** Also affects: ossa
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1348820
Title:
Token issued_at time changes on /v3/auth/token GET requests
Status in OpenStack Identity (Keystone):
Fix Committed
Status in OpenStack Security Advisories:
New
Bug description:
Steps to recreate
1.) Generate a v2.0
token http://pasteraw.com/37q9v3y80tlydltujo7vwfk7gcabggf
2.) Pull token from the body of the response and use the /v3/auth/tokens/ GET
api call to verify the token
http://pasteraw.com/3oycofc541dil3d7hkzhihlcxlthqg4
Notice that the 'issued_at' time of the token has changed.
3.) Repeat step 2 and notice that the 'issued_at' time of the same token
changes again.
http://pasteraw.com/9wgyrmawewer1ptv5ct58w7pcrfb7zt
The 'issued_at' time of a token should not change when validating the
token using /v3/auth/token GET api call.
This is because the issued_at time is being overwritten on GET here:
https://github.com/openstack/keystone/blob/83c7805ed3787303f8497bc479469d9071783107/keystone/token/providers/common.py#L319
This seems like it has been written strictly for POSTs? In the case of
POST, the issued_at time needs to be generated, in the case of HEAD or
GET, the issued_at time should already exist.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1348820/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
