Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Ensure token expiration is maintained (bug 1079216)

Change-Id: I95853ec36e9c4cd937cfac7e08b648e830f9efd0
  • Loading branch information...
commit 38c7e46a640a94da4da89a39a5a1ea9c081f1eb5 1 parent ede63fb
@dolph dolph authored russellb committed
Showing with 58 additions and 0 deletions.
  1. +1 −0  keystone/service.py
  2. +57 −0 tests/test_service.py
View
1  keystone/service.py
@@ -530,6 +530,7 @@ def authenticate(self, context, auth=None):
self.token_api.create_token(
context, token_id, dict(key=token_id,
id=token_id,
+ expires=auth_token_data['expires'],
user=user_ref,
tenant=tenant_ref,
metadata=metadata_ref))
View
57 tests/test_service.py
@@ -12,10 +12,12 @@
# License for the specific language governing permissions and limitations
# under the License.
+import time
import uuid
import default_fixtures
+from keystone import config
from keystone import exception
from keystone import identity
from keystone import service
@@ -24,6 +26,9 @@
from keystone.openstack.common import timeutils
+CONF = config.CONF
+
+
def _build_user_auth(token=None, username=None,
password=None, tenant_name=None):
"""Build auth dictionary.
@@ -296,3 +301,55 @@ def test_scoped_remote_authn_invalid_user(self):
self.api.authenticate,
{'REMOTE_USER': uuid.uuid4().hex},
body_dict)
+
+
+class TokenExpirationTest(test.TestCase):
+ def setUp(self):
+ super(TokenExpirationTest, self).setUp()
+ self.identity_api = kvs_identity.Identity()
+ self.load_fixtures(default_fixtures)
+ self.api = service.TokenController()
+
+ def _maintain_token_expiration(self):
+ """Token expiration should be maintained after re-auth & validation."""
+ r = self.api.authenticate(
+ {},
+ auth={
+ 'passwordCredentials': {
+ 'username': self.user_foo['name'],
+ 'password': self.user_foo['password']
+ }
+ })
+ unscoped_token_id = r['access']['token']['id']
+ original_expiration = r['access']['token']['expires']
+
+ time.sleep(0.5)
+
+ r = self.api.validate_token(
+ dict(is_admin=True, query_string={}),
+ token_id=unscoped_token_id)
+ self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+ time.sleep(0.5)
+
+ r = self.api.authenticate(
+ {},
+ auth={
+ 'token': {
+ 'id': unscoped_token_id,
+ },
+ 'tenantId': self.tenant_bar['id'],
+ })
+ scoped_token_id = r['access']['token']['id']
+ self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+ time.sleep(0.5)
+
+ r = self.api.validate_token(
+ dict(is_admin=True, query_string={}),
+ token_id=scoped_token_id)
+ self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+ def test_maintain_uuid_token_expiration(self):
+ self.opt_in_group('signing', token_format='UUID')
+ self._maintain_token_expiration()
Please sign in to comment.
Something went wrong with that request. Please try again.