Check Expiry

Explicitly checks the expiry on the tokens, and rejects tokens that have expired had to regenerate the sample data for the tokens as they all had been generated with values that are now expired. bug 1179615 Change-Id: Ie06500d446f55fd0ad67ea540c92d8cfc57483f4
author: Adam Young <ayoung@redhat.com> 2013-05-28 09:50:51 -0400
committer: Thierry Carrez <thierry@openstack.org> 2013-05-28 16:47:54 +0200
commit: 8fe7a822d3fd9f435bb4a73a838b380659196cf7 (patch)
tree: 7b69c55626b16dc6843e9bdc599485aaf160c89c /tests
parent: ef6530de45705c6e31021f8934570d7c48a60b8b (diff)
download: python-keystoneclient-8fe7a822d3fd9f435bb4a73a838b380659196cf7.tar.gz
1 files changed, 13 insertions, 1 deletions
diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py
index ae81293..83ea709 100644
--- a/tests/test_auth_token_middleware.py
+++ b/tests/test_auth_token_middleware.py
@@ -255,6 +255,9 @@ with open(os.path.join(signing_path, 'auth_v3_token_scoped.pem')) as f:
     SIGNED_v3_TOKEN_SCOPED = cms.cms_to_token(f.read())
 with open(os.path.join(signing_path, 'auth_token_revoked.pem')) as f:
     REVOKED_TOKEN = cms.cms_to_token(f.read())
+with open(os.path.join(signing_path,
+          'auth_token_scoped_expired.pem')) as f:
+    SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read())
 REVOKED_TOKEN_HASH = utils.hash_signed_token(REVOKED_TOKEN)
 with open(os.path.join(signing_path, 'auth_v3_token_revoked.pem')) as f:
     REVOKED_v3_TOKEN = cms.cms_to_token(f.read())
@@ -464,7 +467,7 @@ class BaseFakeHTTPConnection(object):
         body = jsonutils.dumps({
             'access': {
                 'token': {'id': 'admin_token2',
-                          'expires': '2012-10-03T16:58:01Z'}
+                          'expires': '2022-10-03T16:58:01Z'}
             },
         })
         return status, body
@@ -621,6 +624,7 @@ class BaseAuthTokenMiddlewareTest(testtools.TestCase):
                 'uuid_token_default': UUID_TOKEN_DEFAULT,
                 'uuid_token_unscoped': UUID_TOKEN_UNSCOPED,
                 'signed_token_scoped': SIGNED_TOKEN_SCOPED,
+                'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED,
                 'revoked_token': REVOKED_TOKEN,
                 'revoked_token_hash': REVOKED_TOKEN_HASH
             }
@@ -1020,6 +1024,13 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest):
         self.middleware(req.environ, self.start_fake_response)
         self.assertNotEqual(self._get_cached_token(token), None)
 
+    def test_expired(self):
+        req = webob.Request.blank('/')
+        token = self.token_dict['signed_token_scoped_expired']
+        req.headers['X-Auth-Token'] = token
+        self.middleware(req.environ, self.start_fake_response)
+        self.assertEqual(self.response_status, 401)
+
     def test_memcache_set_invalid(self):
         req = webob.Request.blank('/')
         token = 'invalid-token'
@@ -1358,6 +1369,7 @@ class v3AuthTokenMiddlewareTest(AuthTokenMiddlewareTest):
             'uuid_token_default': v3_UUID_TOKEN_DEFAULT,
             'uuid_token_unscoped': v3_UUID_TOKEN_UNSCOPED,
             'signed_token_scoped': SIGNED_v3_TOKEN_SCOPED,
+            'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED,
             'revoked_token': REVOKED_v3_TOKEN,
             'revoked_token_hash': REVOKED_v3_TOKEN_HASH
         }
author	Adam Young <ayoung@redhat.com>	2013-05-28 09:50:51 -0400
committer	Thierry Carrez <thierry@openstack.org>	2013-05-28 16:47:54 +0200
commit	8fe7a822d3fd9f435bb4a73a838b380659196cf7 (patch)
tree	7b69c55626b16dc6843e9bdc599485aaf160c89c /tests
parent	ef6530de45705c6e31021f8934570d7c48a60b8b (diff)
download	python-keystoneclient-8fe7a822d3fd9f435bb4a73a838b380659196cf7.tar.gz