← Back to team overview

fuel-dev team mailing list archive

Re: Login and Logout actions are absent in Nailgun

 

Interesting area of discussion.

With processes running (anytime, possibly via cron etc) on any of N
nodes on behalf of the end-user, using tokens that'll expire whenever
they expire, to authorize doing work for that user... how can you say
they're "logging in" and/or "logging out"?

>From my perspective... when the end-user comes and goes from their
horizon sessions is orthogonal to whether keystone should allow or
disallow activities.  I hope this correlates with the current thinking
on how to proceed.
Kind regards,
-Paul Reiber
Phone: (650)430-7926
Email: paul@xxxxxxxxxx
Web: http://bit.ly/reiber

“In the beginning of a change the patriot is a scarce man, and brave,
and hated and scorned. When his cause succeeds, the timid join him,
for then it costs nothing to be a patriot.”  -Twain


On Tue, Sep 23, 2014 at 2:28 PM, Igor Kalnitsky <ikalnitsky@xxxxxxxxxxxx> wrote:
> Hi Lukasz,
>
> Thank you for the input. Actually I agree with you, but still I think
> there's something wrong with our current approach.
>
> I don't like that we work with keystone directly from UI and Fuel CLI.
> I believe there should be a Nailgun API for authenticating users. In
> deep of Nail Gun we can use Keystone for authenticating users and
> validating tokens, but not vice-versa.
>
> I mean there's something wrong if we don't provide authentication
> abstraction and use keystone directly in both server and client sides
> (Nailgun, CLI, UI, Upgrade Script, etc).
>
> What do you think about it?
>
> Thanks,
> Igor
>
> On Tue, Sep 23, 2014 at 8:07 PM, Lukasz Oles <loles@xxxxxxxxxxxx> wrote:
>> Guys,
>>
>> there is no "logout issue". This is REST API. It is stateless.
>> There is no such thing like login or logout in REST API. You can only get
>> authentication token. This token is only valid for a while. After some time
>> it will be outdated and you need to get new one. It doesn't mean that user
>> login and logout every time, it only means that token is not valid anymore
>> and you need new one.
>>
>> In 6.0 token will be valid for 24h, so when you will see new token it means
>> user started using API again. That's all. You can easily calculate when user
>> started using API and when he ended. You don't need to add login/logut
>> handlers. It's broken. REST API doesn't work this way.
>>
>> If we need add new handlers to API because of collecting data it means you
>> are doing something wrong.  Your code should't change anything in API
>> workflow.
>>
>> Regards,
>>
>> On Mon, Sep 22, 2014 at 12:59 PM, Igor Kalnitsky <ikalnitsky@xxxxxxxxxxxx>
>> wrote:
>>>
>>> Hi folks,
>>>
>>> Today I took a look over "logout issue" [1] and figured out that we
>>> cannot implement it with current approach.
>>>
>>> In current approach both login and logout actions are handled by Web
>>> UI with direct requests to Keystone server [2].
>>>
>>> As far as I know, we want to track login/logout actions as a part of
>>> anonymous statistic [3], so we need to decide how to avoid this issue
>>> and make it fly.
>>>
>>> I think we need to implement login/logout handlers as a part of
>>> Nailgun API. A login handler should receive user credentials and make
>>> request to Keystone server in order to retrieve an auth token. A
>>> logout handler should mark the token as invalid and forbid any actions
>>> with this token.
>>>
>>> Fuel Web UI should work with login/logout handlers which are part of
>>> Nailgun, instead of working with Keystone directly.
>>>
>>> What do you think about it? Any ideas and suggestions are welcome!
>>>
>>>
>>> [1]: https://bugs.launchpad.net/fuel/+bug/1370964
>>> [2]:
>>> https://github.com/stackforge/fuel-web/blob/master/nailgun/static/js/app.js#L70
>>> [3]: https://blueprints.launchpad.net/fuel/+spec/send-anon-usage
>>>
>>>
>>> - Igor
>>>
>>> --
>>> Mailing list: https://launchpad.net/~fuel-dev
>>> Post to     : fuel-dev@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~fuel-dev
>>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>>
>>
>> --
>> Łukasz Oleś
>
> --
> Mailing list: https://launchpad.net/~fuel-dev
> Post to     : fuel-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~fuel-dev
> More help   : https://help.launchpad.net/ListHelp


References