Added test_user_update_own_password tests for Identity v2, v3

Added test_user_update_own_password tests for Identity v2, v3 that test non admin user capability to change own password via public identity client. Tests check that after updating password token is revoked and new token is valid; old password is invalid and new one is valid. Change-Id: I4108312e01bbcacaa9ac6d6b9960ca0e75533f33
2015-07-01 17:06:16 +03:00
parent bfc7237f9a
commit 9c938c63c8
3 changed files with 161 additions and 0 deletions
--- a/tempest/api/identity/v2/test_users.py
+++ b/tempest/api/identity/v2/test_users.py
@@ -0,0 +1,78 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import copy
+
+from tempest_lib.common.utils import data_utils
+from tempest_lib import exceptions
+
+from tempest.api.identity import base
+from tempest import manager
+from tempest import test
+
+
+class IdentityUsersTest(base.BaseIdentityV2Test):
+
+    @classmethod
+    def resource_setup(cls):
+        super(IdentityUsersTest, cls).resource_setup()
+        cls.creds = cls.os.credentials
+        cls.username = cls.creds.username
+        cls.password = cls.creds.password
+        cls.tenant_name = cls.creds.tenant_name
+
+    @test.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
+    def test_user_update_own_password(self):
+        self.new_creds = copy.copy(self.creds.credentials)
+        self.new_creds.password = data_utils.rand_password()
+        # we need new non-admin Identity Client with new credentials, since
+        # current non_admin_client token will be revoked after updating
+        # password
+        self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
+        self.non_admin_client_for_cleanup.auth_provider = (
+            manager.get_auth_provider(self.new_creds))
+        user_id = self.creds.credentials.user_id
+        old_pass = self.creds.credentials.password
+        new_pass = self.new_creds.password
+
+        # to change password back. important for allow_tenant_isolation = false
+        self.addCleanup(
+            self.non_admin_client_for_cleanup.update_user_own_password,
+            user_id=user_id,
+            new_pass=old_pass,
+            old_pass=new_pass)
+
+        # user updates own password
+        resp = self.non_admin_client.update_user_own_password(
+            user_id=user_id, new_pass=new_pass, old_pass=old_pass)
+
+        # check authorization with new token
+        self.non_admin_token_client.auth_token(resp['token']['id'])
+        # check authorization with new password
+        self.non_admin_token_client.auth(self.username,
+                                         new_pass,
+                                         self.tenant_name)
+
+        # authorize with old token should lead to Unauthorized
+        self.assertRaises(exceptions.Unauthorized,
+                          self.non_admin_token_client.auth_token,
+                          self.non_admin_client.token)
+
+        # authorize with old password should lead to Unauthorized
+        self.assertRaises(exceptions.Unauthorized,
+                          self.non_admin_token_client.auth,
+                          self.username,
+                          old_pass,
+                          self.tenant_name)
--- a/tempest/api/identity/v3/test_users.py
+++ b/tempest/api/identity/v3/test_users.py
@@ -0,0 +1,72 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import copy
+
+from tempest_lib.common.utils import data_utils
+from tempest_lib import exceptions
+
+from tempest.api.identity import base
+from tempest import manager
+from tempest import test
+
+
+class IdentityV3UsersTest(base.BaseIdentityV3Test):
+
+    @classmethod
+    def resource_setup(cls):
+        super(IdentityV3UsersTest, cls).resource_setup()
+        cls.creds = cls.os.credentials
+        cls.user_id = cls.creds.user_id
+        cls.username = cls.creds.username
+        cls.password = cls.creds.password
+
+    @test.idempotent_id('ad71bd23-12ad-426b-bb8b-195d2b635f27')
+    def test_user_update_own_password(self):
+        self.new_creds = copy.copy(self.creds.credentials)
+        self.new_creds.password = data_utils.rand_password()
+        # we need new non-admin Identity V3 Client with new credentials, since
+        # current non_admin_client token will be revoked after updating
+        # password
+        self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
+        self.non_admin_client_for_cleanup.auth_provider = (
+            manager.get_auth_provider(self.new_creds))
+        user_id = self.creds.credentials.user_id
+        old_pass = self.creds.credentials.password
+        new_pass = self.new_creds.password
+        # to change password back. important for allow_tenant_isolation = false
+        self.addCleanup(
+            self.non_admin_client_for_cleanup.update_user_password,
+            user_id=user_id,
+            password=old_pass,
+            original_password=new_pass)
+
+        # user updates own password
+        self.non_admin_client.update_user_password(
+            user_id=user_id, password=new_pass, original_password=old_pass)
+
+        # check authorization with new password
+        self.non_admin_token.auth(user_id=self.user_id, password=new_pass)
+
+        # authorize with old token should lead to IdentityError (404 code)
+        self.assertRaises(exceptions.IdentityError,
+                          self.non_admin_token.auth,
+                          token=self.non_admin_client.token)
+
+        # authorize with old password should lead to Unauthorized
+        self.assertRaises(exceptions.Unauthorized,
+                          self.non_admin_token.auth,
+                          user_id=self.user_id,
+                          password=old_pass)
--- a/tempest/services/identity/v2/json/identity_client.py
+++ b/tempest/services/identity/v2/json/identity_client.py
@@ -297,6 +297,17 @@ class IdentityClient(service_client.ServiceClient):
        self.expected_success(200, resp.status)
        return service_client.ResponseBody(resp, self._parse_resp(body))

+    def update_user_own_password(self, user_id, new_pass, old_pass):
+        """User updates own password"""
+        patch_body = {
+            "password": new_pass,
+            "original_password": old_pass
+        }
+        patch_body = json.dumps({'user': patch_body})
+        resp, body = self.patch('OS-KSCRUD/users/%s' % user_id, patch_body)
+        self.expected_success(200, resp.status)
+        return service_client.ResponseBody(resp, self._parse_resp(body))
+
    def list_extensions(self):
        """List all the extensions."""
        resp, body = self.get('/extensions')