← Back to branch summary

~ubuntu-branches/debian/jessie/keystone/jessie

« back to all changes in this revision

Viewing changes to tests/test_content_types.py

  • Committer: Package Import Robot
  • Author(s): Thomas Goirand
  • Date: 2012-10-01 05:52:23 UTC
  • Revision ID: package-import@ubuntu.com-20121001055223-7fldz5pv6lc80w9f
Tags: 2012.1.1-9
http://bugs.debian.org/689210
* Fixes sometimes failing keystone.postrm (db_get in some conditions can
return false), and fixed non-consistant indenting.
* Uses /usr/share/keystone/keystone.conf instead of /usr/share/doc/keystone
/keystone.conf.sample for temporary storing the conf file (this was a policy
violation, as the doc folder should never be required).
* Fixes CVE-2012-4457: fails to raise Unauthorized user error for disabled,
CVE-2012-4456: fails to validate tokens in Admin API (Closes: #689210).

Show diffs side-by-side

added added

removed removed

Lines of Context:
tests/test_content_types.py
16
16
 
17
17
import httplib
18
18
import json
 
19
import uuid
19
20
 
20
21
from lxml import etree
21
22
import nose.exc
554
555
    def assertValidVersionResponse(self, r):
555
556
        self.assertValidVersion(r.body.get('version'))
556
557
 
 
558
    def test_user_role_list_requires_auth(self):
 
559
        """User role list should 401 without an X-Auth-Token (bug 1006815)."""
 
560
        # values here don't matter because we should 401 before they're checked
 
561
        path = '/v2.0/tenants/%(tenant_id)s/users/%(user_id)s/roles' % {
 
562
                'tenant_id': uuid.uuid4().hex,
 
563
                'user_id': uuid.uuid4().hex,
 
564
        }
 
565
 
 
566
        r = self.admin_request(path=path, expected_status=401)
 
567
        self.assertValidErrorResponse(r)
 
568
 
 
569
    def test_service_crud_requires_auth(self):
 
570
        """Service CRUD should 401 without an X-Auth-Token (bug 1006822)."""
 
571
        # values here don't matter because we should 401 before they're checked
 
572
        service_path = '/v2.0/OS-KSADM/services/%s' % uuid.uuid4().hex
 
573
        service_body = {
 
574
                'OS-KSADM:service': {
 
575
                    'name': uuid.uuid4().hex,
 
576
                    'type': uuid.uuid4().hex,
 
577
                    },
 
578
                }
 
579
 
 
580
        r = self.admin_request(method='GET',
 
581
                               path='/v2.0/OS-KSADM/services',
 
582
                               expected_status=401)
 
583
        self.assertValidErrorResponse(r)
 
584
 
 
585
        r = self.admin_request(method='POST',
 
586
                               path='/v2.0/OS-KSADM/services',
 
587
                               body=service_body,
 
588
                               expected_status=401)
 
589
        self.assertValidErrorResponse(r)
 
590
 
 
591
        r = self.admin_request(method='GET',
 
592
                               path=service_path,
 
593
                               expected_status=401)
 
594
        self.assertValidErrorResponse(r)
 
595
 
 
596
        r = self.admin_request(method='DELETE',
 
597
                               path=service_path,
 
598
                               expected_status=401)
 
599
        self.assertValidErrorResponse(r)
 
600
 
557
601
 
558
602
class XmlTestCase(RestfulTestCase, CoreApiTests):
559
603
    xmlns = 'http://docs.openstack.org/identity/api/v2.0'