Merge "Don't validate token expiry in the persistence backend"
This commit is contained in:
commit
08b87caf77
@ -23,7 +23,6 @@ from six.moves import range
|
|||||||
import keystone.conf
|
import keystone.conf
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone.tests import unit
|
from keystone.tests import unit
|
||||||
from keystone.tests.unit import utils as test_utils
|
|
||||||
from keystone.token import provider
|
from keystone.token import provider
|
||||||
|
|
||||||
|
|
||||||
@ -234,21 +233,6 @@ class TokenTests(object):
|
|||||||
self.token_provider_api._persistence.delete_token,
|
self.token_provider_api._persistence.delete_token,
|
||||||
uuid.uuid4().hex)
|
uuid.uuid4().hex)
|
||||||
|
|
||||||
def test_expired_token(self):
|
|
||||||
token_id = uuid.uuid4().hex
|
|
||||||
expire_time = timeutils.utcnow() - datetime.timedelta(minutes=1)
|
|
||||||
data = {'id_hash': token_id, 'id': token_id, 'a': 'b',
|
|
||||||
'expires': expire_time,
|
|
||||||
'trust_id': None,
|
|
||||||
'user': {'id': 'testuserid'}}
|
|
||||||
data_ref = self.token_provider_api._persistence.create_token(token_id,
|
|
||||||
data)
|
|
||||||
data_ref.pop('user_id')
|
|
||||||
self.assertDictEqual(data, data_ref)
|
|
||||||
self.assertRaises(exception.TokenNotFound,
|
|
||||||
self.token_provider_api._persistence.get_token,
|
|
||||||
token_id)
|
|
||||||
|
|
||||||
def test_null_expires_token(self):
|
def test_null_expires_token(self):
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
data = {'id': token_id, 'id_hash': token_id, 'a': 'b', 'expires': None,
|
data = {'id': token_id, 'id_hash': token_id, 'a': 'b', 'expires': None,
|
||||||
@ -432,32 +416,6 @@ class TokenTests(object):
|
|||||||
token_id, data = self.create_token_sample_data(user_id=user_id)
|
token_id, data = self.create_token_sample_data(user_id=user_id)
|
||||||
self.token_provider_api._persistence.get_token(token_id)
|
self.token_provider_api._persistence.get_token(token_id)
|
||||||
|
|
||||||
def test_token_expire_timezone(self):
|
|
||||||
|
|
||||||
@test_utils.timezone
|
|
||||||
def _create_token(expire_time):
|
|
||||||
token_id = uuid.uuid4().hex
|
|
||||||
user_id = six.text_type(uuid.uuid4().hex)
|
|
||||||
return self.create_token_sample_data(token_id=token_id,
|
|
||||||
user_id=user_id,
|
|
||||||
expires=expire_time)
|
|
||||||
|
|
||||||
for d in ['+0', '-11', '-8', '-5', '+5', '+8', '+14']:
|
|
||||||
test_utils.TZ = 'UTC' + d
|
|
||||||
expire_time = timeutils.utcnow() + datetime.timedelta(minutes=1)
|
|
||||||
token_id, data_in = _create_token(expire_time)
|
|
||||||
data_get = self.token_provider_api._persistence.get_token(token_id)
|
|
||||||
|
|
||||||
self.assertEqual(data_in['id'], data_get['id'],
|
|
||||||
'TZ=%s' % test_utils.TZ)
|
|
||||||
|
|
||||||
expire_time_expired = (
|
|
||||||
timeutils.utcnow() + datetime.timedelta(minutes=-1))
|
|
||||||
token_id, data_in = _create_token(expire_time_expired)
|
|
||||||
self.assertRaises(exception.TokenNotFound,
|
|
||||||
self.token_provider_api._persistence.get_token,
|
|
||||||
data_in['id'])
|
|
||||||
|
|
||||||
|
|
||||||
class TokenCacheInvalidation(object):
|
class TokenCacheInvalidation(object):
|
||||||
def _create_test_data(self):
|
def _create_test_data(self):
|
||||||
|
@ -18,7 +18,6 @@ import abc
|
|||||||
import copy
|
import copy
|
||||||
|
|
||||||
from oslo_log import log
|
from oslo_log import log
|
||||||
from oslo_utils import timeutils
|
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from keystone.common import cache
|
from keystone.common import cache
|
||||||
@ -52,22 +51,8 @@ class PersistenceManager(manager.Manager):
|
|||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(PersistenceManager, self).__init__(CONF.token.driver)
|
super(PersistenceManager, self).__init__(CONF.token.driver)
|
||||||
|
|
||||||
def _assert_valid(self, token_id, token_ref):
|
|
||||||
"""Raise TokenNotFound if the token is expired."""
|
|
||||||
current_time = timeutils.normalize_time(timeutils.utcnow())
|
|
||||||
expires = token_ref.get('expires')
|
|
||||||
if not expires or current_time > timeutils.normalize_time(expires):
|
|
||||||
raise exception.TokenNotFound(token_id=token_id)
|
|
||||||
|
|
||||||
def get_token(self, token_id):
|
def get_token(self, token_id):
|
||||||
unique_id = utils.generate_unique_id(token_id)
|
return self._get_token(utils.generate_unique_id(token_id))
|
||||||
token_ref = self._get_token(unique_id)
|
|
||||||
# NOTE(morganfainberg): Lift expired checking to the manager, there is
|
|
||||||
# no reason to make the drivers implement this check. With caching,
|
|
||||||
# self._get_token could return an expired token. Make sure we behave
|
|
||||||
# as expected and raise TokenNotFound on those instances.
|
|
||||||
self._assert_valid(token_id, token_ref)
|
|
||||||
return token_ref
|
|
||||||
|
|
||||||
@MEMOIZE
|
@MEMOIZE
|
||||||
def _get_token(self, token_id):
|
def _get_token(self, token_id):
|
||||||
|
Loading…
Reference in New Issue
Block a user