Univention Bugzilla – Attachment 10135 Details for
Bug 49929
UMC creates unnecessary amounts of sessions
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
possible patch
patch_lock_auth (text/plain), 2.89 KB, created by
Jürn Brodersen
on 2019-07-29 11:18:10 CEST
(
hide
)
Description:
possible patch
Filename:
MIME Type:
Creator:
Jürn Brodersen
Created:
2019-07-29 11:18:10 CEST
Size:
2.89 KB
patch
obsolete
>From 7509b157e9c02ed05c0c3454b6d829402aca8fdb Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?J=C3=BCrn=20Brodersen?= <brodersen@univention.de> >Date: Thu, 25 Jul 2019 21:53:49 +0200 >Subject: Lock auth > > >diff --git a/management/univention-management-console/univention-management-console-web-server b/management/univention-management-console/univention-management-console-web-server >index f3b25c92f3..9670dad339 100755 >--- a/management/univention-management-console/univention-management-console-web-server >+++ b/management/univention-management-console/univention-management-console-web-server >@@ -616,6 +616,8 @@ class Ressource(object): > # we must not change the session ID cookie as this might cause > # race conditions in the frontend during login, especially when logged in via SAML > return self.get_session_id() >+ CORE.process('new_sID') >+ CORE.process(str(traceback.format_stack())) > if random: > return str(uuid.uuid4()) > return sessionidhash() >@@ -699,6 +701,10 @@ class Ressource(object): > > class CPgeneric(Ressource): > >+ def __init__(self): >+ self._auth_lock = threading.Lock() >+ super(CPgeneric, self).__init__() >+ > def get_request(self, path, args): > return Request(['generic'], opts={}) > >@@ -740,7 +746,10 @@ class CPgeneric(Ressource): > def default(self, *path, **kwargs): > self._log('info', 'got new request') > self.check_saml_session_validity() >- return self.get_response(self.create_sessionid(), path, self.get_arguments(kwargs)) >+ with self._auth_lock: >+ sessionid = self.get_session_id() >+ self.ensure_auth(sessionid) >+ return self.get_response(sessionid, path, self.get_arguments(kwargs)) > > def get_arguments(self, kwargs): > if cherrypy.request.headers.get('Content-Type', '').startswith('application/json'): # normal (json) request >@@ -760,22 +769,24 @@ class CPgeneric(Ressource): > args['flavor'] = kwargs['flavor'] > return args > >- def get_response(self, sessionid, path, args): >- # create new UMCP request >- req = self.get_request('/'.join(path), args) >- >+ def ensure_auth(self, sessionid): > user = self.get_user() >+ CORE.process('ensure_auth') > client = UMCP_Dispatcher.sessions.get(sessionid) > if user and (user.password or user.saml) and (not client or client and (not client._auth_response or client._auth_response.status != 200)): > auth = Request('AUTH') > auth.body = {'username': user.username, 'password': user.saml.message if user.saml else user.password, 'auth_type': "SAML" if user.saml else None} > try: >+ CORE.process('auth') > self.make_queue_request(sessionid, auth) > self.set_session(sessionid, user.username, password=user.password) > except UMC_HTTPError: > self.expire_session() > raise > >+ def get_response(self, sessionid, path, args): >+ # create new UMCP request >+ req = self.get_request('/'.join(path), args) > response = self.make_queue_request(sessionid, req) > body = response.body > if response.mimetype == 'application/json':
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10135">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 49929
: 10135