From cb122095cfdbe86bdde3950fa69f4676e0d3de1c Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Mon, 8 Oct 2012 11:20:24 -0400
Subject: Fixes Bug 1063852

Add in the issue time, to prevent a race condition where a token is issued and
revoked, and then a request for an additional token is processed identical
to the first.  Each token now contains the issue time to make it unique.

(moving changing default to PKI to separate review)

Change-Id: I26ed5b3bb31840f5baaf64dbcbeac477e4d71afd
---
 keystone/service.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/keystone/service.py b/keystone/service.py
index dfd80714..f6d0edb9 100644
--- a/keystone/service.py
+++ b/keystone/service.py
@@ -567,11 +567,13 @@ class TokenController(wsgi.Application):
         user_ref = token_ref['user']
         metadata_ref = token_ref['metadata']
         expires = token_ref['expires']
+        issue_time = timeutils.utcnow().time().isoformat()
         if expires is not None:
             if not isinstance(expires, unicode):
                 expires = timeutils.isotime(expires)
         o = {'access': {'token': {'id': token_ref['id'],
                                   'expires': expires,
+                                  'issued_at': issue_time
                                   },
                         'user': {'id': user_ref['id'],
                                  'name': user_ref['name'],
-- 
cgit