cherrypy.session.release_lock()
return user.get_user()
@@ -179,6 +191,7 @@ def login(userid, password):
def logout():
cherrypy.session.acquire_lock()
cherrypy.session[USER_ID] = None
+ cherrypy.session[REFRESH] = 0
cherrypy.session.release_lock()
cherrypy.lib.sessions.expire()
--
1.8.4.2
More information about the Kimchi-devel
mailing list