Ensure token expiration is maintained
Ensure token expiration is maintained. Fixes bug 1079216. Change-Id: I0ce53f106ab6d95916fdc9797cb9d8bf09132a91
This commit is contained in:
parent
bd3f2189bb
commit
f9d4766249
|
@ -438,6 +438,7 @@ class TokenController(wsgi.Application):
|
|||
self.token_api.create_token(
|
||||
context, token_id, dict(key=token_id,
|
||||
id=token_id,
|
||||
expires=auth_token_data['expires'],
|
||||
user=user_ref,
|
||||
tenant=tenant_ref,
|
||||
metadata=metadata_ref))
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
# Copyright 2012 OpenStack LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import time
|
||||
|
||||
import default_fixtures
|
||||
|
||||
from keystone import config
|
||||
from keystone import service
|
||||
from keystone import test
|
||||
from keystone.identity.backends import kvs as kvs_identity
|
||||
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class TokenExpirationTest(test.TestCase):
|
||||
def setUp(self):
|
||||
super(TokenExpirationTest, self).setUp()
|
||||
self.identity_api = kvs_identity.Identity()
|
||||
self.load_fixtures(default_fixtures)
|
||||
self.api = service.TokenController()
|
||||
|
||||
def _maintain_token_expiration(self):
|
||||
"""Token expiration should be maintained after re-auth & validation."""
|
||||
r = self.api.authenticate(
|
||||
{},
|
||||
auth={
|
||||
'passwordCredentials': {
|
||||
'username': self.user_foo['name'],
|
||||
'password': self.user_foo['password']
|
||||
}
|
||||
})
|
||||
unscoped_token_id = r['access']['token']['id']
|
||||
original_expiration = r['access']['token']['expires']
|
||||
|
||||
time.sleep(0.5)
|
||||
|
||||
r = self.api.validate_token(
|
||||
dict(is_admin=True, query_string={}),
|
||||
token_id=unscoped_token_id)
|
||||
self.assertEqual(original_expiration, r['access']['token']['expires'])
|
||||
|
||||
time.sleep(0.5)
|
||||
|
||||
r = self.api.authenticate(
|
||||
{},
|
||||
auth={
|
||||
'token': {
|
||||
'id': unscoped_token_id,
|
||||
},
|
||||
'tenantId': self.tenant_bar['id'],
|
||||
})
|
||||
scoped_token_id = r['access']['token']['id']
|
||||
self.assertEqual(original_expiration, r['access']['token']['expires'])
|
||||
|
||||
time.sleep(0.5)
|
||||
|
||||
r = self.api.validate_token(
|
||||
dict(is_admin=True, query_string={}),
|
||||
token_id=scoped_token_id)
|
||||
self.assertEqual(original_expiration, r['access']['token']['expires'])
|
||||
|
||||
def test_maintain_uuid_token_expiration(self):
|
||||
self.opt_in_group('signing', token_format='UUID')
|
||||
self._maintain_token_expiration()
|
Loading…
Reference in New Issue