Ensure token expiration is maintained

Ensure token expiration is maintained. Fixes bug 1079216.

Change-Id: I0ce53f106ab6d95916fdc9797cb9d8bf09132a91
This commit is contained in:
Dolph Mathews 2012-11-28 16:28:05 +01:00 committed by Thierry Carrez
parent bd3f2189bb
commit f9d4766249
2 changed files with 78 additions and 0 deletions

View File

@ -438,6 +438,7 @@ class TokenController(wsgi.Application):
self.token_api.create_token(
context, token_id, dict(key=token_id,
id=token_id,
expires=auth_token_data['expires'],
user=user_ref,
tenant=tenant_ref,
metadata=metadata_ref))

77
tests/test_service.py Normal file
View File

@ -0,0 +1,77 @@
# Copyright 2012 OpenStack LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import time
import default_fixtures
from keystone import config
from keystone import service
from keystone import test
from keystone.identity.backends import kvs as kvs_identity
CONF = config.CONF
class TokenExpirationTest(test.TestCase):
def setUp(self):
super(TokenExpirationTest, self).setUp()
self.identity_api = kvs_identity.Identity()
self.load_fixtures(default_fixtures)
self.api = service.TokenController()
def _maintain_token_expiration(self):
"""Token expiration should be maintained after re-auth & validation."""
r = self.api.authenticate(
{},
auth={
'passwordCredentials': {
'username': self.user_foo['name'],
'password': self.user_foo['password']
}
})
unscoped_token_id = r['access']['token']['id']
original_expiration = r['access']['token']['expires']
time.sleep(0.5)
r = self.api.validate_token(
dict(is_admin=True, query_string={}),
token_id=unscoped_token_id)
self.assertEqual(original_expiration, r['access']['token']['expires'])
time.sleep(0.5)
r = self.api.authenticate(
{},
auth={
'token': {
'id': unscoped_token_id,
},
'tenantId': self.tenant_bar['id'],
})
scoped_token_id = r['access']['token']['id']
self.assertEqual(original_expiration, r['access']['token']['expires'])
time.sleep(0.5)
r = self.api.validate_token(
dict(is_admin=True, query_string={}),
token_id=scoped_token_id)
self.assertEqual(original_expiration, r['access']['token']['expires'])
def test_maintain_uuid_token_expiration(self):
self.opt_in_group('signing', token_format='UUID')
self._maintain_token_expiration()