diff options
author | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2012-11-29 16:56:26 +0100 |
---|---|---|
committer | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2012-11-29 17:27:05 +0100 |
commit | f59b78503c3e6ee39d13a0b1a959784cccca5da6 (patch) | |
tree | ea5d07cfda391d87299f09584b3c67a54319769a | |
parent | 1ddc5940e52d8db00ba204f99679bc5a271c425b (diff) | |
download | ecs2-f59b78503c3e6ee39d13a0b1a959784cccca5da6.tar.gz ecs2-f59b78503c3e6ee39d13a0b1a959784cccca5da6.zip |
Moved gc auth code to auths model.
Further made some testcode for auths handling.
-rw-r--r-- | app/models/auth.rb | 48 | ||||
-rw-r--r-- | app/models/message.rb | 21 | ||||
-rw-r--r-- | lib/tasks/ecs_garbage_collect_auths.rake | 47 | ||||
-rw-r--r-- | test/fixtures/auths.yml | 12 | ||||
-rw-r--r-- | test/fixtures/membership_messages.yml | 10 | ||||
-rw-r--r-- | test/fixtures/messages.yml | 24 | ||||
-rw-r--r-- | test/functional/messages_controller_test.rb | 15 | ||||
-rw-r--r-- | test/unit/message_test.rb | 9 |
8 files changed, 118 insertions, 68 deletions
diff --git a/app/models/auth.rb b/app/models/auth.rb index d1ce104..6ffc164 100644 --- a/app/models/auth.rb +++ b/app/models/auth.rb @@ -5,4 +5,52 @@ class Auth < ActiveRecord::Base # :joins => {:membership_messages => {:membership => :participant}}, # :order => "id ASC", # :conditions => {:participants => {:id => participant.id}}}} + + + def test_validation_window + b = JSON.parse(message.body) + sov = Time.parse(b["sov"]) + eov = Time.parse(b["eov"]) + if sov > Time.now or eov < Time.now + false + else + true + end + end + + # garbage collect outtimed authorization tokens + def self.gc_outtimed + gc_sys_auths_lock= "#{Rails.root}/tmp/gc_sys_auths.lock" + if File.exists?(gc_sys_auths_lock) + logtext= "GC: there seems to be already running a ecs:gc_sys_auths process (#{gc_sys_auths_lock}). Aborting." + logger.info logtext + puts logtext unless Rails.env.test? + else + begin + File.open(gc_sys_auths_lock,"w") do |f| + f.puts "#{Process.pid}" + end + logtext= "GC: Searching for outtimed auths ..." + logger.info logtext + puts logtext unless Rails.env.test? + Auth.all.each do |auth| + if ! auth.test_validation_window + auth.message.destroy_as_sender + logtext= "GC: garbage collect auths token: #{auth.one_touch_hash}" + logger.info logtext + puts logtext unless Rails.env.test? + end + end + logtext= "GC: Searching for outtimed auths done." + logger.info logtext + puts logtext unless Rails.env.test? + ensure + begin + File.delete(gc_sys_auths_lock) + rescue + end + end + end + end + end diff --git a/app/models/message.rb b/app/models/message.rb index 8f225df..ca4c306 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -163,18 +163,6 @@ class Message < ActiveRecord::Base end end - def test_auths_validation_window - b = JSON.parse(body) - sov = Time.parse(b["sov"]) - eov = Time.parse(b["eov"]) - if sov > Time.now or eov < Time.now - false - else - true - end - end - - def self.filter(action_name, app_namespace, ressource_name, record, params) d="filter/#{app_namespace}/#{ressource_name}/#{action_name}/*" filters=Dir[d].collect{|f| File.directory?(f) ? f : nil}.compact @@ -291,23 +279,22 @@ class Message < ActiveRecord::Base resource_name == 'auths' and !memberships.empty? and !participant.sender?(self) and - !test_auths_validation_window + !auth.test_validation_window end - def valid_auths_resource_fetched_by_non_owner?(app_namespace, resource_name, memberships, participant) app_namespace == 'sys' and resource_name == 'auths' and !memberships.empty? and - !participant.sender?(@record) and - test_auths_validation_window + !participant.sender?(self) and + auth.test_validation_window end def valid_no_auths_resource_fetched_by_non_owner?(app_namespace, resource_name, memberships, participant) app_namespace != 'sys' and ressource_name != 'auths' and !memberships.empty? and - !participant.sender?(@record) + !participant.sender?(self) end # Helper function for create and update diff --git a/lib/tasks/ecs_garbage_collect_auths.rake b/lib/tasks/ecs_garbage_collect_auths.rake index 74ba324..c5dd29f 100644 --- a/lib/tasks/ecs_garbage_collect_auths.rake +++ b/lib/tasks/ecs_garbage_collect_auths.rake @@ -1,49 +1,6 @@ namespace :ecs do - desc "Deletes outtimed authorization tokens (needs ps system command)." + desc "Delete outtimed authorization tokens." task :gc_sys_auths => :environment do - gc_sys_auths_pid= "#{Rails.root}/tmp/pids/gc_sys_auths.pid" - if File.exists?(gc_sys_auths_pid) - pid= "" - gc_sys_auths_is_running= false - File.open(gc_sys_auths_pid,"r") do |f| - pid= f.readline.strip - end - p= open("|ps ax") - p.each_line do |line| - if line.index(pid) - gc_sys_auths_is_running= true - break - end - end - p.close - if gc_sys_auths_is_running - RAILS_DEFAULT_LOGGER.info "GC: there seems to be already running a ecs:gc_sys_auths process (#{gc_sys_auths_pid}). Aborting." - puts "GC: there seems to be already running a ecs:gc_sys_auths process (#{gc_sys_auths_pid}). Aborting." - raise 'gc_sys_auths.pid file exists!' - end - end - File.open(gc_sys_auths_pid,"w") do |f| - f.puts "#{Process.pid}" - end - begin - RAILS_DEFAULT_LOGGER.info "GC: Searching for outtimed auths ..." - puts "GC: Searching for outtimed auths ..." - Message.all.each do |m| - if m.auth - if ! m.test_auths_validation_window - m.destroy_as_sender - RAILS_DEFAULT_LOGGER.info "GC: garbage collect auths token with id=#{m.id}." - puts "delete outtimed authorization token with id=#{m.id}" - end - end - end - RAILS_DEFAULT_LOGGER.info "GC: Searching for outtimed auths done." - puts "GC: Searching for outtimed auths done." - ensure - begin - #File.delete(gc_sys_auths_pid) - rescue - end - end + Auth.gc_outtimed end end diff --git a/test/fixtures/auths.yml b/test/fixtures/auths.yml index 6b25be8..7d9bda3 100644 --- a/test/fixtures/auths.yml +++ b/test/fixtures/auths.yml @@ -1,9 +1,9 @@ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html -one: - one_touch_hash: MyString - message_id: 1 +outtimed: + one_touch_hash: <%= Digest::SHA1.hexdigest 'one touch hash outtimed' %> + message_id: 7 -two: - one_touch_hash: MyString - message_id: 1 +valid: + one_touch_hash: <%= Digest::SHA1.hexdigest 'one touch hash valid' %> + message_id: 8 diff --git a/test/fixtures/membership_messages.yml b/test/fixtures/membership_messages.yml index dbfd8e0..0fd8e13 100644 --- a/test/fixtures/membership_messages.yml +++ b/test/fixtures/membership_messages.yml @@ -52,3 +52,13 @@ id: 7 membership_id: 4 #ulm_suv message_id: 2 #numlab_exercise_2 + +8: + id: 8 + membership_id: 2 #ulm_wuv + message_id: 7 #auth_outtimed + +9: + id: 9 + membership_id: 2 #ulm_wuv + message_id: 8 #auth_valid diff --git a/test/fixtures/messages.yml b/test/fixtures/messages.yml index 9fdebd6..3a1c46c 100644 --- a/test/fixtures/messages.yml +++ b/test/fixtures/messages.yml @@ -60,3 +60,27 @@ numlab_ulm_ex1: sender: 2 body: "Ne superschwere Aufgabe aus Ulm.\r\n" +auth_outtimed: + id: 7 + ressource: sys_auths + content_type: application/json + sender: 1 + body: "{ + \"pid\": 2, + \"sov\": \"2012-11-28T03:59:05+01:00\", + \"eov\": \"2012-11-28T04:00:10+01:00\", + \"realm\": \"<%= Digest::SHA1.hexdigest 'https://freeit.de/doc1.html' %>\" + }" + +auth_valid: + id: 8 + ressource: sys_auths + content_type: application/json + sender: 1 + body: "{ + \"pid\": 2, + \"sov\": \"2012-11-28T03:59:05+01:00\", + \"eov\": \"2030-11-28T04:00:10+01:00\", + \"realm\": \"<%= Digest::SHA1.hexdigest 'https://freeit.de/doc2.html' %>\" + }" + diff --git a/test/functional/messages_controller_test.rb b/test/functional/messages_controller_test.rb index 6d7a906..c661123 100644 --- a/test/functional/messages_controller_test.rb +++ b/test/functional/messages_controller_test.rb @@ -423,6 +423,21 @@ class MessagesControllerTest < ActionController::TestCase assert_equal "eov time is too young", assigns(:http_error).to_s end + test "delete_auths" do + @request.env["X-EcsAuthId"] = identities(:ulm_id1).name + @request.set_REQUEST_URI("/sys/auths/#{auths(:valid).one_touch_hash}") + auths_count= Auth.all.length + messages_count= Message.all.length + auth_valid_id= auths(:valid).id + message_auth_valid_id= messages(:auth_valid).id + post :destroy, { :id => auths(:valid).one_touch_hash } + assert_response 200 + assert_equal messages_count-1, Message.all.length + assert_equal auths_count-1, Auth.all.length + assert_raise(ActiveRecord::RecordNotFound){Auth.find(auth_valid_id)} + assert_raise(ActiveRecord::RecordNotFound){Message.find(message_auth_valid_id)} + end + # anonymous clients # diff --git a/test/unit/message_test.rb b/test/unit/message_test.rb index 928f3bc..9a94c77 100644 --- a/test/unit/message_test.rb +++ b/test/unit/message_test.rb @@ -101,4 +101,13 @@ class MessageTest < ActiveSupport::TestCase assert_equal participants(:ilias_stgt).id, json["pid"] end end + + test "gc_outtimed_auths" do + auths_count= Auth.all.length + messages_count= Message.all.length + Auth.gc_outtimed + assert_equal messages_count-1, Message.all.length + assert_equal auths_count-1, Auth.all.length + assert_raise(ActiveRecord::RecordNotFound){auths(:outtimed)} + end end |