keystonemiddleware

  1. Bug #1289075
  2. Comment #7

Comment 7 for bug 1289075

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/102399
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=40a2d48ba48aa3d38bed590dbc135d83553a9314
Submitter: Jenkins
Branch: master

commit 40a2d48ba48aa3d38bed590dbc135d83553a9314
Author: Brant Knudson <email address hidden>
Date: Sun Aug 17 12:58:35 2014 -0500

    auth_token cached token handling

    auth_token handles tokens that are from its cache, uncached PKI
    (compressed and ASN, "offline validation") and UUID/hashed tokens
    ("online" validation).

    For all of these cases, the auth_token middleware was doing

    1) expiration check
    2) confirm token bind
    3) store in cache

    In some cases, some of these steps aren't necessary.

    When getting the token from the cache
    1) no expiration check is needed because the expiration time is
       stored as cache data and the token would be rejected during
       _cache_get.
    2) Storing in the cache is unnecessary because the token is
       already in the cache.

    When doing online validation, it's not necessary to do the
    expiration check because the identity server would have rejected
    the token if it was expired.

    Closes-Bug: #1289075
    Change-Id: I6afa98504215521538434f1f8a2d97585ce35de5