openstack
/
deb-keystone
Code Issues Proposed changes

Merge "Don't validate token expiry in the persistence backend"

This commit is contained in:
Jenkins 2016-10-07 06:06:32 +00:00 committed by Gerrit Code Review
parent be78383b80 cb43ea8700
commit 08b87caf77
2 changed files with 1 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
keystone/tests/unit/token/test_backends.py
View File

@ -23,7 +23,6 @@ from six.moves import range
import keystone.conf
from keystone import exception
from keystone.tests import unit
from keystone.tests.unit import utils as test_utils
from keystone.token import provider
@ -234,21 +233,6 @@ class TokenTests(object):
self.token_provider_api._persistence.delete_token,
uuid.uuid4().hex)
def test_expired_token(self):
token_id = uuid.uuid4().hex
expire_time = timeutils.utcnow() - datetime.timedelta(minutes=1)
data = {'id_hash': token_id, 'id': token_id, 'a': 'b',
'expires': expire_time,
'trust_id': None,
'user': {'id': 'testuserid'}}
data_ref = self.token_provider_api._persistence.create_token(token_id,
data)
data_ref.pop('user_id')
self.assertDictEqual(data, data_ref)
self.assertRaises(exception.TokenNotFound,
self.token_provider_api._persistence.get_token,
token_id)
def test_null_expires_token(self):
token_id = uuid.uuid4().hex
data = {'id': token_id, 'id_hash': token_id, 'a': 'b', 'expires': None,
@ -432,32 +416,6 @@ class TokenTests(object):
token_id, data = self.create_token_sample_data(user_id=user_id)
self.token_provider_api._persistence.get_token(token_id)
def test_token_expire_timezone(self):
@test_utils.timezone
def _create_token(expire_time):
token_id = uuid.uuid4().hex
user_id = six.text_type(uuid.uuid4().hex)
return self.create_token_sample_data(token_id=token_id,
user_id=user_id,
expires=expire_time)
for d in ['+0', '-11', '-8', '-5', '+5', '+8', '+14']:
test_utils.TZ = 'UTC' + d
expire_time = timeutils.utcnow() + datetime.timedelta(minutes=1)
token_id, data_in = _create_token(expire_time)
data_get = self.token_provider_api._persistence.get_token(token_id)
self.assertEqual(data_in['id'], data_get['id'],
'TZ=%s' % test_utils.TZ)
expire_time_expired = (
timeutils.utcnow() + datetime.timedelta(minutes=-1))
token_id, data_in = _create_token(expire_time_expired)
self.assertRaises(exception.TokenNotFound,
self.token_provider_api._persistence.get_token,
data_in['id'])
class TokenCacheInvalidation(object):
def _create_test_data(self):

17
keystone/token/persistence/core.py
View File

@ -18,7 +18,6 @@ import abc
import copy
from oslo_log import log
from oslo_utils import timeutils
import six
from keystone.common import cache
@ -52,22 +51,8 @@ class PersistenceManager(manager.Manager):
def __init__(self):
super(PersistenceManager, self).__init__(CONF.token.driver)
def _assert_valid(self, token_id, token_ref):
"""Raise TokenNotFound if the token is expired."""
current_time = timeutils.normalize_time(timeutils.utcnow())
expires = token_ref.get('expires')
if not expires or current_time > timeutils.normalize_time(expires):
raise exception.TokenNotFound(token_id=token_id)
def get_token(self, token_id):
unique_id = utils.generate_unique_id(token_id)
token_ref = self._get_token(unique_id)
# NOTE(morganfainberg): Lift expired checking to the manager, there is
# no reason to make the drivers implement this check. With caching,
# self._get_token could return an expired token. Make sure we behave
# as expected and raise TokenNotFound on those instances.
self._assert_valid(token_id, token_ref)
return token_ref
return self._get_token(utils.generate_unique_id(token_id))
@MEMOIZE
def _get_token(self, token_id):