Commit 10f22751 authored by Rafael Monnerat's avatar Rafael Monnerat

registry: Add API for add/delete/is a specific Token

    addToken, isToken and DeleteToken are introduced to manage tokens created
    by other system (like SlapOS for example).

If token is present, raise conflict instead loop until timeout.
parent 834959b9
...@@ -79,10 +79,10 @@ def main(): ...@@ -79,10 +79,10 @@ def main():
_('--key', required=True, _('--key', required=True,
help="CA private key in .pem format. For example:\nopenssl" help="CA private key in .pem format. For example:\nopenssl"
" genpkey -out ca.key -algorithm rsa -pkeyopt rsa_keygen_bits:2048") " genpkey -out ca.key -algorithm rsa -pkeyopt rsa_keygen_bits:2048")
_('--mailhost', required=True, _('--mailhost', default=None,
help="SMTP host to send confirmation emails. For debugging" help="SMTP host to send confirmation emails. For debugging"
" purpose, it can also be an absolute or existing path to" " purpose, it can also be an absolute or existing path to"
" a mailbox file") " a mailbox file. If unset, registration by mail is disabled.")
_('--prefix-length', default=16, type=int, _('--prefix-length', default=16, type=int,
help="Default length of allocated prefixes." help="Default length of allocated prefixes."
" If 0, registration by email is disabled.") " If 0, registration by email is disabled.")
...@@ -102,7 +102,6 @@ def main(): ...@@ -102,7 +102,6 @@ def main():
" 3=DEBUG, 4=TRACE. Use SIGUSR1 to reopen log.") " 3=DEBUG, 4=TRACE. Use SIGUSR1 to reopen log.")
_('--min-protocol', default=version.min_protocol, type=int, _('--min-protocol', default=version.min_protocol, type=int,
help="Reject nodes that are too old. Current is %s." % version.protocol) help="Reject nodes that are too old. Current is %s." % version.protocol)
_ = parser.add_argument_group('routing').add_argument _ = parser.add_argument_group('routing').add_argument
_('--hello', type=int, default=15, _('--hello', type=int, default=15,
help="Hello interval in seconds, for both wired and wireless" help="Hello interval in seconds, for both wired and wireless"
......
...@@ -294,14 +294,28 @@ class RegistryServer(object): ...@@ -294,14 +294,28 @@ class RegistryServer(object):
" WHERE prefix=? AND cert IS NOT NULL", " WHERE prefix=? AND cert IS NOT NULL",
(client_prefix,)).next()[0] (client_prefix,)).next()[0]
@rpc @rpc_private
def requestToken(self, email): def isToken(self, token):
with self.lock:
if self.db.execute("SELECT 1 FROM token WHERE token = ?",
(token,)).fetchone():
return "1"
@rpc_private
def deleteToken(self, token):
with self.lock:
self.db.execute("DELETE FROM token WHERE token = ?", (token,))
@rpc_private
def addToken(self, email, token):
prefix_len = self.config.prefix_length prefix_len = self.config.prefix_length
if not prefix_len: if not prefix_len:
raise HTTPError(httplib.FORBIDDEN) raise HTTPError(httplib.FORBIDDEN)
request = token is None
with self.lock: with self.lock:
while True: while True:
# Generating token # Generating token
if request:
token = ''.join(random.sample(string.ascii_lowercase, 8)) token = ''.join(random.sample(string.ascii_lowercase, 8))
args = token, email, prefix_len, int(time.time()) args = token, email, prefix_len, int(time.time())
# Updating database # Updating database
...@@ -309,8 +323,18 @@ class RegistryServer(object): ...@@ -309,8 +323,18 @@ class RegistryServer(object):
self.db.execute("INSERT INTO token VALUES (?,?,?,?)", args) self.db.execute("INSERT INTO token VALUES (?,?,?,?)", args)
break break
except sqlite3.IntegrityError: except sqlite3.IntegrityError:
pass if not request:
raise HTTPError(httplib.CONFLICT)
self.timeout = 1 self.timeout = 1
if request:
return token
@rpc
def requestToken(self, email):
if not self.config.mailhost:
raise HTTPError(httplib.FORBIDDEN)
token = self.addToken(email, None)
# Creating and sending email # Creating and sending email
msg = MIMEText('Hello, your token to join re6st network is: %s\n' msg = MIMEText('Hello, your token to join re6st network is: %s\n'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment