diff options
author | Jenkins <jenkins@review.openstack.org> | 2013-08-15 20:45:50 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2013-08-15 20:45:50 +0000 |
commit | 1b4f0a5ec848af94e322a8f55deb52223c94b62a (patch) | |
tree | b7ba6edd958027060980f3c05a79eda01bc43bdd /keystone/tests/test_v3_auth.py | |
parent | 116897786dbb8473154ec85a01b019af8106a1f4 (diff) | |
parent | 74f788aa9da0dabf54bd1f4718f9c0e0b9726757 (diff) | |
download | keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.tar.gz keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.tar.xz keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.zip |
Merge "Revoke user tokens when disabling/delete a project"
Diffstat (limited to 'keystone/tests/test_v3_auth.py')
-rw-r--r-- | keystone/tests/test_v3_auth.py | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/keystone/tests/test_v3_auth.py b/keystone/tests/test_v3_auth.py index 43f87d98..1f4425ce 100644 --- a/keystone/tests/test_v3_auth.py +++ b/keystone/tests/test_v3_auth.py @@ -545,6 +545,67 @@ class TestTokenRevoking(test_v3.RestfulTestCase): headers={'X-Subject-Token': token}, expected_status=204) + def test_disabling_project_revokes_token(self): + resp = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user3['id'], + password=self.user3['password'], + project_id=self.projectA['id'])) + token = resp.headers.get('X-Subject-Token') + + # confirm token is valid + self.head('/auth/tokens', + headers={'X-Subject-Token': token}, + expected_status=204) + + # disable the project, which should invalidate the token + self.patch( + '/projects/%(project_id)s' % {'project_id': self.projectA['id']}, + body={'project': {'enabled': False}}) + + # user should no longer have access to the project + self.head('/auth/tokens', + headers={'X-Subject-Token': token}, + expected_status=401) + resp = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user3['id'], + password=self.user3['password'], + project_id=self.projectA['id']), + expected_status=401) + + def test_deleting_project_revokes_token(self): + resp = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user3['id'], + password=self.user3['password'], + project_id=self.projectA['id'])) + token = resp.headers.get('X-Subject-Token') + + # confirm token is valid + self.head('/auth/tokens', + headers={'X-Subject-Token': token}, + expected_status=204) + + # delete the project, which should invalidate the token + self.delete( + '/projects/%(project_id)s' % {'project_id': self.projectA['id']}) + + # user should no longer have access to the project + self.head('/auth/tokens', + headers={'X-Subject-Token': token}, + expected_status=401) + resp = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user3['id'], + password=self.user3['password'], + project_id=self.projectA['id']), + expected_status=401) + def test_deleting_group_grant_revokes_tokens(self): """Test deleting a group grant revokes tokens. |