Commit bb337c17 authored by ale's avatar ale

protect access to cache with a mutex

parent 381b994b
......@@ -11,6 +11,23 @@ from sso_server.auth import AuthBase
log = logging.getLogger(__name__)
class _CredentialsCache(dict):
def __init__(self):
self._lock = threading.Lock()
self._data = {'pwcache': {}, 'otpcache': {}, 'grpcache': {}}
def update(self, pwcache, otpcache, grpcache):
with self._lock:
self._data['pwcache'] = pwcache
self._data['otpcache'] = otpcache
self._data['grpcache'] = grpcache
def get(self, tag):
with self._lock:
return self._data[tag]
class Updater(threading.Thread):
def __init__(self, auth_cache):
......@@ -35,9 +52,7 @@ class Updater(threading.Thread):
if user.totp_key:
otpcache[user.name] = user.totp_key
grpcache[user.name] = set(x.name for x in user.groups)
self.auth_cache['pwcache'] = pwcache
self.auth_cache['otpcache'] = otpcache
self.auth_cache['grpcache'] = grpcache
self.auth_cache.update(pwcache, otpcache, grpcache)
class Auth(AuthBase):
......@@ -49,14 +64,14 @@ class Auth(AuthBase):
# Setup MachDB.
mdb.init()
self.auth_cache = {'pwcache': {}, 'grpcache': {}, 'otpcache': {}}
self.auth_cache = _CredentialsCache()
updater = Updater(self.auth_cache)
updater.setDaemon(True)
updater.start()
def authenticate(self, username, password, otp=None):
pwcache = self.auth_cache['pwcache']
totp_key = self.auth_cache['otpcache'].get(username)
pwcache = self.auth_cache.get('pwcache')
totp_key = self.auth_cache.get('otpcache').get(username)
if (username in pwcache and
crypt.crypt(password, pwcache[username]) == pwcache[username]):
if totp_key:
......@@ -68,7 +83,7 @@ class Auth(AuthBase):
return False
def match_groups(self, username, groups):
user_groups = self.auth_cache['grpcache'].get(username, set())
user_groups = self.auth_cache.get('grpcache').get(username, set())
user_groups.intersection_update(groups)
return user_groups
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment