Permalink
Browse files

Ensure token expiration is maintained

Ensure token expiration is maintained. Fixes bug 1079216.

Change-Id: I0ce53f106ab6d95916fdc9797cb9d8bf09132a91
  • Loading branch information...
1 parent bd3f218 commit f9d4766249a72d8f88d75dcf1575b28dd3496681 @dolph dolph committed with ttx Nov 28, 2012
Showing with 78 additions and 0 deletions.
  1. +1 −0 keystone/service.py
  2. +77 −0 tests/test_service.py
View
@@ -438,6 +438,7 @@ def authenticate(self, context, auth=None):
self.token_api.create_token(
context, token_id, dict(key=token_id,
id=token_id,
+ expires=auth_token_data['expires'],
user=user_ref,
tenant=tenant_ref,
metadata=metadata_ref))
View
@@ -0,0 +1,77 @@
+# Copyright 2012 OpenStack LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import time
+
+import default_fixtures
+
+from keystone import config
+from keystone import service
+from keystone import test
+from keystone.identity.backends import kvs as kvs_identity
+
+
+CONF = config.CONF
+
+
+class TokenExpirationTest(test.TestCase):
+ def setUp(self):
+ super(TokenExpirationTest, self).setUp()
+ self.identity_api = kvs_identity.Identity()
+ self.load_fixtures(default_fixtures)
+ self.api = service.TokenController()
+
+ def _maintain_token_expiration(self):
+ """Token expiration should be maintained after re-auth & validation."""
+ r = self.api.authenticate(
+ {},
+ auth={
+ 'passwordCredentials': {
+ 'username': self.user_foo['name'],
+ 'password': self.user_foo['password']
+ }
+ })
+ unscoped_token_id = r['access']['token']['id']
+ original_expiration = r['access']['token']['expires']
+
+ time.sleep(0.5)
+
+ r = self.api.validate_token(
+ dict(is_admin=True, query_string={}),
+ token_id=unscoped_token_id)
+ self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+ time.sleep(0.5)
+
+ r = self.api.authenticate(
+ {},
+ auth={
+ 'token': {
+ 'id': unscoped_token_id,
+ },
+ 'tenantId': self.tenant_bar['id'],
+ })
+ scoped_token_id = r['access']['token']['id']
+ self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+ time.sleep(0.5)
+
+ r = self.api.validate_token(
+ dict(is_admin=True, query_string={}),
+ token_id=scoped_token_id)
+ self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+ def test_maintain_uuid_token_expiration(self):
+ self.opt_in_group('signing', token_format='UUID')
+ self._maintain_token_expiration()

0 comments on commit f9d4766

Please sign in to comment.