diff options
| author | Derek Higgins <derekh@redhat.com> | 2012-05-11 13:42:43 +0100 |
|---|---|---|
| committer | Derek Higgins <derekh@redhat.com> | 2012-05-16 23:46:48 +0100 |
| commit | 628149b3dc6b58b91fd08e6ca8d91c728ccb8626 (patch) | |
| tree | 96779791c632faa0e8a9b940f1092e0f77fddc2b /tests | |
| parent | 3c9c38a8e08dd0300a04edb843a0b3e49486e86f (diff) | |
| download | keystone-628149b3dc6b58b91fd08e6ca8d91c728ccb8626.tar.gz keystone-628149b3dc6b58b91fd08e6ca8d91c728ccb8626.tar.xz keystone-628149b3dc6b58b91fd08e6ca8d91c728ccb8626.zip | |
Invalidate user tokens when a user is disabled
Fixes Bug 997194
Delete valid tokens for a user when they have been disabled
Moved logic to delete tokens into update_user, as this can be called
directly form the REST API.
Also checks if a user is enabled when creating a token from another
token, this helps in cases there the backend didn't support listing of
tokens (and as a result weren't deleted)
Change-Id: Ib5ed73a7873bfa66ef31bf6d0f0322f50e677688
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_keystoneclient.py | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py index a02af87c..37f877f2 100644 --- a/tests/test_keystoneclient.py +++ b/tests/test_keystoneclient.py @@ -309,6 +309,23 @@ class KeystoneClientTests(object): client.tokens.authenticate, token=token_id) + def test_disable_user_invalidates_token(self): + from keystoneclient import exceptions as client_exceptions + + admin_client = self.get_client(admin=True) + foo_client = self.get_client(self.user_foo) + + admin_client.users.update_enabled(user=self.user_foo['id'], + enabled=False) + + self.assertRaises(client_exceptions.Unauthorized, + foo_client.tokens.authenticate, + token=foo_client.auth_token) + + self.assertRaises(client_exceptions.Unauthorized, + self.get_client, + self.user_foo) + def test_user_create_update_delete(self): from keystoneclient import exceptions as client_exceptions @@ -332,7 +349,7 @@ class KeystoneClientTests(object): user = client.users.get(user.id) self.assertFalse(user.enabled) - self.assertRaises(client_exceptions.AuthorizationFailure, + self.assertRaises(client_exceptions.Unauthorized, self._client, username=test_username, password='password') @@ -880,7 +897,7 @@ class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): user = client.users.get(user.id) self.assertFalse(user.enabled) - self.assertRaises(client_exceptions.AuthorizationFailure, + self.assertRaises(client_exceptions.Unauthorized, self._client, username=test_username, password='password') |