Attachment 650039 Details for Bug 879402 – CVE-2012-5563-keystone.patch includes test case

[patch] CVE-2012-5563-keystone.patch includes test case

CVE-2012-5563-keystone.patch (text/plain), 3.29 KB, created by Kurt Seifried on 2012-11-22 21:36:24 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Kurt Seifried

Created: 2012-11-22 21:36:24 UTC

Size: 3.29 KB

patch

obsolete

>diff --git a/keystone/service.py b/keystone/service.py
>index 539b687..a463ccc 100644
>--- a/keystone/service.py
>+++ b/keystone/service.py
>@@ -438,6 +438,7 @@ class TokenController(wsgi.Application):
>             self.token_api.create_token(
>                 context, token_id, dict(key=token_id,
>                                         id=token_id,
>+                                        expires=auth_token_data['expires'],
>                                         user=user_ref,
>                                         tenant=tenant_ref,
>                                         metadata=metadata_ref))
>diff --git a/tests/test_service.py b/tests/test_service.py
>new file mode 100644
>index 0000000..d92c996
>--- /dev/null
>+++ b/tests/test_service.py
>@@ -0,0 +1,77 @@
>+# Copyright 2012 OpenStack LLC
>+#
>+# Licensed under the Apache License, Version 2.0 (the "License"); you may
>+# not use this file except in compliance with the License. You may obtain
>+# a copy of the License at
>+#
>+#      http://www.apache.org/licenses/LICENSE-2.0
>+#
>+# Unless required by applicable law or agreed to in writing, software
>+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
>+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
>+# License for the specific language governing permissions and limitations
>+# under the License.
>+
>+import time
>+
>+import default_fixtures
>+
>+from keystone import config
>+from keystone import service
>+from keystone import test
>+from keystone.identity.backends import kvs as kvs_identity
>+
>+
>+CONF = config.CONF
>+
>+
>+class TokenExpirationTest(test.TestCase):
>+    def setUp(self):
>+        super(TokenExpirationTest, self).setUp()
>+        self.identity_api = kvs_identity.Identity()
>+        self.load_fixtures(default_fixtures)
>+        self.api = service.TokenController()
>+
>+    def _maintain_token_expiration(self):
>+        """Token expiration should be maintained after re-auth & validation."""
>+        r = self.api.authenticate(
>+            {},
>+            auth={
>+                'passwordCredentials': {
>+                    'username': self.user_foo['name'],
>+                    'password': self.user_foo['password']
>+                }
>+            })
>+        unscoped_token_id = r['access']['token']['id']
>+        original_expiration = r['access']['token']['expires']
>+
>+        time.sleep(0.5)
>+
>+        r = self.api.validate_token(
>+            dict(is_admin=True, query_string={}),
>+            token_id=unscoped_token_id)
>+        self.assertEqual(original_expiration, r['access']['token']['expires'])
>+
>+        time.sleep(0.5)
>+
>+        r = self.api.authenticate(
>+            {},
>+            auth={
>+                'token': {
>+                    'id': unscoped_token_id,
>+                },
>+                'tenantId': self.tenant_bar['id'],
>+            })
>+        scoped_token_id = r['access']['token']['id']
>+        self.assertEqual(original_expiration, r['access']['token']['expires'])
>+
>+        time.sleep(0.5)
>+
>+        r = self.api.validate_token(
>+            dict(is_admin=True, query_string={}),
>+            token_id=scoped_token_id)
>+        self.assertEqual(original_expiration, r['access']['token']['expires'])
>+
>+    def test_maintain_uuid_token_expiration(self):
>+        CONF.signing.token_format = 'UUID'
>+        self._maintain_token_expiration()
>

Actions: View | Diff

Attachments on bug 879402: 650039