From 29e74e73a6e51cffc0371b32354558391826a4aa Mon Sep 17 00:00:00 2001
From: Derek Higgins <derekh@redhat.com>
Date: Tue, 5 Jun 2012 09:33:53 +0100
Subject: Carrying over token expiry time when token chaining

Fixes bug #998185

This commit causes the token expiry time to be maintained when
one token is being created from another

Change-Id: I7b61692a60d9227423b93c267864a5abe939ca33
---
 keystone/service.py          |  3 ++-
 tests/test_keystoneclient.py | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/keystone/service.py b/keystone/service.py
index 2b024f4ed..ebdea50af 100644
--- a/keystone/service.py
+++ b/keystone/service.py
@@ -351,7 +351,8 @@ class TokenController(wsgi.Application):
                     context, token_id, dict(id=token_id,
                                             user=user_ref,
                                             tenant=tenant_ref,
-                                            metadata=metadata_ref))
+                                            metadata=metadata_ref,
+                                            expires=old_token_ref['expires']))
 
         # TODO(termie): optimize this call at some point and put it into the
         #               the return for metadata
diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py
index 1e0be6053..570502477 100644
--- a/tests/test_keystoneclient.py
+++ b/tests/test_keystoneclient.py
@@ -14,6 +14,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import time
 import uuid
 
 import nose.exc
@@ -326,6 +327,17 @@ class KeystoneClientTests(object):
                           self.get_client,
                           self.user_foo)
 
+    def test_token_expiry_maintained(self):
+        foo_client = self.get_client(self.user_foo)
+        orig_token = foo_client.service_catalog.catalog['token']
+
+        time.sleep(1.01)
+        reauthenticated_token = foo_client.tokens.authenticate(
+                                    token=foo_client.auth_token)
+
+        self.assertEquals(orig_token['expires'],
+                          reauthenticated_token.expires)
+
     def test_user_create_update_delete(self):
         from keystoneclient import exceptions as client_exceptions
 
-- 
cgit v1.2.1