Merge "Rename fernet methods to match expiration timestamp"

2015-10-07 20:47:58 +00:00 · 2015-10-07 20:47:58 +00:00 · 7128933e1b
parent b492efcb06 94904b305b
commit 7128933e1b
2 changed files with 33 additions and 26 deletions
--- a/keystone/tests/unit/token/test_fernet_provider.py
+++ b/keystone/tests/unit/token/test_fernet_provider.py
@ -274,21 +274,28 @@ class TestPayloads(unit.TestCase):
            expected_uuid_in_bytes)
        self.assertEqual(expected_hex_uuid, actual_hex_uuid)

-    def test_time_string_to_int_conversions(self):
+    def test_time_string_to_float_conversions(self):
        payload_cls = token_formatters.BasePayload

        expected_time_str = utils.isotime(subsecond=True)
        time_obj = timeutils.parse_isotime(expected_time_str)
-        expected_time_int = (
+        expected_time_float = (
            (timeutils.normalize_time(time_obj) -
             datetime.datetime.utcfromtimestamp(0)).total_seconds())

-        actual_time_int = payload_cls._convert_time_string_to_int(
-            expected_time_str)
-        self.assertEqual(expected_time_int, actual_time_int)
+        # NOTE(lbragstad): The token expiration time for Fernet tokens is
+        # passed in the payload of the token. This is different from the token
+        # creation time, which is handled by Fernet and doesn't support
+        # subsecond precision because it is a timestamp integer.
+        self.assertIsInstance(expected_time_float, float)

-        actual_time_str = payload_cls._convert_int_to_time_string(
-            actual_time_int)
+        actual_time_float = payload_cls._convert_time_string_to_float(
+            expected_time_str)
+        self.assertIsInstance(actual_time_float, float)
+        self.assertEqual(expected_time_float, actual_time_float)
+
+        actual_time_str = payload_cls._convert_float_to_time_string(
+            actual_time_float)
        self.assertEqual(expected_time_str, actual_time_str)

    def test_unscoped_payload(self):
--- a/keystone/token/providers/fernet/token_formatters.py
+++ b/keystone/token/providers/fernet/token_formatters.py
@ -323,11 +323,11 @@ class BasePayload(object):
        return uuid_obj.hex

    @classmethod
-    def _convert_time_string_to_int(cls, time_string):
-        """Convert a time formatted string to a timestamp integer.
+    def _convert_time_string_to_float(cls, time_string):
+        """Convert a time formatted string to a float.

        :param time_string: time formatted string
-        :returns: an integer timestamp
+        :returns: a timestamp as a float

        """
        time_object = timeutils.parse_isotime(time_string)
@ -335,14 +335,14 @@ class BasePayload(object):
                datetime.datetime.utcfromtimestamp(0)).total_seconds()

    @classmethod
-    def _convert_int_to_time_string(cls, time_int):
-        """Convert a timestamp integer to a string.
+    def _convert_float_to_time_string(cls, time_float):
+        """Convert a floating point timestamp to a string.

-        :param time_int: integer representing timestamp
+        :param time_float: integer representing timestamp
        :returns: a time formatted strings

        """
-        time_object = datetime.datetime.utcfromtimestamp(time_int)
+        time_object = datetime.datetime.utcfromtimestamp(time_float)
        return ks_utils.isotime(time_object, subsecond=True)

    @classmethod
@ -390,7 +390,7 @@ class UnscopedPayload(BasePayload):
        """
        b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
        methods = auth_plugins.convert_method_list_to_integer(methods)
-        expires_at_int = cls._convert_time_string_to_int(expires_at)
+        expires_at_int = cls._convert_time_string_to_float(expires_at)
        b_audit_ids = list(map(provider.random_urlsafe_str_to_bytes,
                           audit_ids))
        return (b_user_id, methods, expires_at_int, b_audit_ids)
@ -406,7 +406,7 @@ class UnscopedPayload(BasePayload):
        """
        user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
        methods = auth_plugins.convert_integer_to_method_list(payload[1])
-        expires_at_str = cls._convert_int_to_time_string(payload[2])
+        expires_at_str = cls._convert_float_to_time_string(payload[2])
        audit_ids = list(map(provider.base64_encode, payload[3]))
        return (user_id, methods, expires_at_str, audit_ids)

@ -436,7 +436,7 @@ class DomainScopedPayload(BasePayload):
                b_domain_id = domain_id
            else:
                raise
-        expires_at_int = cls._convert_time_string_to_int(expires_at)
+        expires_at_int = cls._convert_time_string_to_float(expires_at)
        b_audit_ids = list(map(provider.random_urlsafe_str_to_bytes,
                           audit_ids))
        return (b_user_id, methods, b_domain_id, expires_at_int, b_audit_ids)
@ -460,7 +460,7 @@ class DomainScopedPayload(BasePayload):
                domain_id = payload[2]
            else:
                raise
-        expires_at_str = cls._convert_int_to_time_string(payload[3])
+        expires_at_str = cls._convert_float_to_time_string(payload[3])
        audit_ids = list(map(provider.base64_encode, payload[4]))

        return (user_id, methods, domain_id, expires_at_str, audit_ids)
@ -484,7 +484,7 @@ class ProjectScopedPayload(BasePayload):
        b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
        methods = auth_plugins.convert_method_list_to_integer(methods)
        b_project_id = cls.attempt_convert_uuid_hex_to_bytes(project_id)
-        expires_at_int = cls._convert_time_string_to_int(expires_at)
+        expires_at_int = cls._convert_time_string_to_float(expires_at)
        b_audit_ids = list(map(provider.random_urlsafe_str_to_bytes,
                           audit_ids))
        return (b_user_id, methods, b_project_id, expires_at_int, b_audit_ids)
@ -501,7 +501,7 @@ class ProjectScopedPayload(BasePayload):
        user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
        methods = auth_plugins.convert_integer_to_method_list(payload[1])
        project_id = cls.attempt_convert_uuid_bytes_to_hex(payload[2])
-        expires_at_str = cls._convert_int_to_time_string(payload[3])
+        expires_at_str = cls._convert_float_to_time_string(payload[3])
        audit_ids = list(map(provider.base64_encode, payload[4]))

        return (user_id, methods, project_id, expires_at_str, audit_ids)
@ -528,7 +528,7 @@ class TrustScopedPayload(BasePayload):
        methods = auth_plugins.convert_method_list_to_integer(methods)
        b_project_id = cls.attempt_convert_uuid_hex_to_bytes(project_id)
        b_trust_id = cls.convert_uuid_hex_to_bytes(trust_id)
-        expires_at_int = cls._convert_time_string_to_int(expires_at)
+        expires_at_int = cls._convert_time_string_to_float(expires_at)
        b_audit_ids = list(map(provider.random_urlsafe_str_to_bytes,
                           audit_ids))

@ -547,7 +547,7 @@ class TrustScopedPayload(BasePayload):
        user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])
        methods = auth_plugins.convert_integer_to_method_list(payload[1])
        project_id = cls.attempt_convert_uuid_bytes_to_hex(payload[2])
-        expires_at_str = cls._convert_int_to_time_string(payload[3])
+        expires_at_str = cls._convert_float_to_time_string(payload[3])
        audit_ids = list(map(provider.base64_encode, payload[4]))
        trust_id = cls.convert_uuid_bytes_to_hex(payload[5])

@ -589,7 +589,7 @@ class FederatedUnscopedPayload(BasePayload):
        b_idp_id = cls.attempt_convert_uuid_hex_to_bytes(
            federated_info['idp_id'])
        protocol_id = federated_info['protocol_id']
-        expires_at_int = cls._convert_time_string_to_int(expires_at)
+        expires_at_int = cls._convert_time_string_to_float(expires_at)
        b_audit_ids = list(map(provider.random_urlsafe_str_to_bytes,
                               audit_ids))

@ -613,7 +613,7 @@ class FederatedUnscopedPayload(BasePayload):
        group_ids = list(map(cls.unpack_group_id, payload[2]))
        idp_id = cls.attempt_convert_uuid_bytes_to_hex(payload[3])
        protocol_id = payload[4]
-        expires_at_str = cls._convert_int_to_time_string(payload[5])
+        expires_at_str = cls._convert_float_to_time_string(payload[5])
        audit_ids = list(map(provider.base64_encode, payload[6]))
        federated_info = dict(group_ids=group_ids, idp_id=idp_id,
                              protocol_id=protocol_id)
@ -646,7 +646,7 @@ class FederatedScopedPayload(FederatedUnscopedPayload):
        b_idp_id = cls.attempt_convert_uuid_hex_to_bytes(
            federated_info['idp_id'])
        protocol_id = federated_info['protocol_id']
-        expires_at_int = cls._convert_time_string_to_int(expires_at)
+        expires_at_int = cls._convert_time_string_to_float(expires_at)
        b_audit_ids = list(map(provider.random_urlsafe_str_to_bytes,
                               audit_ids))

@ -671,7 +671,7 @@ class FederatedScopedPayload(FederatedUnscopedPayload):
        group_ids = list(map(cls.unpack_group_id, payload[3]))
        idp_id = cls.attempt_convert_uuid_bytes_to_hex(payload[4])
        protocol_id = payload[5]
-        expires_at_str = cls._convert_int_to_time_string(payload[6])
+        expires_at_str = cls._convert_float_to_time_string(payload[6])
        audit_ids = list(map(provider.base64_encode, payload[7]))
        federated_info = dict(idp_id=idp_id, protocol_id=protocol_id,
                              group_ids=group_ids)