15
15
# License for the specific language governing permissions and limitations
16
16
# under the License.
23
import nova.api.openstack.compute
24
import nova.auth.manager
25
from nova.api.openstack import auth
26
21
from nova import context
28
22
from nova import test
29
23
from nova.tests.api.openstack import fakes
32
class Test(test.TestCase):
35
super(Test, self).setUp()
36
self.stubs.Set(auth.AuthMiddleware,
37
'__init__', fakes.fake_auth_init)
38
self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext)
39
fakes.FakeAuthManager.clear_fakes()
40
fakes.FakeAuthDatabase.data = {}
41
fakes.stub_out_rate_limiting(self.stubs)
42
fakes.stub_out_networking(self.stubs)
44
def test_authorize_user(self):
45
f = fakes.FakeAuthManager()
46
user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
49
req = webob.Request.blank('/v2/')
50
req.headers['X-Auth-User'] = 'user1'
51
req.headers['X-Auth-Key'] = 'user1_key'
52
req.headers['X-Auth-Project-Id'] = 'user1_project'
53
result = req.get_response(fakes.wsgi_app(fake_auth=False))
54
self.assertEqual(result.status, '204 No Content')
55
self.assertEqual(len(result.headers['X-Auth-Token']), 40)
57
def test_authorize_token(self):
58
f = fakes.FakeAuthManager()
59
user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
61
f.create_project('user1_project', user)
63
req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'})
64
req.headers['X-Auth-User'] = 'user1'
65
req.headers['X-Auth-Key'] = 'user1_key'
66
result = req.get_response(fakes.wsgi_app(fake_auth=False))
67
self.assertEqual(result.status, '204 No Content')
68
self.assertEqual(len(result.headers['X-Auth-Token']), 40)
69
self.assertEqual(result.headers['X-Server-Management-Url'],
70
"http://foo/v2/user1_project")
72
token = result.headers['X-Auth-Token']
73
self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
75
req = webob.Request.blank('/v2/user1_project')
76
req.headers['X-Auth-Token'] = token
77
result = req.get_response(fakes.wsgi_app(fake_auth=False))
78
self.assertEqual(result.status, '200 OK')
79
self.assertEqual(result.headers['X-Test-Success'], 'True')
81
def test_token_expiry(self):
82
self.destroy_called = False
84
def destroy_token_mock(meh, context, token):
85
self.destroy_called = True
87
def bad_token(meh, context, token_hash):
88
return fakes.FakeToken(
89
token_hash=token_hash,
90
created_at=datetime.datetime(1990, 1, 1))
92
self.stubs.Set(fakes.FakeAuthDatabase, 'auth_token_destroy',
95
self.stubs.Set(fakes.FakeAuthDatabase, 'auth_token_get',
98
req = webob.Request.blank('/v2/')
99
req.headers['X-Auth-Token'] = 'token_hash'
100
result = req.get_response(fakes.wsgi_app(fake_auth=False))
101
self.assertEqual(result.status, '401 Unauthorized')
102
self.assertEqual(self.destroy_called, True)
104
def test_authorize_project(self):
105
f = fakes.FakeAuthManager()
106
user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
108
f.create_project('user1_project', user)
109
f.create_project('user2_project', user)
111
req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'})
112
req.headers['X-Auth-User'] = 'user1'
113
req.headers['X-Auth-Key'] = 'user1_key'
114
result = req.get_response(fakes.wsgi_app(fake_auth=False))
115
self.assertEqual(result.status, '204 No Content')
117
token = result.headers['X-Auth-Token']
118
self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
120
req = webob.Request.blank('/v2/user2_project')
121
req.headers['X-Auth-Token'] = token
122
result = req.get_response(fakes.wsgi_app(fake_auth=False))
123
self.assertEqual(result.status, '200 OK')
124
self.assertEqual(result.headers['X-Test-Success'], 'True')
126
def test_bad_user_bad_key(self):
127
req = webob.Request.blank('/v2/')
128
req.headers['X-Auth-User'] = 'unknown_user'
129
req.headers['X-Auth-Key'] = 'unknown_user_key'
130
req.headers['X-Auth-Project-Id'] = 'user_project'
131
result = req.get_response(fakes.wsgi_app(fake_auth=False))
132
self.assertEqual(result.status, '401 Unauthorized')
134
def test_bad_user_good_key(self):
135
f = fakes.FakeAuthManager()
136
user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
139
req = webob.Request.blank('/v2/')
140
req.headers['X-Auth-User'] = 'unknown_user'
141
req.headers['X-Auth-Key'] = 'user1_key'
142
result = req.get_response(fakes.wsgi_app(fake_auth=False))
143
self.assertEqual(result.status, '401 Unauthorized')
145
def test_no_user(self):
146
req = webob.Request.blank('/v2/')
147
result = req.get_response(fakes.wsgi_app(fake_auth=False))
148
self.assertEqual(result.status, '401 Unauthorized')
150
def test_bad_token(self):
151
req = webob.Request.blank('/v2/')
152
req.headers['X-Auth-Token'] = 'unknown_token'
153
result = req.get_response(fakes.wsgi_app(fake_auth=False))
154
self.assertEqual(result.status, '401 Unauthorized')
156
def test_bad_project(self):
157
f = fakes.FakeAuthManager()
158
user1 = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
159
user2 = nova.auth.manager.User('id2', 'user2', 'user2_key', None, None)
162
f.create_project('user1_project', user1)
163
f.create_project('user2_project', user2)
165
req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'})
166
req.headers['X-Auth-User'] = 'user1'
167
req.headers['X-Auth-Key'] = 'user1_key'
168
result = req.get_response(fakes.wsgi_app(fake_auth=False))
169
self.assertEqual(result.status, '204 No Content')
171
token = result.headers['X-Auth-Token']
172
self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
174
req = webob.Request.blank('/v2/user2_project')
175
req.headers['X-Auth-Token'] = token
176
result = req.get_response(fakes.wsgi_app(fake_auth=False))
177
self.assertEqual(result.status, '401 Unauthorized')
179
def test_not_authorized_project(self):
180
f = fakes.FakeAuthManager()
181
user1 = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
183
f.create_project('user1_project', user1)
185
user2 = nova.auth.manager.User('id2', 'user2', 'user2_key', None, None)
187
f.create_project('user2_project', user2)
189
req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'})
190
req.headers['X-Auth-User'] = 'user1'
191
req.headers['X-Auth-Key'] = 'user1_key'
192
result = req.get_response(fakes.wsgi_app(fake_auth=False))
193
self.assertEqual(result.status, '204 No Content')
195
token = result.headers['X-Auth-Token']
196
self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
198
req = webob.Request.blank('/v2/user2_project')
199
req.headers['X-Auth-Token'] = token
200
result = req.get_response(fakes.wsgi_app(fake_auth=False))
201
self.assertEqual(result.status, '401 Unauthorized')
203
def test_auth_token_no_empty_headers(self):
204
f = fakes.FakeAuthManager()
205
user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
208
req = webob.Request.blank('/v2/')
209
req.headers['X-Auth-User'] = 'user1'
210
req.headers['X-Auth-Key'] = 'user1_key'
211
req.headers['X-Auth-Project-Id'] = 'user1_project'
212
result = req.get_response(fakes.wsgi_app(fake_auth=False))
213
self.assertEqual(result.status, '204 No Content')
214
self.assertEqual(len(result.headers['X-Auth-Token']), 40)
215
self.assertFalse('X-CDN-Management-Url' in result.headers)
216
self.assertFalse('X-Storage-Url' in result.headers)
219
class TestFunctional(test.TestCase):
220
def test_token_expiry(self):
221
ctx = context.get_admin_context()
222
tok = db.auth_token_create(ctx, dict(
223
token_hash='test_token_hash',
224
cdn_management_url='',
225
server_management_url='',
230
db.auth_token_update(ctx, tok.token_hash, dict(
231
created_at=datetime.datetime(2000, 1, 1, 12, 0, 0),
234
req = webob.Request.blank('/v2/')
235
req.headers['X-Auth-Token'] = 'test_token_hash'
236
result = req.get_response(fakes.wsgi_app(fake_auth=False))
237
self.assertEqual(result.status, '401 Unauthorized')
239
def test_token_doesnotexist(self):
240
req = webob.Request.blank('/v2/')
241
req.headers['X-Auth-Token'] = 'nonexistant_token_hash'
242
result = req.get_response(fakes.wsgi_app(fake_auth=False))
243
self.assertEqual(result.status, '401 Unauthorized')
246
class TestLimiter(test.TestCase):
248
super(TestLimiter, self).setUp()
249
self.stubs.Set(auth.AuthMiddleware,
250
'__init__', fakes.fake_auth_init)
251
self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext)
252
fakes.FakeAuthManager.clear_fakes()
253
fakes.FakeAuthDatabase.data = {}
254
fakes.stub_out_networking(self.stubs)
256
def test_authorize_token(self):
257
f = fakes.FakeAuthManager()
258
user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
260
f.create_project('test', user)
262
req = webob.Request.blank('/v2/')
263
req.headers['X-Auth-User'] = 'user1'
264
req.headers['X-Auth-Key'] = 'user1_key'
265
result = req.get_response(fakes.wsgi_app(fake_auth=False))
266
self.assertEqual(len(result.headers['X-Auth-Token']), 40)
268
token = result.headers['X-Auth-Token']
269
self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
271
req = webob.Request.blank('/v2/test')
273
req.headers['X-Auth-Token'] = token
274
result = req.get_response(fakes.wsgi_app(fake_auth=False))
275
self.assertEqual(result.status, '200 OK')
276
self.assertEqual(result.headers['X-Test-Success'], 'True')
279
26
class TestNoAuthMiddleware(test.TestCase):