commit 9f63506d6a94fed6fdc731af125508e499ae2757
Author: Dolph Mathews <dolph.mathews@gmail.com>
Date:   Thu Nov 15 16:10:45 2012 -0600

    Ensure token expiration is maintained (bug 1079216)
    
    Change-Id: I78e719746909301652aa9ecb772329fcad397141

diff --git a/keystone/service.py b/keystone/service.py
index 539b687..a463ccc 100644
--- a/keystone/service.py
+++ b/keystone/service.py
@@ -438,6 +438,7 @@ class TokenController(wsgi.Application):
             self.token_api.create_token(
                 context, token_id, dict(key=token_id,
                                         id=token_id,
+                                        expires=auth_token_data['expires'],
                                         user=user_ref,
                                         tenant=tenant_ref,
                                         metadata=metadata_ref))
diff --git a/tests/test_service.py b/tests/test_service.py
new file mode 100644
index 0000000..d92c996
--- /dev/null
+++ b/tests/test_service.py
@@ -0,0 +1,77 @@
+# Copyright 2012 OpenStack LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import time
+
+import default_fixtures
+
+from keystone import config
+from keystone import service
+from keystone import test
+from keystone.identity.backends import kvs as kvs_identity
+
+
+CONF = config.CONF
+
+
+class TokenExpirationTest(test.TestCase):
+    def setUp(self):
+        super(TokenExpirationTest, self).setUp()
+        self.identity_api = kvs_identity.Identity()
+        self.load_fixtures(default_fixtures)
+        self.api = service.TokenController()
+
+    def _maintain_token_expiration(self):
+        """Token expiration should be maintained after re-auth & validation."""
+        r = self.api.authenticate(
+            {},
+            auth={
+                'passwordCredentials': {
+                    'username': self.user_foo['name'],
+                    'password': self.user_foo['password']
+                }
+            })
+        unscoped_token_id = r['access']['token']['id']
+        original_expiration = r['access']['token']['expires']
+
+        time.sleep(0.5)
+
+        r = self.api.validate_token(
+            dict(is_admin=True, query_string={}),
+            token_id=unscoped_token_id)
+        self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+        time.sleep(0.5)
+
+        r = self.api.authenticate(
+            {},
+            auth={
+                'token': {
+                    'id': unscoped_token_id,
+                },
+                'tenantId': self.tenant_bar['id'],
+            })
+        scoped_token_id = r['access']['token']['id']
+        self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+        time.sleep(0.5)
+
+        r = self.api.validate_token(
+            dict(is_admin=True, query_string={}),
+            token_id=scoped_token_id)
+        self.assertEqual(original_expiration, r['access']['token']['expires'])
+
+    def test_maintain_uuid_token_expiration(self):
+        CONF.signing.token_format = 'UUID'
+        self._maintain_token_expiration()