openstack
/
keystonemiddleware
Code Issues Proposed changes

iso expires should be returned in one place 

Currently, _get_token_expiration method returns a normalized time,
at the same time, _confirm_token_not_expired method returns an isotime.
We will cache the expire time returned by the two methods in the
_TokenCache object. But _TokenCache object treats it as an isotime when
getting cache.
There are two issues here:
1. _get_token_expiration should return isotime too
2. expires should be returned in one place rather than in two places
which is a gap make expires in different time-forms

Closes-Bug: #1413093
Change-Id: I85dbaaed0c761ff2f4bcc960df94a4e106af1730
This commit is contained in:
wanghong 2014-12-11 16:59:53 +08:00 committed by Steve Martinelli
parent 2b98d53184
commit 30c4794c37
2 changed files with 36 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
keystonemiddleware/auth_token.py
View File

@ -396,22 +396,19 @@ def _get_token_expiration(data):
if not data:
raise InvalidToken(_('Token authorization failed'))
if _token_is_v2(data):
timestamp = data['access']['token']['expires']
return data['access']['token']['expires']
elif _token_is_v3(data):
timestamp = data['token']['expires_at']
return data['token']['expires_at']
else:
raise InvalidToken(_('Token authorization failed'))
expires = timeutils.parse_isotime(timestamp)
def _confirm_token_not_expired(expires):
expires = timeutils.parse_isotime(expires)
expires = timeutils.normalize_time(expires)
return expires
def _confirm_token_not_expired(data):
expires = _get_token_expiration(data)
utcnow = timeutils.utcnow()
if utcnow >= expires:
raise InvalidToken(_('Token authorization failed'))
return timeutils.isotime(at=expires, subsecond=True)
def _v3_to_v2_catalog(catalog):
@ -961,7 +958,8 @@ class AuthProtocol(object):
if verified is not None:
data = jsonutils.loads(verified)
expires = _confirm_token_not_expired(data)
expires = _get_token_expiration(data)
_confirm_token_not_expired(expires)
else:
data = self._identity_server.verify_token(token, retry)
# No need to confirm token expiration here since

43
keystonemiddleware/tests/test_auth_token_middleware.py
View File

@ -1933,72 +1933,85 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
def test_no_data(self):
data = {}
self.assertRaises(auth_token.InvalidToken,
auth_token._confirm_token_not_expired,
auth_token._get_token_expiration,
data)
def test_bad_data(self):
data = {'my_happy_token_dict': 'woo'}
self.assertRaises(auth_token.InvalidToken,
auth_token._confirm_token_not_expired,
auth_token._get_token_expiration,
data)
def test_v2_token_get_token_expiration_return_isotime(self):
data = self.create_v2_token_fixture()
actual_expires = auth_token._get_token_expiration(data)
self.assertEqual(self.one_hour_earlier, actual_expires)
def test_v2_token_not_expired(self):
data = self.create_v2_token_fixture()
expected_expires = data['access']['token']['expires']
actual_expires = auth_token._confirm_token_not_expired(data)
actual_expires = auth_token._get_token_expiration(data)
self.assertEqual(actual_expires, expected_expires)
def test_v2_token_expired(self):
data = self.create_v2_token_fixture(expires=self.one_hour_ago)
expires = auth_token._get_token_expiration(data)
self.assertRaises(auth_token.InvalidToken,
auth_token._confirm_token_not_expired,
data)
expires)
def test_v2_token_with_timezone_offset_not_expired(self):
self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
data = self.create_v2_token_fixture(
expires='2000-01-01T00:05:10.000123-05:00')
expires='2000-01-01T05:05:10.000123Z')
expected_expires = '2000-01-01T05:05:10.000123Z'
actual_expires = auth_token._confirm_token_not_expired(data)
actual_expires = auth_token._get_token_expiration(data)
self.assertEqual(actual_expires, expected_expires)
def test_v2_token_with_timezone_offset_expired(self):
self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
data = self.create_v2_token_fixture(
expires='2000-01-01T00:05:10.000123+05:00')
data['access']['token']['expires'] = '2000-01-01T00:05:10.000123+05:00'
expires='1999-12-31T19:05:10Z')
expires = auth_token._get_token_expiration(data)
self.assertRaises(auth_token.InvalidToken,
auth_token._confirm_token_not_expired,
data)
expires)
def test_v3_token_get_token_expiration_return_isotime(self):
data = self.create_v3_token_fixture()
actual_expires = auth_token._get_token_expiration(data)
self.assertEqual(self.one_hour_earlier, actual_expires)
def test_v3_token_not_expired(self):
data = self.create_v3_token_fixture()
expected_expires = data['token']['expires_at']
actual_expires = auth_token._confirm_token_not_expired(data)
actual_expires = auth_token._get_token_expiration(data)
self.assertEqual(actual_expires, expected_expires)
def test_v3_token_expired(self):
data = self.create_v3_token_fixture(expires=self.one_hour_ago)
expires = auth_token._get_token_expiration(data)
self.assertRaises(auth_token.InvalidToken,
auth_token._confirm_token_not_expired,
data)
expires)
def test_v3_token_with_timezone_offset_not_expired(self):
self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
data = self.create_v3_token_fixture(
expires='2000-01-01T00:05:10.000123-05:00')
expires='2000-01-01T05:05:10.000123Z')
expected_expires = '2000-01-01T05:05:10.000123Z'
actual_expires = auth_token._confirm_token_not_expired(data)
actual_expires = auth_token._get_token_expiration(data)
self.assertEqual(actual_expires, expected_expires)
def test_v3_token_with_timezone_offset_expired(self):
self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
data = self.create_v3_token_fixture(
expires='2000-01-01T00:05:10.000123+05:00')
expires='1999-12-31T19:05:10Z')
expires = auth_token._get_token_expiration(data)
self.assertRaises(auth_token.InvalidToken,
auth_token._confirm_token_not_expired,
data)
expires)
def test_cached_token_not_expired(self):
token = 'mytoken'