Add tests related to V2 token issued_at time changing
There was no test that showed that when a V2 token is used in a V3 context its "issued_at" time changes. This affects validating a V2 token using V3 and also revoking a V2 token. The tests show the current incorrect behavior. Partial-Bug: #1348820 Change-Id: I2a3443847b2699384413933ae164fdc183aa110f
This commit is contained in:
parent
46f2871258
commit
556fb86031
|
@ -365,6 +365,14 @@ class TokenAPITests(object):
|
||||||
self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'],
|
self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'],
|
||||||
token_data['token']['roles'][0]['name'])
|
token_data['token']['roles'][0]['name'])
|
||||||
|
|
||||||
|
v2_issued_at = timeutils.parse_isotime(
|
||||||
|
v2_token_data['access']['token']['issued_at'])
|
||||||
|
v3_issued_at = timeutils.parse_isotime(
|
||||||
|
token_data['token']['issued_at'])
|
||||||
|
|
||||||
|
# FIXME(blk-u): the following should be assertEqual, see bug 1348820
|
||||||
|
self.assertNotEqual(v2_issued_at, v3_issued_at)
|
||||||
|
|
||||||
def test_rescoping_token(self):
|
def test_rescoping_token(self):
|
||||||
expires = self.token_data['token']['expires_at']
|
expires = self.token_data['token']['expires_at']
|
||||||
auth_data = self.build_authentication_request(
|
auth_data = self.build_authentication_request(
|
||||||
|
@ -1224,6 +1232,35 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
|
||||||
# Make sure that we get a NotFound(404) when heading that role.
|
# Make sure that we get a NotFound(404) when heading that role.
|
||||||
self.head(role_path, expected_status=404)
|
self.head(role_path, expected_status=404)
|
||||||
|
|
||||||
|
def get_v2_token(self):
|
||||||
|
body = {
|
||||||
|
'auth': {
|
||||||
|
'passwordCredentials': {
|
||||||
|
'username': self.default_domain_user['name'],
|
||||||
|
'password': self.default_domain_user['password'],
|
||||||
|
}
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
r = self.admin_request(method='POST', path='/v2.0/tokens', body=body)
|
||||||
|
return r.json_body['access']['token']['id']
|
||||||
|
|
||||||
|
def test_revoke_v2_token_no_check(self):
|
||||||
|
# Test that a V2 token can be revoked without validating it first.
|
||||||
|
|
||||||
|
# NOTE(blk-u): This doesn't work right. The token should be invalid
|
||||||
|
# after being revoked but it's not. See bug 1348820.
|
||||||
|
|
||||||
|
token = self.get_v2_token()
|
||||||
|
|
||||||
|
self.delete('/auth/tokens',
|
||||||
|
headers={'X-Subject-Token': token},
|
||||||
|
expected_status=204)
|
||||||
|
|
||||||
|
self.head('/auth/tokens',
|
||||||
|
headers={'X-Subject-Token': token},
|
||||||
|
expected_status=200) # FIXME(blk-u): This should be 404
|
||||||
|
|
||||||
|
|
||||||
@dependency.requires('revoke_api')
|
@dependency.requires('revoke_api')
|
||||||
class TestTokenRevokeApi(TestTokenRevokeById):
|
class TestTokenRevokeApi(TestTokenRevokeById):
|
||||||
|
@ -1286,18 +1323,6 @@ class TestTokenRevokeApi(TestTokenRevokeById):
|
||||||
expected_status=200).json_body
|
expected_status=200).json_body
|
||||||
self.assertValidRevokedTokenResponse(events_response, self.user['id'])
|
self.assertValidRevokedTokenResponse(events_response, self.user['id'])
|
||||||
|
|
||||||
def get_v2_token(self):
|
|
||||||
body = {
|
|
||||||
'auth': {
|
|
||||||
'passwordCredentials': {
|
|
||||||
'username': self.default_domain_user['name'],
|
|
||||||
'password': self.default_domain_user['password'],
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
r = self.admin_request(method='POST', path='/v2.0/tokens', body=body)
|
|
||||||
return r.json_body['access']['token']['id']
|
|
||||||
|
|
||||||
def test_revoke_v2_token(self):
|
def test_revoke_v2_token(self):
|
||||||
token = self.get_v2_token()
|
token = self.get_v2_token()
|
||||||
headers = {'X-Subject-Token': token}
|
headers = {'X-Subject-Token': token}
|
||||||
|
|
Loading…
Reference in New Issue