From 110af8effb9e353ba0bb5a222e2da942d540f814 Mon Sep 17 00:00:00 2001 From: Jay Pipes Date: Thu, 2 Jun 2011 12:02:57 -0400 Subject: Add test case for verifying GET /v2.0/tokens returns 404 Not Found --- test/unit/base.py | 5 ++++- test/unit/test_authn_v2.py | 36 ++++++++++++++++++++++-------------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/test/unit/base.py b/test/unit/base.py index d9ace1da..2626bb17 100644 --- a/test/unit/base.py +++ b/test/unit/base.py @@ -210,7 +210,10 @@ class ServiceAPITest(unittest.TestCase): """ Adds some convenience helpers using partials... """ - self.status_ok = functools.partial(self.verify_status, httplib.OK) + self.status_ok = functools.partial(self.verify_status, + httplib.OK) + self.status_not_found = functools.partial(self.verify_status, + httplib.NOT_FOUND) def assert_dict_equal(self, expected, got): """ diff --git a/test/unit/test_authn_v2.py b/test/unit/test_authn_v2.py index b3550033..87931163 100644 --- a/test/unit/test_authn_v2.py +++ b/test/unit/test_authn_v2.py @@ -32,10 +32,27 @@ class TestAuthnV2(base.ServiceAPITest): api_version = '2.0' + def test_authn_get_fails(self): + """ + Test for GH issue #5. GET /tokens works when it should not + """ + url = "/tokens" + req = self.get_request('GET', url) + body = { + "passwordCredentials": { + "username": self.auth_user['id'], + "password": self.auth_user['password'], + "tenantId": self.auth_user['tenant_id'] + } + } + req.body = json.dumps(body) + self.get_response() + self.status_not_found() + @jsonify def test_authn_json(self): url = "/tokens" - req = self.get_request('GET', url) + req = self.get_request('POST', url) body = { "passwordCredentials": { "username": self.auth_user['id'], @@ -51,12 +68,7 @@ class TestAuthnV2(base.ServiceAPITest): u'auth': { u'token': { u'expires': self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), - u'id': self.auth_token_id, - u'tenantId': self.auth_user['tenant_id'] - }, - u'user': { - u'username': self.auth_user['id'], - u'tenantId': self.auth_user['tenant_id'] + u'id': self.auth_token_id } } } @@ -65,7 +77,7 @@ class TestAuthnV2(base.ServiceAPITest): @xmlify def test_authn_xml(self): url = "/tokens" - req = self.get_request('GET', url) + req = self.get_request('POST', url) req.body = ' \ - - + """ % (self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), - self.auth_token_id, - self.auth_user['tenant_id'], - self.auth_user['id'], - self.auth_user['tenant_id']) + self.auth_token_id) self.assert_xml_strings_equal(expected, self.res.body) -- cgit From 4478f229ac7c35388bee3a5803772ae2a5bd13a6 Mon Sep 17 00:00:00 2001 From: Jay Pipes Date: Thu, 2 Jun 2011 13:10:21 -0400 Subject: Add more test cases for v2 authentication for bad requests and unauthorized results --- test/unit/base.py | 4 + test/unit/test_authn_v2.py | 266 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 267 insertions(+), 3 deletions(-) diff --git a/test/unit/base.py b/test/unit/base.py index 2626bb17..0d59bba1 100644 --- a/test/unit/base.py +++ b/test/unit/base.py @@ -214,6 +214,10 @@ class ServiceAPITest(unittest.TestCase): httplib.OK) self.status_not_found = functools.partial(self.verify_status, httplib.NOT_FOUND) + self.status_unauthorized = functools.partial(self.verify_status, + httplib.UNAUTHORIZED) + self.status_bad_request = functools.partial(self.verify_status, + httplib.BAD_REQUEST) def assert_dict_equal(self, expected, got): """ diff --git a/test/unit/test_authn_v2.py b/test/unit/test_authn_v2.py index 87931163..284cb7b6 100644 --- a/test/unit/test_authn_v2.py +++ b/test/unit/test_authn_v2.py @@ -32,7 +32,7 @@ class TestAuthnV2(base.ServiceAPITest): api_version = '2.0' - def test_authn_get_fails(self): + def test_get_fails(self): """ Test for GH issue #5. GET /tokens works when it should not """ @@ -50,7 +50,10 @@ class TestAuthnV2(base.ServiceAPITest): self.status_not_found() @jsonify - def test_authn_json(self): + def test_success_json(self): + """ + Test that good password credentials returns a 200 OK + """ url = "/tokens" req = self.get_request('POST', url) body = { @@ -74,8 +77,143 @@ class TestAuthnV2(base.ServiceAPITest): } self.assert_dict_equal(expected, json.loads(self.res.body)) + @jsonify + def test_success_missing_tenant_json(self): + """ + Test that supplying an existing user/pass, with a missing tenant ID + in the password credentials results in a 200 OK but a token not + matching the token with a tenant attached to it. + """ + # Create a special token for user with no tenant + auth_token = self.fixture_create_token( + user_id=self.auth_user['id'], + tenant_id=None, + expires=self.expires, + token_id='NOTENANTTOKEN') + + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": self.auth_user['id'], + "password": self.auth_user['password'], + "tenantId": None + } + } + req.body = json.dumps(body) + self.get_response() + self.status_ok() + + expected = { + u'auth': { + u'token': { + u'expires': self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), + u'id': 'NOTENANTTOKEN' + } + } + } + self.assert_dict_equal(expected, json.loads(self.res.body)) + + @jsonify + def test_malformed_creds_json(self): + """ + Test that supplying a malformed password credentials + results in a 400 Bad Request + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredMisspelled": { + "username": 'unknown', + "password": 'badpass', + "tenantId": None + } + } + req.body = json.dumps(body) + self.get_response() + self.status_bad_request() + + @jsonify + def test_user_not_found_json(self): + """ + Test that supplying a non-existing user in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": 'unknown', + "password": 'badpass', + "tenantId": None + } + } + req.body = json.dumps(body) + self.get_response() + self.status_unauthorized() + + @jsonify + def test_user_missing_json(self): + """ + Test that supplying a missing user in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": None, + "password": self.auth_user['password'], + "tenantId": self.auth_user['tenant_id'] + } + } + req.body = json.dumps(body) + self.get_response() + self.status_unauthorized() + + @jsonify + def test_bad_pass_json(self): + """ + Test that supplying an existing user and a bad password + in the password credentials results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": self.auth_user['id'], + "password": 'badpass', + "tenantId": None + } + } + req.body = json.dumps(body) + self.get_response() + self.status_unauthorized() + + @jsonify + def test_bad_tenant_json(self): + """ + Test that supplying an existing user/pass, with a bad tenant ID + in the password credentials results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + body = { + "passwordCredentials": { + "username": self.auth_user['id'], + "password": self.auth_user['password'], + "tenantId": 'badtenant' + } + } + req.body = json.dumps(body) + self.get_response() + self.status_unauthorized() + @xmlify - def test_authn_xml(self): + def test_success_xml(self): + """ + Test that good password credentials returns a 200 OK + """ url = "/tokens" req = self.get_request('POST', url) req.body = ' \ @@ -95,3 +233,125 @@ class TestAuthnV2(base.ServiceAPITest): """ % (self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), self.auth_token_id) self.assert_xml_strings_equal(expected, self.res.body) + + @xmlify + def test_success_missing_tenant_xml(self): + """ + Test that supplying an existing user/pass, with a missing tenant ID + in the password credentials results in a 200 OK but a token not + matching the token with a tenant attached to it. + """ + # Create a special token for user with no tenant + auth_token = self.fixture_create_token( + user_id=self.auth_user['id'], + tenant_id=None, + expires=self.expires, + token_id='NOTENANTTOKEN') + + url = "/tokens" + req = self.get_request('POST', url) + req.body = ' \ + ' % ( + self.auth_user['password'], + self.auth_user['id']) + self.get_response() + self.status_ok() + + expected = """ + + + + """ % (self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"), + 'NOTENANTTOKEN') + self.assert_xml_strings_equal(expected, self.res.body) + + @xmlify + def test_authn_malformed_creds_xml(self): + """ + Test that supplying a malformed password credentials + results in a 400 Bad Request + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = ' \ + ' % (self.auth_user['password'], + self.auth_user['id'], + self.auth_user['tenant_id']) + self.get_response() + self.status_bad_request() + + @xmlify + def test_user_not_found_xml(self): + """ + Test that supplying a non-existing user in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = ' \ + ' % (self.auth_user['password'], + 'missinguser', + self.auth_user['tenant_id']) + self.get_response() + self.status_unauthorized() + + @xmlify + def test_user_missing_xml(self): + """ + Test that supplying a missing user in the password credentials + results in a 400 Bad Request + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = ' \ + ' % (self.auth_user['password'], + self.auth_user['tenant_id']) + self.get_response() + self.status_bad_request() + + @xmlify + def test_bad_pass_xml(self): + """ + Test that supplying a bad password in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = ' \ + ' % ('badpass', + self.auth_user['id'], + self.auth_user['tenant_id']) + self.get_response() + self.status_unauthorized() + + @xmlify + def test_bad_tenant_xml(self): + """ + Test that supplying a bad tenant in the password credentials + results in a 401 Unauthorized + """ + url = "/tokens" + req = self.get_request('POST', url) + req.body = ' \ + ' % (self.auth_user['password'], + self.auth_user['id'], + 'badtenant') + self.get_response() + self.status_unauthorized() -- cgit