auth_token _cache_get checks token expired

When auth_token stores the token in the cache, it's stored with
the expiration time; but when the token is retrieved from the
cache, if the expiration time has passed the token is treated as if
it wasn't cached. This creates extra work because now auth_token
has to check the token expiration (either by decrypting the PKI
token or online validation for UUID tokens).

With this change, getting the token from the cache will fail if the
expiration is past.

Change-Id: Id0ec6b3c2e5af4a2d910f16da4e0312733fc2198

test_auth_token_middleware.py

@@ -28,6 +28,7 @@ import iso8601
 import mock
 import testresources
 import testtools
+from testtools import matchers
 import webob
 
 from keystoneclient import access
@@ -1904,7 +1905,8 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
         some_time_earlier = timeutils.strtime(at=(self.now - self.delta))
         expires = some_time_earlier
         self.middleware._token_cache.store(token, data, expires)
-        self.assertIsNone(self.middleware._token_cache._cache_get(token))
+        self.assertThat(lambda: self.middleware._token_cache._cache_get(token),
+                        matchers.raises(auth_token.InvalidUserToken))
 
     def test_cached_token_with_timezone_offset_not_expired(self):
         token = 'mytoken'
@@ -1926,7 +1928,8 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
         some_time_earlier = self.now - timezone_offset - self.delta
         expires = timeutils.strtime(some_time_earlier) + '-02:00'
         self.middleware._token_cache.store(token, data, expires)
-        self.assertIsNone(self.middleware._token_cache._cache_get(token))
+        self.assertThat(lambda: self.middleware._token_cache._cache_get(token),
+                        matchers.raises(auth_token.InvalidUserToken))
 
 
 class CatalogConversionTests(BaseAuthTokenMiddlewareTest):