From d01cde5a19d83736c9be235b27af8cc84ee01ed6 Mon Sep 17 00:00:00 2001 From: Boris Bobrov Date: Fri, 2 Aug 2024 15:16:10 +0200 Subject: [PATCH] Correct format for token expiration time Tokens with expiration time limited by application credentials had an incorrect format. Fix the format, control it with the test. Closes-Bug: 2075723 Change-Id: I09fe34541615090766a5c4a010a3f39756debedc --- keystone/tests/unit/test_v3_auth.py | 1 + keystone/token/provider.py | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/keystone/tests/unit/test_v3_auth.py b/keystone/tests/unit/test_v3_auth.py index 76a1721d00..fab748ab48 100644 --- a/keystone/tests/unit/test_v3_auth.py +++ b/keystone/tests/unit/test_v3_auth.py @@ -6411,6 +6411,7 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase): resp = self.v3_create_token( auth_data, expected_status=http.client.CREATED ) + self.assertValidTokenResponse(resp) token = resp.headers.get('X-Subject-Token') future = datetime.datetime.utcnow() + datetime.timedelta(minutes=2) with freezegun.freeze_time(future): diff --git a/keystone/token/provider.py b/keystone/token/provider.py index f9f503e4d2..acee559586 100644 --- a/keystone/token/provider.py +++ b/keystone/token/provider.py @@ -316,11 +316,13 @@ class Manager(manager.Manager): if (app_cred['expires_at'] is not None) and ( token_time > app_cred['expires_at'] ): - token.expires_at = app_cred['expires_at'].isoformat() + token.expires_at = utils.isotime( + app_cred['expires_at'], subsecond=True + ) LOG.debug( 'Resetting token expiration to the application' ' credential expiration: %s', - app_cred['expires_at'].isoformat(), + token.expires_at, ) token_id, issued_at = self.driver.generate_id_and_issued_at(token)