summaryrefslogtreecommitdiff
path: root/keystoneclient/middleware/auth_token.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystoneclient/middleware/auth_token.py')
-rw-r--r--keystoneclient/middleware/auth_token.py21
1 files changed, 17 insertions, 4 deletions
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 52605f4..ea62db3 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -326,10 +326,12 @@ def confirm_token_not_expired(data):
timestamp = data['token']['expires_at']
else:
raise InvalidUserToken('Token authorization failed')
- expires = timeutils.parse_isotime(timestamp).strftime('%s')
- if time.time() >= float(expires):
+ expires = timeutils.parse_isotime(timestamp)
+ expires = timeutils.normalize_time(expires)
+ utcnow = timeutils.utcnow()
+ if utcnow >= expires:
raise InvalidUserToken('Token authorization failed')
- return expires
+ return timeutils.isotime(at=expires, subsecond=True)
def safe_quote(s):
@@ -999,7 +1001,18 @@ class AuthProtocol(object):
raise InvalidUserToken('Token authorization failed')
data, expires = cached
- if ignore_expires or time.time() < float(expires):
+
+ try:
+ expires = timeutils.parse_isotime(expires)
+ except ValueError:
+ # Gracefully handle upgrade of expiration times from *nix
+ # timestamps to ISO 8601 formatted dates by ignoring old cached
+ # values.
+ return
+
+ expires = timeutils.normalize_time(expires)
+ utcnow = timeutils.utcnow()
+ if ignore_expires or utcnow < expires:
self.LOG.debug('Returning cached token %s', token_id)
return data
else: