diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-05-28 16:51:00 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-05-28 16:51:00 +0000 |
| commit | 111e7304f5bc9e7a2c726084038b5f8692ec940a (patch) | |
| tree | e482efecb9f1867b15772e1ce273b34675da9db5 /keystoneclient | |
| parent | d202da568441341f4f6abce2894016164a0562e0 (diff) | |
| parent | 8fe7a822d3fd9f435bb4a73a838b380659196cf7 (diff) | |
| download | python-keystoneclient-0.2.4.tar.gz | |
Merge "Check Expiry"0.2.4
Diffstat (limited to 'keystoneclient')
| -rw-r--r-- | keystoneclient/middleware/auth_token.py | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index befa79e..6907397 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -697,7 +697,8 @@ class AuthProtocol(object): data = json.loads(verified) else: data = self.verify_uuid_token(user_token, retry) - self._cache_put(token_id, data) + expires = self._confirm_token_not_expired(data) + self._cache_put(token_id, data, expires) return data except Exception as e: self.LOG.debug('Token validation failure.', exc_info=True) @@ -931,23 +932,31 @@ class AuthProtocol(object): data_to_store, timeout=self.token_cache_time) - def _cache_put(self, token, data): + def _confirm_token_not_expired(self, data): + if not data: + raise InvalidUserToken('Token authorization failed') + if self._token_is_v2(data): + timestamp = data['access']['token']['expires'] + elif self._token_is_v3(data): + timestamp = data['token']['expires_at'] + else: + raise InvalidUserToken('Token authorization failed') + expires = timeutils.parse_isotime(timestamp).strftime('%s') + if time.time() >= float(expires): + self.LOG.debug('Token expired a %s', timestamp) + raise InvalidUserToken('Token authorization failed') + return expires + + def _cache_put(self, token, data, expires): """ Put token data into the cache. Stores the parsed expire date in cache allowing quick check of token freshness on retrieval. + """ - if self._cache and data: - if self._token_is_v2(data): - timestamp = data['access']['token']['expires'] - elif self._token_is_v3(data): - timestamp = data['token']['expires_at'] - else: - self.LOG.error('invalid token format') - return - expires = timeutils.parse_isotime(timestamp).strftime('%s') - self.LOG.debug('Storing %s token in memcache', token) - self._cache_store(token, data, expires) + if self._cache: + self.LOG.debug('Storing %s token in memcache', token) + self._cache_store(token, data, expires) def _cache_store_invalid(self, token): """Store invalid token in cache.""" |