auth_token _cache_get checks token expired

When auth_token stores the token in the cache, it's stored with the expiration time; but when the token is retrieved from the cache, if the expiration time has passed the token is treated as if it wasn't cached. This creates extra work because now auth_token has to check the token expiration (either by decrypting the PKI token or online validation for UUID tokens). With this change, getting the token from the cache will fail if the expiration is past. Change-Id: Id0ec6b3c2e5af4a2d910f16da4e0312733fc2198
2014-05-30 10:02:51 -05:00
parent f83115b4a6
commit 1e265faf15
2 changed files with 6 additions and 2 deletions
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -1518,6 +1518,7 @@ class TokenCache(object):
            return data
        else:
            self.LOG.debug('Cached Token seems expired')
+            raise InvalidUserToken('Token authorization failed')

    def _cache_store(self, token_id, data):
        """Store value into memcache.
--- a/keystoneclient/tests/test_auth_token_middleware.py
+++ b/keystoneclient/tests/test_auth_token_middleware.py
@@ -28,6 +28,7 @@ import iso8601
 import mock
 import testresources
 import testtools
+from testtools import matchers
 import webob

 from keystoneclient import access
@@ -1904,7 +1905,8 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
        some_time_earlier = timeutils.strtime(at=(self.now - self.delta))
        expires = some_time_earlier
        self.middleware._token_cache.store(token, data, expires)
-        self.assertIsNone(self.middleware._token_cache._cache_get(token))
+        self.assertThat(lambda: self.middleware._token_cache._cache_get(token),
+                        matchers.raises(auth_token.InvalidUserToken))

    def test_cached_token_with_timezone_offset_not_expired(self):
        token = 'mytoken'
@@ -1926,7 +1928,8 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
        some_time_earlier = self.now - timezone_offset - self.delta
        expires = timeutils.strtime(some_time_earlier) + '-02:00'
        self.middleware._token_cache.store(token, data, expires)
-        self.assertIsNone(self.middleware._token_cache._cache_get(token))
+        self.assertThat(lambda: self.middleware._token_cache._cache_get(token),
+                        matchers.raises(auth_token.InvalidUserToken))


 class CatalogConversionTests(BaseAuthTokenMiddlewareTest):