unique token for each separate logins

2025-12-13 09:40:30 +08:00 · 2024-01-08 23:50:38 +02:00 · 2024-01-08 23:50:38 +02:00 · 0676a3cee9
commit 0676a3cee9
parent f355c38fe1
2 changed files with 29 additions and 16 deletions
--- a/kvmd/apps/kvmd/auth.py
+++ b/kvmd/apps/kvmd/auth.py
@ -117,9 +117,6 @@ class AuthManager:
        assert user
        assert self.__enabled
        if (await self.authorize(user, passwd)):
-            for (token, token_user) in self.__tokens.items():
-                if user == token_user:
-                    return token
            token = self.__make_new_token()
            self.__tokens[token] = user
            get_logger().info("Logged in user %r", user)
@ -136,9 +133,14 @@ class AuthManager:

    def logout(self, token: str) -> None:
        assert self.__enabled
-        user = self.__tokens.pop(token, "")
-        if user:
-            get_logger().info("Logged out user %r", user)
+        if token in self.__tokens:
+            user = self.__tokens[token]
+            count = 0
+            for (r_token, r_user) in list(self.__tokens.items()):
+                if r_user == user:
+                    count += 1
+                    del self.__tokens[r_token]
+            get_logger().info("Logged out user %r (%d)", user, count)

    def check(self, token: str) -> (str | None):
        assert self.__enabled
--- a/testenv/tests/apps/kvmd/test_auth.py
+++ b/testenv/tests/apps/kvmd/test_auth.py
@ -100,19 +100,30 @@ async def test_ok__internal(tmpdir) -> None:  # type: ignore
        assert (await manager.login("admin", "foo")) is None
        assert (await manager.login("user", "pass")) is None

-        token = await manager.login("admin", "pass")
-        assert isinstance(token, str)
-        assert len(token) == 64
+        token1 = await manager.login("admin", "pass")
+        assert isinstance(token1, str)
+        assert len(token1) == 64

-        again = await manager.login("admin", "pass")
-        assert token == again
+        token2 = await manager.login("admin", "pass")
+        assert isinstance(token2, str)
+        assert len(token2) == 64
+        assert token1 != token2

-        assert manager.check(token) == "admin"
-        manager.logout(token)
-        assert manager.check(token) is None
+        assert manager.check(token1) == "admin"
+        assert manager.check(token2) == "admin"
+        assert manager.check("foobar") is None

-        again = await manager.login("admin", "pass")
-        assert token != again
+        manager.logout(token1)
+
+        assert manager.check(token1) is None
+        assert manager.check(token2) is None
+        assert manager.check("foobar") is None
+
+        token3 = await manager.login("admin", "pass")
+        assert isinstance(token3, str)
+        assert len(token3) == 64
+        assert token1 != token3
+        assert token2 != token3


@pytest.mark.asyncio