Fixes Bug 1063852

Add in the issue time, to prevent a race condition where a token is issued and revoked, and then a request for an additional token is processed identical to the first. Each token now contains the issue time to make it unique. (moving changing default to PKI to separate review) Change-Id: I26ed5b3bb31840f5baaf64dbcbeac477e4d71afd
author: Adam Young <ayoung@redhat.com> 2012-10-08 11:20:24 -0400
committer: Joe Heck <heckj@mac.com> 2012-10-19 12:42:26 -0700
commit: cb122095cfdbe86bdde3950fa69f4676e0d3de1c (patch)
tree: 723473726f55ce36223b9547f71913620067364a
parent: 8236d3b4f6945f6057252e6bc195bec103e9b12d (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/keystone/service.py b/keystone/service.py
index dfd80714..f6d0edb9 100644
--- a/keystone/service.py
+++ b/keystone/service.py
@@ -567,11 +567,13 @@ class TokenController(wsgi.Application):
         user_ref = token_ref['user']
         metadata_ref = token_ref['metadata']
         expires = token_ref['expires']
+        issue_time = timeutils.utcnow().time().isoformat()
         if expires is not None:
             if not isinstance(expires, unicode):
                 expires = timeutils.isotime(expires)
         o = {'access': {'token': {'id': token_ref['id'],
                                   'expires': expires,
+                                  'issued_at': issue_time
                                   },
                         'user': {'id': user_ref['id'],
                                  'name': user_ref['name'],
author	Adam Young <ayoung@redhat.com>	2012-10-08 11:20:24 -0400
committer	Joe Heck <heckj@mac.com>	2012-10-19 12:42:26 -0700
commit	cb122095cfdbe86bdde3950fa69f4676e0d3de1c (patch)
tree	723473726f55ce36223b9547f71913620067364a
parent	8236d3b4f6945f6057252e6bc195bec103e9b12d (diff)