← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #03206

[Bug 1079216] Re: [OSSA-2012-019] token expires time incorrect for auth by one token

  Thread PreviousDate PreviousThread Next 
** Summary changed:

- token expires time incorrect for auth by one token
+ [OSSA-2012-019] token expires time incorrect for auth by one token

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Fix Released

** Changed in: ossa
     Assignee: (unassigned) => Thierry Carrez (ttx)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1079216

Title:
  [OSSA-2012-019] token expires time incorrect for auth by one token

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone folsom series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released
Status in “keystone” package in Ubuntu:
  Fix Released
Status in “keystone” source package in Quantal:
  Fix Released

Bug description:
  curl -v -XGET -H "X-Auth-Token: ADMIN" http://127.0.0.1:35357/v2.0/tokens/1854c38f436a4980b22b310279e3b773
  response(skip something):
         "token": {
              "expires": "2012-11-16T13:24:31Z", 
              "id": "1854c38f436a4980b22b310279e3b773"
          },

  -------------------
  curl -X POST -H "Content-Type: application/json" -d '{"auth": {"token": {"id": "1854c38f436a4980b22b310279e3b773"}, "tenantId": "a2a2c50a344259647880964547228412"}}'  http://127.0.0.1:35357/v2.0/tokens | python -mjson.tool
  response:
          "token": {
              "expires": "2012-11-16T13:24:31Z",
              "id": "8c1b1343e57e4d24bf2b15013c453ad4",
               ...
          }, 

  
  ---------------------------------------------
  curl -v -XGET -H "X-Auth-Token: ADMIN" http://127.0.0.1:35357/v2.0/tokens/8c1b1343e57e4d24bf2b15013c453ad4 
  response:
          "token": {
              "expires": "2012-11-16T13:34:01Z", (It is not the same.)
              "id": "8c1b1343e57e4d24bf2b15013c453ad4", 
          }, 
  --------------------------------------
  If someone  get  a unexpired token id, he can extend use time forever without any password credentials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1079216/+subscriptions
  Thread PreviousDate PreviousThread Next