With fernet tokens, validate token loses the ms on 'expires' value
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Roxana Gherle | ||
Kilo |
Fix Released
|
Medium
|
Dolph Mathews |
Bug Description
With fernet tokens, the expires ms value is 0 when the token is validated. So the 'expires' on the post token and the get token are different; this is not the case with uuid tokens.
$ curl -s \
-H "Content-Type: application/json" \
-d '{ "auth":{ "tenantName"
-X POST $KEYSTONE_
post token portion of the response contains 'expires' with a ms value :
"token": {
],
"id": "gAAAAABVZ2OQu3
}
},
If this token is validated, the expires ms now show as 000000Z
$ curl -s \
-H "Content-Type: application/json" \
-H "X-Auth-Token: $ADMIN_TOKEN" \
-X GET $KEYSTONE_
get token portion of the response contains 'expires' with ms = 000000Z
],
"token": {
],
"id": "gAAAAABVZ14MKo
}
},
Changed in keystone: | |
assignee: | nobody → Deepti Ramakrishna (dramakri) |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Roxana Gherle (roxana-gherle) |
tags: | added: kilo-backport-potential |
Changed in keystone: | |
importance: | Low → Medium |
tags: | removed: kilo-backport-potential |
Changed in keystone: | |
milestone: | none → liberty-3 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | liberty-3 → 8.0.0 |
The report is accurate, but the assertion about which timestamp is "correct" is actually backward from what was intended.
The value returned on validation is correct, whereas the value returned during token creation mistakenly includes a decimal. The decimal portion of the expiration is never actually stored as a float in the token, so it should not be rendered during token creation with a zero decimal either.