openstack/deb-python-keystoneauth1
Code Issues Proposed changes

Increase minimum token life required

Browse Source 
MIN_TOKEN_LIFE_SECONDS is the number of seconds that the token provided
must be valid for to be used when making authentication requests. 1
second has always been a dumb number and was not based on any existing
value.

Because a user token may be reused by a service to make requests on
behalf of a user if the token is valid when sent it may not be valid for
the life of the request.

2 minutes is also an arbitrary value, but it should allow plenty of time
for service requests to complete before being rejected.

Closes-Bug: #1441910
Change-Id: I395a0770e72d1ec7904e656ca382a5270f793a8b
This commit is contained in:
Jamie Lennox
2015-04-02 10:15:29 +11:00
parent 746131c0ea
commit af6f1924eb
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
keystoneclient/auth/identity/base.py
View File

@@ -34,8 +34,9 @@ def get_options():
@six.add_metaclass(abc.ABCMeta) @six.add_metaclass(abc.ABCMeta)
class BaseIdentityPlugin(base.BaseAuthPlugin): class BaseIdentityPlugin(base.BaseAuthPlugin):
# we count a token as valid if it is valid for at least this many seconds # we count a token as valid (not needing refreshing) if it is valid for at
MIN_TOKEN_LIFE_SECONDS = 1 # least this many seconds before the token expiry time
MIN_TOKEN_LIFE_SECONDS = 120
def __init__(self, def __init__(self,
auth_url=None, auth_url=None,