Make "ttl" reflect the actual TTL of the token in lookup calls.

Add a new value "creation_ttl" which holds the value at creation time.

Fixes #986
This commit is contained in:
Jeff Mitchell 2016-02-01 11:16:32 -05:00
parent 0f5db5da6c
commit ff3adce39e
4 changed files with 20 additions and 6 deletions

View File

@ -126,6 +126,7 @@ func TestLogical_StandbyRedirect(t *testing.T) {
"orphan": true,
"id": root,
"ttl": float64(0),
"creation_ttl": float64(0),
},
"warnings": nilWarnings,
"auth": nil,

View File

@ -262,6 +262,7 @@ func TestSysGenerateRoot_Update_OTP(t *testing.T) {
"num_uses": float64(0),
"policies": []interface{}{"root"},
"orphan": true,
"creation_ttl": float64(0),
"ttl": float64(0),
"path": "auth/token/root",
}
@ -341,6 +342,7 @@ func TestSysGenerateRoot_Update_PGP(t *testing.T) {
"num_uses": float64(0),
"policies": []interface{}{"root"},
"orphan": true,
"creation_ttl": float64(0),
"ttl": float64(0),
"path": "auth/token/root",
}

View File

@ -77,9 +77,6 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
// Setup the framework endpoints
t.Backend = &framework.Backend{
// Allow a token lease to be extended indefinitely, but each time for only
// as much as the original lease allowed for. If the lease has a 1 hour expiration,
// it can only be extended up to another hour each time this means.
AuthRenew: t.authRenew,
PathsSpecial: &logical.Paths{
@ -841,7 +838,8 @@ func (ts *TokenStore) handleLookup(
"num_uses": out.NumUses,
"orphan": false,
"creation_time": int64(out.CreationTime),
"ttl": int64(out.TTL.Seconds()),
"creation_ttl": int64(out.TTL.Seconds()),
"ttl": int64(0),
},
}
@ -854,9 +852,14 @@ func (ts *TokenStore) handleLookup(
if err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
}
if leaseTimes != nil && !leaseTimes.LastRenewalTime.IsZero() {
if leaseTimes != nil {
if !leaseTimes.LastRenewalTime.IsZero() {
resp.Data["last_renewal_time"] = leaseTimes.LastRenewalTime.Unix()
}
if !leaseTimes.ExpireTime.IsZero() {
resp.Data["ttl"] = int64(leaseTimes.ExpireTime.Sub(time.Now().Round(time.Second)).Seconds())
}
}
return resp, nil
}

View File

@ -837,6 +837,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
"display_name": "root",
"orphan": true,
"num_uses": 0,
"creation_ttl": int64(0),
"ttl": int64(0),
}
@ -868,6 +869,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
"display_name": "token",
"orphan": false,
"num_uses": 0,
"creation_ttl": int64(3600),
"ttl": int64(3600),
}
@ -876,6 +878,11 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
}
delete(resp.Data, "creation_time")
// Depending on timing of the test this may have ticked down, so accept 3599
if resp.Data["ttl"].(int64) == 3599 {
resp.Data["ttl"] = int64(3600)
}
if !reflect.DeepEqual(resp.Data, exp) {
t.Fatalf("bad:\n%#v\nexp:\n%#v\n", resp.Data, exp)
}
@ -964,6 +971,7 @@ func TestTokenStore_HandleRequest_LookupSelf(t *testing.T) {
"display_name": "root",
"orphan": true,
"num_uses": 0,
"creation_ttl": int64(0),
"ttl": int64(0),
}