Browse Source

Add test showing password logged

There was no test that showed that the password is logged when a
user is created or admin changes user password.

Conflicts:
	keystone/tests/unit/test_v3_identity.py

Change-Id: I5ffa04e9ac359355cff47a622731f1bf6a27ea7b
Partial-Bug: #1465922
(cherry picked from commit c2c3a0ff86)
(cherry picked from commit fba2d5c15e)
tags/2014.2.4
Brant Knudson 3 years ago
parent
commit
a7037547fe
1 changed files with 59 additions and 0 deletions
  1. 59
    0
      keystone/tests/test_v3_identity.py

+ 59
- 0
keystone/tests/test_v3_identity.py View File

@@ -12,8 +12,10 @@
12 12
 # License for the specific language governing permissions and limitations
13 13
 # under the License.
14 14
 
15
+import logging
15 16
 import uuid
16 17
 
18
+import fixtures
17 19
 from oslo.config import cfg
18 20
 from testtools import matchers
19 21
 
@@ -1657,6 +1659,45 @@ class IdentityTestCase(test_v3.RestfulTestCase):
1657 1659
         self.assertRoleAssignmentInListResponse(r, up1_entity,
1658 1660
                                                 link_url=gp1_url)
1659 1661
 
1662
+    def test_create_user_password_not_logged(self):
1663
+        # When a user is created, the password isn't logged at any level.
1664
+
1665
+        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
1666
+
1667
+        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
1668
+
1669
+        ref = self.new_user_ref(domain_id=self.domain_id)
1670
+        self.post(
1671
+            '/users',
1672
+            body={'user': ref})
1673
+
1674
+        # This should be assert*Not*In, see bug 1465922
1675
+        self.assertIn(ref['password'], log_fix.output)
1676
+
1677
+    def test_update_password_not_logged(self):
1678
+        # When admin modifies user password, the password isn't logged at any
1679
+        # level.
1680
+
1681
+        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
1682
+
1683
+        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
1684
+
1685
+        # bootstrap a user as admin
1686
+        user_ref = self.new_user_ref(domain_id=self.domain['id'])
1687
+        password = user_ref['password']
1688
+        user_ref = self.identity_api.create_user(user_ref)
1689
+
1690
+        # administrative password reset
1691
+        new_password = uuid.uuid4().hex
1692
+        self.patch('/users/%s' % user_ref['id'],
1693
+                   body={'user': {'password': new_password}},
1694
+                   expected_status=200)
1695
+
1696
+        self.assertNotIn(password, log_fix.output)
1697
+
1698
+        # This should be assert*Not*In, see bug 1465922
1699
+        self.assertIn(new_password, log_fix.output)
1700
+
1660 1701
 
1661 1702
 class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
1662 1703
     """Test inheritance crud and its effects."""
@@ -2300,3 +2341,21 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
2300 2341
         self.change_password(password=uuid.uuid4().hex,
2301 2342
                              original_password=self.user_ref['password'],
2302 2343
                              expected_status=401)
2344
+
2345
+    def test_changing_password_not_logged(self):
2346
+        # When a user changes their password, the password isn't logged at any
2347
+        # level.
2348
+
2349
+        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
2350
+
2351
+        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
2352
+
2353
+        # change password
2354
+        new_password = uuid.uuid4().hex
2355
+        self.change_password(password=new_password,
2356
+                             original_password=self.user_ref['password'],
2357
+                             expected_status=204)
2358
+
2359
+        # These should be assert*Not*In, see bug 1465922
2360
+        self.assertIn(self.user_ref['password'], log_fix.output)
2361
+        self.assertIn(new_password, log_fix.output)

Loading…
Cancel
Save