Browse Source

Add test showing password logged

There was no test that showed that the password is logged when a
user is created or admin changes user password.

Change-Id: I5ffa04e9ac359355cff47a622731f1bf6a27ea7b
Partial-Bug: #1465922
(cherry picked from commit c2c3a0ff86)
Brant Knudson 3 years ago
parent
commit
fba2d5c15e
1 changed files with 59 additions and 0 deletions
  1. 59
    0
      keystone/tests/unit/test_v3_identity.py

+ 59
- 0
keystone/tests/unit/test_v3_identity.py View File

@@ -12,8 +12,10 @@
12 12
 # License for the specific language governing permissions and limitations
13 13
 # under the License.
14 14
 
15
+import logging
15 16
 import uuid
16 17
 
18
+import fixtures
17 19
 from oslo_config import cfg
18 20
 from testtools import matchers
19 21
 
@@ -434,6 +436,45 @@ class IdentityTestCase(test_v3.RestfulTestCase):
434 436
         self.delete('/groups/%(group_id)s' % {
435 437
             'group_id': self.group_id})
436 438
 
439
+    def test_create_user_password_not_logged(self):
440
+        # When a user is created, the password isn't logged at any level.
441
+
442
+        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
443
+
444
+        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
445
+
446
+        ref = self.new_user_ref(domain_id=self.domain_id)
447
+        self.post(
448
+            '/users',
449
+            body={'user': ref})
450
+
451
+        # This should be assert*Not*In, see bug 1465922
452
+        self.assertIn(ref['password'], log_fix.output)
453
+
454
+    def test_update_password_not_logged(self):
455
+        # When admin modifies user password, the password isn't logged at any
456
+        # level.
457
+
458
+        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
459
+
460
+        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
461
+
462
+        # bootstrap a user as admin
463
+        user_ref = self.new_user_ref(domain_id=self.domain['id'])
464
+        password = user_ref['password']
465
+        user_ref = self.identity_api.create_user(user_ref)
466
+
467
+        # administrative password reset
468
+        new_password = uuid.uuid4().hex
469
+        self.patch('/users/%s' % user_ref['id'],
470
+                   body={'user': {'password': new_password}},
471
+                   expected_status=200)
472
+
473
+        self.assertNotIn(password, log_fix.output)
474
+
475
+        # This should be assert*Not*In, see bug 1465922
476
+        self.assertIn(new_password, log_fix.output)
477
+
437 478
 
438 479
 class IdentityV3toV2MethodsTestCase(tests.TestCase):
439 480
     """Test users V3 to V2 conversion methods."""
@@ -582,3 +623,21 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
582 623
         self.change_password(password=uuid.uuid4().hex,
583 624
                              original_password=self.user_ref['password'],
584 625
                              expected_status=401)
626
+
627
+    def test_changing_password_not_logged(self):
628
+        # When a user changes their password, the password isn't logged at any
629
+        # level.
630
+
631
+        # FIXME(blk-u): This doesn't work as expected, see bug 1465922
632
+
633
+        log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
634
+
635
+        # change password
636
+        new_password = uuid.uuid4().hex
637
+        self.change_password(password=new_password,
638
+                             original_password=self.user_ref['password'],
639
+                             expected_status=204)
640
+
641
+        # These should be assert*Not*In, see bug 1465922
642
+        self.assertIn(self.user_ref['password'], log_fix.output)
643
+        self.assertIn(new_password, log_fix.output)

Loading…
Cancel
Save