← Back to branch summary

~ubuntu-branches/ubuntu/saucy/keystone/saucy-proposed

« back to all changes in this revision

Viewing changes to keystone/test/functional/test_auth.py

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2011-08-23 10:18:22 UTC
  • Revision ID: james.westby@ubuntu.com-20110823101822-enve6zceb3lqhuvj
Tags: upstream-1.0~d4~20110823.1078
ImportĀ upstreamĀ versionĀ 1.0~d4~20110823.1078

Show diffs side-by-side

added added

removed removed

Lines of Context:
keystone/test/functional/test_auth.py
 
1
import unittest2 as unittest
 
2
from keystone.test.functional import common
 
3
 
 
4
 
 
5
class TestAdminAuthentication(common.KeystoneTestCase):
 
6
    """Test admin-side user authentication"""
 
7
 
 
8
    def setUp(self):
 
9
        """Empty method to prevent KeystoneTestCase from authenticating"""
 
10
        pass
 
11
 
 
12
    def test_bootstrapped_admin_user(self):
 
13
        """Bootstrap script should create an 'admin' user with 'Admin' role"""
 
14
        # Authenticate as admin
 
15
        r = self.admin_request(method='POST', path='/tokens',
 
16
            as_json=self.admin_credentials)
 
17
 
 
18
        # Assert we get back a token with an expiration date
 
19
        self.assertTrue(r.json['auth']['token']['id'])
 
20
        self.assertTrue(r.json['auth']['token']['expires'])
 
21
 
 
22
 
 
23
class TestAdminAuthenticationNegative(common.KeystoneTestCase):
 
24
    """Negative test admin-side user authentication"""
 
25
 
 
26
    user_id = common.KeystoneTestCase._uuid()
 
27
    user_id2 = common.KeystoneTestCase._uuid()
 
28
    admin_token_backup = None
 
29
 
 
30
    def test_service_token_as_admin_token(self):
 
31
        """Admin actions should fail for mere service tokens"""
 
32
 
 
33
        # Admin create a user
 
34
        self.admin_request(method='PUT', path='/users',
 
35
            as_json={
 
36
                'user': {
 
37
                    'id': self.user_id,
 
38
                    'password': 'secrete',
 
39
                    'email': self.user_id + '@openstack.org',
 
40
                    'enabled': True}})
 
41
 
 
42
        # User authenticates to get a token
 
43
        r = self.service_request(method='POST', path='/tokens',
 
44
            as_json={
 
45
                'passwordCredentials': {
 
46
                    'username': self.user_id,
 
47
                    'password': 'secrete'}})
 
48
 
 
49
        self.service_token = r.json['auth']['token']['id']
 
50
 
 
51
        # Prepare to use the service token as an admin token
 
52
        self.admin_token_backup = self.admin_token
 
53
        self.admin_token = self.service_token
 
54
 
 
55
        # Try creating another user
 
56
        self.admin_request(method='PUT', path='/users', assert_status=401,
 
57
            as_json={
 
58
                'user': {
 
59
                    'id': self.user_id2,
 
60
                    'password': 'secrete',
 
61
                    'email': self.user_id2 + '@openstack.org',
 
62
                    'enabled': True}})
 
63
 
 
64
    def tearDown(self):
 
65
        # Restore our admin token so we can clean up
 
66
        self.admin_token = self.admin_token_backup
 
67
 
 
68
        # Delete user
 
69
        self.admin_request(method='DELETE', path='/users/%s' % self.user_id)
 
70
 
 
71
 
 
72
class TestServiceAuthentication(common.KeystoneTestCase):
 
73
    """Test service-side user authentication"""
 
74
 
 
75
    user_id = common.KeystoneTestCase._uuid()
 
76
 
 
77
    def setUp(self):
 
78
        super(TestServiceAuthentication, self).setUp()
 
79
 
 
80
        # Create a user
 
81
        self.admin_request(method='PUT', path='/users',
 
82
            as_json={
 
83
                'user': {
 
84
                    'id': self.user_id,
 
85
                    'password': 'secrete',
 
86
                    'email': self.user_id + '@openstack.org',
 
87
                    'enabled': True}})
 
88
 
 
89
    def tearDown(self):
 
90
        # Delete user
 
91
        self.admin_request(method='DELETE', path='/users/%s' % self.user_id)
 
92
 
 
93
    def test_user_auth(self):
 
94
        """Admin should be able to validate a user's token"""
 
95
        # Authenticate as user to get a token
 
96
        r = self.service_request(method='POST', path='/tokens',
 
97
            as_json={
 
98
                'passwordCredentials': {
 
99
                    'username': self.user_id,
 
100
                    'password': 'secrete'}})
 
101
 
 
102
        self.service_token = r.json['auth']['token']['id']
 
103
 
 
104
        # In the real world, the service user would then pass his/her token
 
105
        # to some service that depends on keystone, which would then need to
 
106
        # user keystone to validate the provided token.
 
107
 
 
108
        # Admin independently validates the user token
 
109
        r = self.admin_request(path='/tokens/%s' % self.service_token)
 
110
        self.assertTrue(r.json['auth']['token']['expires'])
 
111
        self.assertEqual(r.json['auth']['token']['id'], self.service_token)
 
112
        self.assertEqual(r.json['auth']['user']['username'], self.user_id)
 
113
        self.assertEqual(r.json['auth']['user']['roleRefs'], [])
 
114
 
 
115
    def test_get_request_fails(self):
 
116
        """GET /tokens should return a 404 (Github issue #5)"""
 
117
        r = self.service_request(method='GET', path='/tokens',
 
118
            assert_status=404,
 
119
            as_json={
 
120
                'passwordCredentials': {
 
121
                    'username': self.user_id,
 
122
                    'password': 'secrete'}})
 
123
 
 
124
    def test_user_auth_with_malformed_request_body(self):
 
125
        """Authenticating with unnexpected json returns a 400"""
 
126
        # Authenticate as user to get a token
 
127
        r = self.service_request(method='POST', path='/tokens',
 
128
            assert_status=400,
 
129
            as_json={
 
130
                'this-is-completely-wrong': {
 
131
                    'username': self.user_id,
 
132
                    'password': 'secrete'}})
 
133
 
 
134
    def test_user_auth_with_wrong_name(self):
 
135
        """Authenticating with an unknown username returns a 401"""
 
136
        # Authenticate as user to get a token
 
137
        r = self.service_request(method='POST', path='/tokens',
 
138
            assert_status=401,
 
139
            as_json={
 
140
                'passwordCredentials': {
 
141
                    'username': 'this-is-completely-wrong',
 
142
                    'password': 'secrete'}})
 
143
 
 
144
    def test_user_auth_with_no_name(self):
 
145
        """Authenticating without a username returns a 401"""
 
146
        # Authenticate as user to get a token
 
147
        r = self.service_request(method='POST', path='/tokens',
 
148
            assert_status=401,
 
149
            as_json={
 
150
                'passwordCredentials': {
 
151
                    'username': None,
 
152
                    'password': 'secrete'}})
 
153
 
 
154
    def test_user_auth_with_wrong_password(self):
 
155
        """Authenticating with an invalid password returns a 401"""
 
156
        # Authenticate as user to get a token
 
157
        r = self.service_request(method='POST', path='/tokens',
 
158
            assert_status=401,
 
159
            as_json={
 
160
                'passwordCredentials': {
 
161
                    'username': self.user_id,
 
162
                    'password': 'this-is-completely-wrong'}})
 
163
 
 
164
    def test_user_auth_with_invalid_tenant(self):
 
165
        """Authenticating with an invalid password returns a 401"""
 
166
        # Authenticate as user to get a token
 
167
        r = self.service_request(method='POST', path='/tokens',
 
168
            assert_status=401,
 
169
            as_json={
 
170
                'passwordCredentials': {
 
171
                    'username': self.user_id,
 
172
                    'password': 'secrete',
 
173
                    'tenantId': 'this-is-completely-wrong'}})
 
174
 
 
175
 
 
176
if __name__ == '__main__':
 
177
    unittest.main()