Browse Source

Add tests related to V2 token issued_at time changing

There was no test that showed that when a V2 token is used in a V3
context its "issued_at" time changes. This affects validating a V2
token using V3 and also revoking a V2 token. The tests show the
current incorrect behavior.

Partial-Bug: #1348820

Change-Id: I2a3443847b2699384413933ae164fdc183aa110f
(cherry picked from commit 556fb86031)
changes/82/112082/1
Brant Knudson 8 years ago
parent
commit
0c34e79ae9
  1. 49
      keystone/tests/test_v3_auth.py

49
keystone/tests/test_v3_auth.py

@ -365,6 +365,14 @@ class TokenAPITests(object):
self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'],
token_data['token']['roles'][0]['name'])
v2_issued_at = timeutils.parse_isotime(
v2_token_data['access']['token']['issued_at'])
v3_issued_at = timeutils.parse_isotime(
token_data['token']['issued_at'])
# FIXME(blk-u): the following should be assertEqual, see bug 1348820
self.assertNotEqual(v2_issued_at, v3_issued_at)
def test_rescoping_token(self):
expires = self.token_data['token']['expires_at']
auth_data = self.build_authentication_request(
@ -1201,6 +1209,35 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
# Make sure that we get a NotFound(404) when heading that role.
self.head(role_path, expected_status=404)
def get_v2_token(self):
body = {
'auth': {
'passwordCredentials': {
'username': self.default_domain_user['name'],
'password': self.default_domain_user['password'],
}
},
}
r = self.admin_request(method='POST', path='/v2.0/tokens', body=body)
return r.json_body['access']['token']['id']
def test_revoke_v2_token_no_check(self):
# Test that a V2 token can be revoked without validating it first.
# NOTE(blk-u): This doesn't work right. The token should be invalid
# after being revoked but it's not. See bug 1348820.
token = self.get_v2_token()
self.delete('/auth/tokens',
headers={'X-Subject-Token': token},
expected_status=204)
self.head('/auth/tokens',
headers={'X-Subject-Token': token},
expected_status=200) # FIXME(blk-u): This should be 404
@dependency.requires('revoke_api')
class TestTokenRevokeApi(TestTokenRevokeById):
@ -1263,18 +1300,6 @@ class TestTokenRevokeApi(TestTokenRevokeById):
expected_status=200).json_body
self.assertValidRevokedTokenResponse(events_response, self.user['id'])
def get_v2_token(self):
body = {
'auth': {
'passwordCredentials': {
'username': self.default_domain_user['name'],
'password': self.default_domain_user['password'],
},
},
}
r = self.admin_request(method='POST', path='/v2.0/tokens', body=body)
return r.json_body['access']['token']['id']
def test_revoke_v2_token(self):
token = self.get_v2_token()
headers = {'X-Subject-Token': token}

Loading…
Cancel
Save