Merge "iso expires should be returned in one place"

author: Jenkins <jenkins@review.openstack.org> 2015-02-10 03:02:10 +0000
committer: Gerrit Code Review <review@openstack.org> 2015-02-10 03:02:10 +0000
commit: 1f670d13d2980202cb7a5b9092bc94019ef6d113 (patch)
tree: 315ff7b5b2e0b00a1aa116cb6a5a36435abbfbb0
parent: 34487826a90e381ec425626384d8dfa51b9d5782 (diff)
parent: 30c4794c37a2ee0d5e194465dac2c7043c62a7f9 (diff)
download: keystonemiddleware-1f670d13d2980202cb7a5b9092bc94019ef6d113.tar.gz
2 files changed, 35 insertions, 24 deletions
diff --git a/keystonemiddleware/auth_token.py b/keystonemiddleware/auth_token.py
index 33476eb..6535002 100644
--- a/keystonemiddleware/auth_token.py
+++ b/keystonemiddleware/auth_token.py
@@ -396,22 +396,19 @@ def _get_token_expiration(data):
     if not data:
         raise InvalidToken(_('Token authorization failed'))
     if _token_is_v2(data):
-        timestamp = data['access']['token']['expires']
+        return data['access']['token']['expires']
     elif _token_is_v3(data):
-        timestamp = data['token']['expires_at']
+        return data['token']['expires_at']
     else:
         raise InvalidToken(_('Token authorization failed'))
-    expires = timeutils.parse_isotime(timestamp)
-    expires = timeutils.normalize_time(expires)
-    return expires
 
 
-def _confirm_token_not_expired(data):
-    expires = _get_token_expiration(data)
+def _confirm_token_not_expired(expires):
+    expires = timeutils.parse_isotime(expires)
+    expires = timeutils.normalize_time(expires)
     utcnow = timeutils.utcnow()
     if utcnow >= expires:
         raise InvalidToken(_('Token authorization failed'))
-    return timeutils.isotime(at=expires, subsecond=True)
 
 
 def _v3_to_v2_catalog(catalog):
@@ -961,7 +958,8 @@ class AuthProtocol(object):
 
                 if verified is not None:
                     data = jsonutils.loads(verified)
-                    expires = _confirm_token_not_expired(data)
+                    expires = _get_token_expiration(data)
+                    _confirm_token_not_expired(expires)
                 else:
                     data = self._identity_server.verify_token(token, retry)
                     # No need to confirm token expiration here since
diff --git a/keystonemiddleware/tests/test_auth_token_middleware.py b/keystonemiddleware/tests/test_auth_token_middleware.py
index b9bff1c..67a0456 100644
--- a/keystonemiddleware/tests/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/test_auth_token_middleware.py
@@ -1933,72 +1933,85 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
     def test_no_data(self):
         data = {}
         self.assertRaises(auth_token.InvalidToken,
-                          auth_token._confirm_token_not_expired,
+                          auth_token._get_token_expiration,
                           data)
 
     def test_bad_data(self):
         data = {'my_happy_token_dict': 'woo'}
         self.assertRaises(auth_token.InvalidToken,
-                          auth_token._confirm_token_not_expired,
+                          auth_token._get_token_expiration,
                           data)
 
+    def test_v2_token_get_token_expiration_return_isotime(self):
+        data = self.create_v2_token_fixture()
+        actual_expires = auth_token._get_token_expiration(data)
+        self.assertEqual(self.one_hour_earlier, actual_expires)
+
     def test_v2_token_not_expired(self):
         data = self.create_v2_token_fixture()
         expected_expires = data['access']['token']['expires']
-        actual_expires = auth_token._confirm_token_not_expired(data)
+        actual_expires = auth_token._get_token_expiration(data)
         self.assertEqual(actual_expires, expected_expires)
 
     def test_v2_token_expired(self):
         data = self.create_v2_token_fixture(expires=self.one_hour_ago)
+        expires = auth_token._get_token_expiration(data)
         self.assertRaises(auth_token.InvalidToken,
                           auth_token._confirm_token_not_expired,
-                          data)
+                          expires)
 
     def test_v2_token_with_timezone_offset_not_expired(self):
         self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
         data = self.create_v2_token_fixture(
-            expires='2000-01-01T00:05:10.000123-05:00')
+            expires='2000-01-01T05:05:10.000123Z')
         expected_expires = '2000-01-01T05:05:10.000123Z'
-        actual_expires = auth_token._confirm_token_not_expired(data)
+        actual_expires = auth_token._get_token_expiration(data)
         self.assertEqual(actual_expires, expected_expires)
 
     def test_v2_token_with_timezone_offset_expired(self):
         self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
         data = self.create_v2_token_fixture(
-            expires='2000-01-01T00:05:10.000123+05:00')
-        data['access']['token']['expires'] = '2000-01-01T00:05:10.000123+05:00'
+            expires='1999-12-31T19:05:10Z')
+        expires = auth_token._get_token_expiration(data)
         self.assertRaises(auth_token.InvalidToken,
                           auth_token._confirm_token_not_expired,
-                          data)
+                          expires)
+
+    def test_v3_token_get_token_expiration_return_isotime(self):
+        data = self.create_v3_token_fixture()
+        actual_expires = auth_token._get_token_expiration(data)
+        self.assertEqual(self.one_hour_earlier, actual_expires)
 
     def test_v3_token_not_expired(self):
         data = self.create_v3_token_fixture()
         expected_expires = data['token']['expires_at']
-        actual_expires = auth_token._confirm_token_not_expired(data)
+        actual_expires = auth_token._get_token_expiration(data)
         self.assertEqual(actual_expires, expected_expires)
 
     def test_v3_token_expired(self):
         data = self.create_v3_token_fixture(expires=self.one_hour_ago)
+        expires = auth_token._get_token_expiration(data)
         self.assertRaises(auth_token.InvalidToken,
                           auth_token._confirm_token_not_expired,
-                          data)
+                          expires)
 
     def test_v3_token_with_timezone_offset_not_expired(self):
         self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
         data = self.create_v3_token_fixture(
-            expires='2000-01-01T00:05:10.000123-05:00')
+            expires='2000-01-01T05:05:10.000123Z')
         expected_expires = '2000-01-01T05:05:10.000123Z'
 
-        actual_expires = auth_token._confirm_token_not_expired(data)
+        actual_expires = auth_token._get_token_expiration(data)
         self.assertEqual(actual_expires, expected_expires)
 
     def test_v3_token_with_timezone_offset_expired(self):
         self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z'))
         data = self.create_v3_token_fixture(
-            expires='2000-01-01T00:05:10.000123+05:00')
+            expires='1999-12-31T19:05:10Z')
+        expires = auth_token._get_token_expiration(data)
         self.assertRaises(auth_token.InvalidToken,
                           auth_token._confirm_token_not_expired,
-                          data)
+                          expires)
 
     def test_cached_token_not_expired(self):
         token = 'mytoken'
author	Jenkins <jenkins@review.openstack.org>	2015-02-10 03:02:10 +0000
committer	Gerrit Code Review <review@openstack.org>	2015-02-10 03:02:10 +0000
commit	1f670d13d2980202cb7a5b9092bc94019ef6d113 (patch)
tree	315ff7b5b2e0b00a1aa116cb6a5a36435abbfbb0
parent	34487826a90e381ec425626384d8dfa51b9d5782 (diff)
parent	30c4794c37a2ee0d5e194465dac2c7043c62a7f9 (diff)
download	keystonemiddleware-1f670d13d2980202cb7a5b9092bc94019ef6d113.tar.gz