diff options
author | Brant Knudson <bknudson@us.ibm.com> | 2014-05-30 10:02:51 -0500 |
---|---|---|
committer | Brant Knudson <bknudson@us.ibm.com> | 2014-06-16 17:48:49 -0500 |
commit | 1e265faf15032ab91b82a840c6f0a1c96c0b0cfb (patch) | |
tree | c2ac826910d228107a7a340042be92d99f6a3064 /keystoneclient/middleware | |
parent | f83115b4a6d17c0acc27e2635b3adaa9c3b39c16 (diff) | |
download | python-keystoneclient-1e265faf15032ab91b82a840c6f0a1c96c0b0cfb.tar.gz |
auth_token _cache_get checks token expired
When auth_token stores the token in the cache, it's stored with
the expiration time; but when the token is retrieved from the
cache, if the expiration time has passed the token is treated as if
it wasn't cached. This creates extra work because now auth_token
has to check the token expiration (either by decrypting the PKI
token or online validation for UUID tokens).
With this change, getting the token from the cache will fail if the
expiration is past.
Change-Id: Id0ec6b3c2e5af4a2d910f16da4e0312733fc2198
Diffstat (limited to 'keystoneclient/middleware')
-rw-r--r-- | keystoneclient/middleware/auth_token.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index d6fe3dd..593518b 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -1518,6 +1518,7 @@ class TokenCache(object): return data else: self.LOG.debug('Cached Token seems expired') + raise InvalidUserToken('Token authorization failed') def _cache_store(self, token_id, data): """Store value into memcache. |