diff options
| author | Maxim Devaev <[email protected]> | 2024-01-08 23:50:38 +0200 |
|---|---|---|
| committer | Maxim Devaev <[email protected]> | 2024-01-08 23:50:38 +0200 |
| commit | 0676a3cee927e96693773369a458acbd7ed786bc (patch) | |
| tree | 3bae0fd998b49af7d3eb25ebe38c355c17bf7aac | |
| parent | f355c38fe18968475bce1b04b1b1b22fae37ff23 (diff) | |
unique token for each separate logins
| -rw-r--r-- | kvmd/apps/kvmd/auth.py | 14 | ||||
| -rw-r--r-- | testenv/tests/apps/kvmd/test_auth.py | 37 |
2 files changed, 32 insertions, 19 deletions
diff --git a/kvmd/apps/kvmd/auth.py b/kvmd/apps/kvmd/auth.py index 4571884b..53b1d532 100644 --- a/kvmd/apps/kvmd/auth.py +++ b/kvmd/apps/kvmd/auth.py @@ -117,9 +117,6 @@ class AuthManager: assert user assert self.__enabled if (await self.authorize(user, passwd)): - for (token, token_user) in self.__tokens.items(): - if user == token_user: - return token token = self.__make_new_token() self.__tokens[token] = user get_logger().info("Logged in user %r", user) @@ -136,9 +133,14 @@ class AuthManager: def logout(self, token: str) -> None: assert self.__enabled - user = self.__tokens.pop(token, "") - if user: - get_logger().info("Logged out user %r", user) + if token in self.__tokens: + user = self.__tokens[token] + count = 0 + for (r_token, r_user) in list(self.__tokens.items()): + if r_user == user: + count += 1 + del self.__tokens[r_token] + get_logger().info("Logged out user %r (%d)", user, count) def check(self, token: str) -> (str | None): assert self.__enabled diff --git a/testenv/tests/apps/kvmd/test_auth.py b/testenv/tests/apps/kvmd/test_auth.py index 12be04a1..402c9273 100644 --- a/testenv/tests/apps/kvmd/test_auth.py +++ b/testenv/tests/apps/kvmd/test_auth.py @@ -100,19 +100,30 @@ async def test_ok__internal(tmpdir) -> None: # type: ignore assert (await manager.login("admin", "foo")) is None assert (await manager.login("user", "pass")) is None - token = await manager.login("admin", "pass") - assert isinstance(token, str) - assert len(token) == 64 - - again = await manager.login("admin", "pass") - assert token == again - - assert manager.check(token) == "admin" - manager.logout(token) - assert manager.check(token) is None - - again = await manager.login("admin", "pass") - assert token != again + token1 = await manager.login("admin", "pass") + assert isinstance(token1, str) + assert len(token1) == 64 + + token2 = await manager.login("admin", "pass") + assert isinstance(token2, str) + assert len(token2) == 64 + assert token1 != token2 + + assert manager.check(token1) == "admin" + assert manager.check(token2) == "admin" + assert manager.check("foobar") is None + + manager.logout(token1) + + assert manager.check(token1) is None + assert manager.check(token2) is None + assert manager.check("foobar") is None + + token3 = await manager.login("admin", "pass") + assert isinstance(token3, str) + assert len(token3) == 64 + assert token1 != token3 + assert token2 != token3 @pytest.mark.asyncio |