diff options
| author | Ziad Sawalha <github@highbridgellc.com> | 2011-06-03 00:22:27 -0500 |
|---|---|---|
| committer | Ziad Sawalha <github@highbridgellc.com> | 2011-06-03 00:22:27 -0500 |
| commit | f0be6794fbba426c2cf047265e4dffe730721504 (patch) | |
| tree | 53cdca632b13634ee61c963f6612a4b557765493 | |
| parent | 35e50a53ce2dad91d1f8a5fd3f7d0de036ede18b (diff) | |
| parent | 188af646058b5bea632e676abbb95cc54429a051 (diff) | |
Merge branch 'master' of https://github.com/rackspace/keystone
| -rw-r--r-- | test/unit/base.py | 9 | ||||
| -rw-r--r-- | test/unit/test_authn_v2.py | 300 |
2 files changed, 292 insertions, 17 deletions
diff --git a/test/unit/base.py b/test/unit/base.py index d9ace1da..0d59bba1 100644 --- a/test/unit/base.py +++ b/test/unit/base.py @@ -210,7 +210,14 @@ class ServiceAPITest(unittest.TestCase): """ Adds some convenience helpers using partials... """ - self.status_ok = functools.partial(self.verify_status, httplib.OK) + self.status_ok = functools.partial(self.verify_status, + httplib.OK) + self.status_not_found = functools.partial(self.verify_status, + httplib.NOT_FOUND) + self.status_unauthorized = functools.partial(self.verify_status, + httplib.UNAUTHORIZED) + self.status_bad_request = functools.partial(self.verify_status, + httplib.BAD_REQUEST) def assert_dict_equal(self, expected, got): """ diff --git a/test/unit/test_authn_v2.py b/test/unit/test_authn_v2.py index b3550033..284cb7b6 100644 --- a/test/unit/test_authn_v2.py +++ b/test/unit/test_authn_v2.py @@ -32,8 +32,10 @@ class TestAuthnV2(base.ServiceAPITest): api_version = '2.0' - @jsonify - def test_authn_json(self): + def test_get_fails(self): + """ + Test for GH issue #5. GET /tokens works when it should not + """ url = "/tokens" req = self.get_request('GET', url) body = { @@ -45,27 +47,175 @@ class TestAuthnV2(base.ServiceAPITest): } req.body = json.dumps(body) self.get_response() + self.status_not_found() + + @jsonify + def test_success_json(self): + """ + Test that good password credentials returns a 200 OK + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": self.auth_user['id'], + "password": self.auth_user['password'], + "tenantId": self.auth_user['tenant_id'] + } + } + req.body = json.dumps(body) + self.get_response() + self.status_ok() + + expected = { + u'auth': { + u'token': { + u'expires': self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), + u'id': self.auth_token_id + } + } + } + self.assert_dict_equal(expected, json.loads(self.res.body)) + + @jsonify + def test_success_missing_tenant_json(self): + """ + Test that supplying an existing user/pass, with a missing tenant ID + in the password credentials results in a 200 OK but a token not + matching the token with a tenant attached to it. + """ + # Create a special token for user with no tenant + auth_token = self.fixture_create_token( + user_id=self.auth_user['id'], + tenant_id=None, + expires=self.expires, + token_id='NOTENANTTOKEN') + + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": self.auth_user['id'], + "password": self.auth_user['password'], + "tenantId": None + } + } + req.body = json.dumps(body) + self.get_response() self.status_ok() expected = { u'auth': { u'token': { u'expires': self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), - u'id': self.auth_token_id, - u'tenantId': self.auth_user['tenant_id'] - }, - u'user': { - u'username': self.auth_user['id'], - u'tenantId': self.auth_user['tenant_id'] + u'id': 'NOTENANTTOKEN' } } } self.assert_dict_equal(expected, json.loads(self.res.body)) + @jsonify + def test_malformed_creds_json(self): + """ + Test that supplying a malformed password credentials + results in a 400 Bad Request + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredMisspelled": { + "username": 'unknown', + "password": 'badpass', + "tenantId": None + } + } + req.body = json.dumps(body) + self.get_response() + self.status_bad_request() + + @jsonify + def test_user_not_found_json(self): + """ + Test that supplying a non-existing user in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": 'unknown', + "password": 'badpass', + "tenantId": None + } + } + req.body = json.dumps(body) + self.get_response() + self.status_unauthorized() + + @jsonify + def test_user_missing_json(self): + """ + Test that supplying a missing user in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": None, + "password": self.auth_user['password'], + "tenantId": self.auth_user['tenant_id'] + } + } + req.body = json.dumps(body) + self.get_response() + self.status_unauthorized() + + @jsonify + def test_bad_pass_json(self): + """ + Test that supplying an existing user and a bad password + in the password credentials results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": self.auth_user['id'], + "password": 'badpass', + "tenantId": None + } + } + req.body = json.dumps(body) + self.get_response() + self.status_unauthorized() + + @jsonify + def test_bad_tenant_json(self): + """ + Test that supplying an existing user/pass, with a bad tenant ID + in the password credentials results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": self.auth_user['id'], + "password": self.auth_user['password'], + "tenantId": 'badtenant' + } + } + req.body = json.dumps(body) + self.get_response() + self.status_unauthorized() + @xmlify - def test_authn_xml(self): + def test_success_xml(self): + """ + Test that good password credentials returns a 200 OK + """ url = "/tokens" - req = self.get_request('GET', url) + req = self.get_request('POST', url) req.body = '<?xml version="1.0" encoding="UTF-8"?> \ <passwordCredentials \ xmlns="http://docs.openstack.org/identity/api/v2.0" \ @@ -78,12 +228,130 @@ class TestAuthnV2(base.ServiceAPITest): expected = """ <auth xmlns="http://docs.openstack.org/identity/api/v2.0"> - <token expires="%s" id="%s" tenantId="%s"/> - <user username="%s" tenantId="%s"/> + <token expires="%s" id="%s" /> </auth> """ % (self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), - self.auth_token_id, - self.auth_user['tenant_id'], - self.auth_user['id'], - self.auth_user['tenant_id']) + self.auth_token_id) self.assert_xml_strings_equal(expected, self.res.body) + + @xmlify + def test_success_missing_tenant_xml(self): + """ + Test that supplying an existing user/pass, with a missing tenant ID + in the password credentials results in a 200 OK but a token not + matching the token with a tenant attached to it. + """ + # Create a special token for user with no tenant + auth_token = self.fixture_create_token( + user_id=self.auth_user['id'], + tenant_id=None, + expires=self.expires, + token_id='NOTENANTTOKEN') + + url = "/tokens" + req = self.get_request('POST', url) + req.body = '<?xml version="1.0" encoding="UTF-8"?> \ + <passwordCredentials \ + xmlns="http://docs.openstack.org/identity/api/v2.0" \ + password="%s" username="%s" /> ' % ( + self.auth_user['password'], + self.auth_user['id']) + self.get_response() + self.status_ok() + + expected = """ + <auth xmlns="http://docs.openstack.org/identity/api/v2.0"> + <token expires="%s" id="%s" /> + </auth> + """ % (self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), + 'NOTENANTTOKEN') + self.assert_xml_strings_equal(expected, self.res.body) + + @xmlify + def test_authn_malformed_creds_xml(self): + """ + Test that supplying a malformed password credentials + results in a 400 Bad Request + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = '<?xml version="1.0" encoding="UTF-8"?> \ + <passwordCredMispelled \ + xmlns="http://docs.openstack.org/identity/api/v2.0" \ + password="%s" username="%s" \ + tenantId="%s"/> ' % (self.auth_user['password'], + self.auth_user['id'], + self.auth_user['tenant_id']) + self.get_response() + self.status_bad_request() + + @xmlify + def test_user_not_found_xml(self): + """ + Test that supplying a non-existing user in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = '<?xml version="1.0" encoding="UTF-8"?> \ + <passwordCredentials \ + xmlns="http://docs.openstack.org/identity/api/v2.0" \ + password="%s" username="%s" \ + tenantId="%s"/> ' % (self.auth_user['password'], + 'missinguser', + self.auth_user['tenant_id']) + self.get_response() + self.status_unauthorized() + + @xmlify + def test_user_missing_xml(self): + """ + Test that supplying a missing user in the password credentials + results in a 400 Bad Request + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = '<?xml version="1.0" encoding="UTF-8"?> \ + <passwordCredentials \ + xmlns="http://docs.openstack.org/identity/api/v2.0" \ + password="%s" \ + tenantId="%s"/> ' % (self.auth_user['password'], + self.auth_user['tenant_id']) + self.get_response() + self.status_bad_request() + + @xmlify + def test_bad_pass_xml(self): + """ + Test that supplying a bad password in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = '<?xml version="1.0" encoding="UTF-8"?> \ + <passwordCredentials \ + xmlns="http://docs.openstack.org/identity/api/v2.0" \ + password="%s" username="%s" \ + tenantId="%s"/> ' % ('badpass', + self.auth_user['id'], + self.auth_user['tenant_id']) + self.get_response() + self.status_unauthorized() + + @xmlify + def test_bad_tenant_xml(self): + """ + Test that supplying a bad tenant in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = '<?xml version="1.0" encoding="UTF-8"?> \ + <passwordCredentials \ + xmlns="http://docs.openstack.org/identity/api/v2.0" \ + password="%s" username="%s" \ + tenantId="%s"/> ' % (self.auth_user['password'], + self.auth_user['id'], + 'badtenant') + self.get_response() + self.status_unauthorized() |