commit 40a2d48ba48aa3d38bed590dbc135d83553a9314
Author: Brant Knudson <email address hidden>
Date: Sun Aug 17 12:58:35 2014 -0500
auth_token cached token handling
auth_token handles tokens that are from its cache, uncached PKI
(compressed and ASN, "offline validation") and UUID/hashed tokens
("online" validation).
For all of these cases, the auth_token middleware was doing
1) expiration check
2) confirm token bind
3) store in cache
In some cases, some of these steps aren't necessary.
When getting the token from the cache
1) no expiration check is needed because the expiration time is
stored as cache data and the token would be rejected during
_cache_get.
2) Storing in the cache is unnecessary because the token is
already in the cache.
When doing online validation, it's not necessary to do the
expiration check because the identity server would have rejected
the token if it was expired.
Reviewed: https:/ /review. openstack. org/102399 /git.openstack. org/cgit/ openstack/ keystonemiddlew are/commit/ ?id=40a2d48ba48 aa3d38bed590dbc 135d83553a9314
Committed: https:/
Submitter: Jenkins
Branch: master
commit 40a2d48ba48aa3d 38bed590dbc135d 83553a9314
Author: Brant Knudson <email address hidden>
Date: Sun Aug 17 12:58:35 2014 -0500
auth_token cached token handling
auth_token handles tokens that are from its cache, uncached PKI
(compressed and ASN, "offline validation") and UUID/hashed tokens
("online" validation).
For all of these cases, the auth_token middleware was doing
1) expiration check
2) confirm token bind
3) store in cache
In some cases, some of these steps aren't necessary.
When getting the token from the cache
1) no expiration check is needed because the expiration time is
stored as cache data and the token would be rejected during
_cache_get.
2) Storing in the cache is unnecessary because the token is
already in the cache.
When doing online validation, it's not necessary to do the
expiration check because the identity server would have rejected
the token if it was expired.
Closes-Bug: #1289075 1538434f1f8a2d9 7585ce35de5
Change-Id: I6afa9850421552