[9.0] DISET version of the TokenManager service #7793
Conversation
|
Why not put this into 8.0? The TokenManager is the only tornado service I have |
| result = Registry.getIDFromDN(dn) | ||
| if result["OK"]: | ||
| uid = result["Value"] | ||
| # To do this, first find the refresh token stored in the database with the maximum scope | ||
| result = self.__tokenDB.getTokenForUserProvider(uid, idpObj.name) | ||
| if result["OK"] and result["Value"]: | ||
| tokens = result["Value"] | ||
| result = self.__checkProperties(dn, userGroup) | ||
| if result["OK"]: | ||
| # refresh token with requested scope | ||
| result = idpObj.refreshToken(tokens.get("refresh_token"), group=userGroup, scope=scope) | ||
| if result["OK"]: | ||
| return result |
There was a problem hiding this comment.
| result = Registry.getIDFromDN(dn) | |
| if result["OK"]: | |
| uid = result["Value"] | |
| # To do this, first find the refresh token stored in the database with the maximum scope | |
| result = self.__tokenDB.getTokenForUserProvider(uid, idpObj.name) | |
| if result["OK"] and result["Value"]: | |
| tokens = result["Value"] | |
| result = self.__checkProperties(dn, userGroup) | |
| if result["OK"]: | |
| # refresh token with requested scope | |
| result = idpObj.refreshToken(tokens.get("refresh_token"), group=userGroup, scope=scope) | |
| if result["OK"]: | |
| return result | |
| result = Registry.getIDFromDN(dn) | |
| if not result["OK"]: | |
| continue | |
| uid = result["Value"] | |
| # To do this, first find the refresh token stored in the database with the maximum scope | |
| result = self.__tokenDB.getTokenForUserProvider(uid, idpObj.name) | |
| if not result["OK"] or not result["Value"]: | |
| continue | |
| tokens = result["Value"] | |
| result = self.__checkProperties(dn, userGroup) | |
| if not result["OK"]: | |
| continue | |
| # refresh token with requested scope | |
| result = idpObj.refreshToken(tokens.get("refresh_token"), group=userGroup, scope=scope) | |
| if result["OK"]: | |
| return result |
There was a problem hiding this comment.
PS: Shouldn't we first result = self.__checkProperties(dn, userGroup) instead of getting getTokenForUserProvider ? Seems we can do that checkProperties before?
|
For each and every service for which we have the DIPS and HTTPs version, we have 2 files:
class NameOfHandlerMixin:
# logic end "export_"s here
class NameOfHandler(NotificationHandlerMixin, RequestHandler):
pass
class TornadoNameOfHandler(NotificationHandlerMixin, TornadoService):
passwhich should be respected also here. So, at a minimum you need to modify accordingly also the "TornadoTokenManagerHandler.py". Or, at the 2 VERY different one from the other? BTW I think this should also go to v8. |
|
The 8.0 version of this one is in PR. As for the 9.0, I think we should scrap all the Tornado services related stuff (TokenManager was the last one in Tornado only). This would allow also to get rid of Tornado in the services framework leaving it only for the WebApp. |
|
Should be replaced by #7895 propagated from 8.0 |
3 participants
The DISET version of the TokenManager service is added. This will help to eventually get rid of all the Tornado services.
BEGINRELEASENOTES
*Framework
NEW: DISET version of the TokenManager service
ENDRELEASENOTES