diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-02-10 03:02:10 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-02-10 03:02:10 +0000 |
commit | 1f670d13d2980202cb7a5b9092bc94019ef6d113 (patch) | |
tree | 315ff7b5b2e0b00a1aa116cb6a5a36435abbfbb0 | |
parent | 34487826a90e381ec425626384d8dfa51b9d5782 (diff) | |
parent | 30c4794c37a2ee0d5e194465dac2c7043c62a7f9 (diff) | |
download | keystonemiddleware-1f670d13d2980202cb7a5b9092bc94019ef6d113.tar.gz |
Merge "iso expires should be returned in one place"
-rw-r--r-- | keystonemiddleware/auth_token.py | 16 | ||||
-rw-r--r-- | keystonemiddleware/tests/test_auth_token_middleware.py | 43 |
2 files changed, 35 insertions, 24 deletions
diff --git a/keystonemiddleware/auth_token.py b/keystonemiddleware/auth_token.py index 33476eb..6535002 100644 --- a/keystonemiddleware/auth_token.py +++ b/keystonemiddleware/auth_token.py @@ -396,22 +396,19 @@ def _get_token_expiration(data): if not data: raise InvalidToken(_('Token authorization failed')) if _token_is_v2(data): - timestamp = data['access']['token']['expires'] + return data['access']['token']['expires'] elif _token_is_v3(data): - timestamp = data['token']['expires_at'] + return data['token']['expires_at'] else: raise InvalidToken(_('Token authorization failed')) - expires = timeutils.parse_isotime(timestamp) - expires = timeutils.normalize_time(expires) - return expires -def _confirm_token_not_expired(data): - expires = _get_token_expiration(data) +def _confirm_token_not_expired(expires): + expires = timeutils.parse_isotime(expires) + expires = timeutils.normalize_time(expires) utcnow = timeutils.utcnow() if utcnow >= expires: raise InvalidToken(_('Token authorization failed')) - return timeutils.isotime(at=expires, subsecond=True) def _v3_to_v2_catalog(catalog): @@ -961,7 +958,8 @@ class AuthProtocol(object): if verified is not None: data = jsonutils.loads(verified) - expires = _confirm_token_not_expired(data) + expires = _get_token_expiration(data) + _confirm_token_not_expired(expires) else: data = self._identity_server.verify_token(token, retry) # No need to confirm token expiration here since diff --git a/keystonemiddleware/tests/test_auth_token_middleware.py b/keystonemiddleware/tests/test_auth_token_middleware.py index b9bff1c..67a0456 100644 --- a/keystonemiddleware/tests/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/test_auth_token_middleware.py @@ -1933,72 +1933,85 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest): def test_no_data(self): data = {} self.assertRaises(auth_token.InvalidToken, - auth_token._confirm_token_not_expired, + auth_token._get_token_expiration, data) def test_bad_data(self): data = {'my_happy_token_dict': 'woo'} self.assertRaises(auth_token.InvalidToken, - auth_token._confirm_token_not_expired, + auth_token._get_token_expiration, data) + def test_v2_token_get_token_expiration_return_isotime(self): + data = self.create_v2_token_fixture() + actual_expires = auth_token._get_token_expiration(data) + self.assertEqual(self.one_hour_earlier, actual_expires) + def test_v2_token_not_expired(self): data = self.create_v2_token_fixture() expected_expires = data['access']['token']['expires'] - actual_expires = auth_token._confirm_token_not_expired(data) + actual_expires = auth_token._get_token_expiration(data) self.assertEqual(actual_expires, expected_expires) def test_v2_token_expired(self): data = self.create_v2_token_fixture(expires=self.one_hour_ago) + expires = auth_token._get_token_expiration(data) self.assertRaises(auth_token.InvalidToken, auth_token._confirm_token_not_expired, - data) + expires) def test_v2_token_with_timezone_offset_not_expired(self): self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z')) data = self.create_v2_token_fixture( - expires='2000-01-01T00:05:10.000123-05:00') + expires='2000-01-01T05:05:10.000123Z') expected_expires = '2000-01-01T05:05:10.000123Z' - actual_expires = auth_token._confirm_token_not_expired(data) + actual_expires = auth_token._get_token_expiration(data) self.assertEqual(actual_expires, expected_expires) def test_v2_token_with_timezone_offset_expired(self): self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z')) data = self.create_v2_token_fixture( - expires='2000-01-01T00:05:10.000123+05:00') - data['access']['token']['expires'] = '2000-01-01T00:05:10.000123+05:00' + expires='1999-12-31T19:05:10Z') + expires = auth_token._get_token_expiration(data) self.assertRaises(auth_token.InvalidToken, auth_token._confirm_token_not_expired, - data) + expires) + + def test_v3_token_get_token_expiration_return_isotime(self): + data = self.create_v3_token_fixture() + actual_expires = auth_token._get_token_expiration(data) + self.assertEqual(self.one_hour_earlier, actual_expires) def test_v3_token_not_expired(self): data = self.create_v3_token_fixture() expected_expires = data['token']['expires_at'] - actual_expires = auth_token._confirm_token_not_expired(data) + actual_expires = auth_token._get_token_expiration(data) self.assertEqual(actual_expires, expected_expires) def test_v3_token_expired(self): data = self.create_v3_token_fixture(expires=self.one_hour_ago) + expires = auth_token._get_token_expiration(data) self.assertRaises(auth_token.InvalidToken, auth_token._confirm_token_not_expired, - data) + expires) def test_v3_token_with_timezone_offset_not_expired(self): self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z')) data = self.create_v3_token_fixture( - expires='2000-01-01T00:05:10.000123-05:00') + expires='2000-01-01T05:05:10.000123Z') expected_expires = '2000-01-01T05:05:10.000123Z' - actual_expires = auth_token._confirm_token_not_expired(data) + actual_expires = auth_token._get_token_expiration(data) self.assertEqual(actual_expires, expected_expires) def test_v3_token_with_timezone_offset_expired(self): self.useFixture(TimeFixture('2000-01-01T00:01:10.000123Z')) data = self.create_v3_token_fixture( - expires='2000-01-01T00:05:10.000123+05:00') + expires='1999-12-31T19:05:10Z') + expires = auth_token._get_token_expiration(data) self.assertRaises(auth_token.InvalidToken, auth_token._confirm_token_not_expired, - data) + expires) def test_cached_token_not_expired(self): token = 'mytoken' |