iso expires should be returned in one place
Currently, _get_token_expiration method returns a normalized time, at the same time, _confirm_token_not_expired method returns an isotime. We will cache the expire time returned by the two methods in the _TokenCache object. But _TokenCache object treats it as an isotime when getting cache. There are two issues here: 1. _get_token_expiration should return isotime too 2. expires should be returned in one place rather than in two places which is a gap make expires in different time-forms Closes-Bug: #1413093 Change-Id: I85dbaaed0c761ff2f4bcc960df94a4e106af1730
This commit is contained in:
parent
2b98d53184
commit
30c4794c37
|
@ -396,22 +396,19 @@ def _get_token_expiration(data):
|
|||
if not data:
|
||||
raise InvalidToken(_('Token authorization failed'))
|
||||
if _token_is_v2(data):
|
||||
timestamp = data['access']['token']['expires']
|
||||
return data['access']['token']['expires']
|
||||
elif _token_is_v3(data):
|
||||
timestamp = data['token']['expires_at']
|
||||
return data['token']['expires_at']
|
||||
else:
|
||||
raise InvalidToken(_('Token authorization failed'))
|
||||
expires = timeutils.parse_isotime(timestamp)
|
||||
|
||||
|
||||
def _confirm_token_not_expired(expires):
|
||||
expires = timeutils.parse_isotime(expires)
|
||||
expires = timeutils.normalize_time(expires)
|
||||
return expires
|
||||
|
||||
|
||||
def _confirm_token_not_expired(data):
|
||||
expires = _get_token_expiration(data)
|
||||
utcnow = timeutils.utcnow()
|
||||
if utcnow >= expires:
|
||||
raise InvalidToken(_('Token authorization failed'))
|
||||
return timeutils.isotime(at=expires, subsecond=True)
|
||||
|
||||
|
||||
def _v3_to_v2_catalog(catalog):
|
||||
|
@ -961,7 +958,8 @@ class AuthProtocol(object):
|
|||
|
||||
if verified is not None:
|
||||
data = jsonutils.loads(verified)
|
||||
expires = _confirm_token_not_expired(data)
|
||||
expires = _get_token_expiration(data)
|
||||
_confirm_token_not_expired(expires)
|
||||
else:
|
||||
data = self._identity_server.verify_token(token, retry)
|
||||
# No need to confirm token expiration here since
|
||||
|
|
|
@ -1933,72 +1933,85 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
|
|||
def test_no_data(self):
|
||||
data = {}
|
||||
self.assertRaises(auth_token.InvalidToken,
|
||||
auth_token._confirm_token_not_expired,
|
||||
auth_token._get_token_expiration,
|
||||
data)
|
||||
|
||||
def test_bad_data(self):
|
||||
data = {'my_happy_token_dict': 'woo'}
|
||||
self.assertRaises(auth_token.InvalidToken,
|
||||
auth_token._confirm_token_not_expired,
|
||||
auth_token._get_token_expiration,
|
||||
data)
|
||||
|
||||
def test_v2_token_get_token_expiration_return_isotime(self):
|
||||
data = self.create_v2_token_fixture()
|
||||
actual_expires = auth_token._get_token_expiration(data)
|
||||
self.assertEqual(self.one_hour_earlier, actual_expires)
|
||||
|
||||
def test_v2_token_not_expired(self):
|
||||
data = self.create_v2_token_fixture()
|
||||
expected_expires = data['access']['token']['expires']
|
||||
actual_expires = auth_token._confirm_token_not_expired(data)
|
||||
actual_expires = auth_token._get_token_expiration(data)
|
||||
self.assertEqual(actual_expires, expected_expires)
|
||||
|
||||
def test_v2_token_expired(self):
|
||||
data = self.create_v2_token_fixture(expires=self.one_hour_ago)
|
||||
expires = auth_token._get_token_expiration(data)
|
||||
self.assertRaises(auth_token.InvalidToken,
|
||||
auth_token._confirm_token_not_expired,
|
||||
data)
|
||||
expires)
|
||||
|
||||
def test_v2_token_with_timezone_offset_not_expired(self):
|
||||
self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
|
||||
data = self.create_v2_token_fixture(
|
||||
expires='2000-01-01T00:05:10.000123-05:00')
|
||||
expires='2000-01-01T05:05:10.000123Z')
|
||||
expected_expires = '2000-01-01T05:05:10.000123Z'
|
||||
actual_expires = auth_token._confirm_token_not_expired(data)
|
||||
actual_expires = auth_token._get_token_expiration(data)
|
||||
self.assertEqual(actual_expires, expected_expires)
|
||||
|
||||
def test_v2_token_with_timezone_offset_expired(self):
|
||||
self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
|
||||
data = self.create_v2_token_fixture(
|
||||
expires='2000-01-01T00:05:10.000123+05:00')
|
||||
data['access']['token']['expires'] = '2000-01-01T00:05:10.000123+05:00'
|
||||
expires='1999-12-31T19:05:10Z')
|
||||
expires = auth_token._get_token_expiration(data)
|
||||
self.assertRaises(auth_token.InvalidToken,
|
||||
auth_token._confirm_token_not_expired,
|
||||
data)
|
||||
expires)
|
||||
|
||||
def test_v3_token_get_token_expiration_return_isotime(self):
|
||||
data = self.create_v3_token_fixture()
|
||||
actual_expires = auth_token._get_token_expiration(data)
|
||||
self.assertEqual(self.one_hour_earlier, actual_expires)
|
||||
|
||||
def test_v3_token_not_expired(self):
|
||||
data = self.create_v3_token_fixture()
|
||||
expected_expires = data['token']['expires_at']
|
||||
actual_expires = auth_token._confirm_token_not_expired(data)
|
||||
actual_expires = auth_token._get_token_expiration(data)
|
||||
self.assertEqual(actual_expires, expected_expires)
|
||||
|
||||
def test_v3_token_expired(self):
|
||||
data = self.create_v3_token_fixture(expires=self.one_hour_ago)
|
||||
expires = auth_token._get_token_expiration(data)
|
||||
self.assertRaises(auth_token.InvalidToken,
|
||||
auth_token._confirm_token_not_expired,
|
||||
data)
|
||||
expires)
|
||||
|
||||
def test_v3_token_with_timezone_offset_not_expired(self):
|
||||
self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
|
||||
data = self.create_v3_token_fixture(
|
||||
expires='2000-01-01T00:05:10.000123-05:00')
|
||||
expires='2000-01-01T05:05:10.000123Z')
|
||||
expected_expires = '2000-01-01T05:05:10.000123Z'
|
||||
|
||||
actual_expires = auth_token._confirm_token_not_expired(data)
|
||||
actual_expires = auth_token._get_token_expiration(data)
|
||||
self.assertEqual(actual_expires, expected_expires)
|
||||
|
||||
def test_v3_token_with_timezone_offset_expired(self):
|
||||
self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
|
||||
data = self.create_v3_token_fixture(
|
||||
expires='2000-01-01T00:05:10.000123+05:00')
|
||||
expires='1999-12-31T19:05:10Z')
|
||||
expires = auth_token._get_token_expiration(data)
|
||||
self.assertRaises(auth_token.InvalidToken,
|
||||
auth_token._confirm_token_not_expired,
|
||||
data)
|
||||
expires)
|
||||
|
||||
def test_cached_token_not_expired(self):
|
||||
token = 'mytoken'
|
||||
|
|
Loading…
Reference in New Issue