Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 99585f3fb7860907c7877d7b34ea117254c6c938 / . / tempest / api / identity / v2 / test_users.py
blob: 9c77fff51479659fb62352539773583dfc31e391 [file] [log] [blame]
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]1# Copyright 2015 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
Lance Bragstada2c4ebc2015-10-05 20:34:39 +0000[diff] [blame]16import time
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]17
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]18from tempest.api.identity import base
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]19from tempest import config
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]20from tempest.lib.common.utils import data_utils
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -0800[diff] [blame]21from tempest.lib import decorators
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]22from tempest.lib import exceptions
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]23
24
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]25CONF = config.CONF
26
27
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]28class IdentityUsersTest(base.BaseIdentityV2Test):
29
30 @classmethod
31 def resource_setup(cls):
32 super(IdentityUsersTest, cls).resource_setup()
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]33 cls.creds = cls.os_primary.credentials
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]34 cls.username = cls.creds.username
35 cls.password = cls.creds.password
36 cls.tenant_name = cls.creds.tenant_name
37
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]38 def _update_password(self, user_id, original_password, password):
Daniel Mellado82c83a52015-12-09 15:16:49 +0000[diff] [blame]39 self.non_admin_users_client.update_user_own_password(
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]40 user_id, password=password, original_password=original_password)
41
Morgan Fainberg5b2c7452016-02-02 20:15:47 -0800[diff] [blame]42 # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
43 # Keystone should only be precise to the second. Sleep to ensure
Yaroslav Lobankovcbcb6112016-03-08 12:30:01 -0600[diff] [blame]44 # we are passing the second boundary.
Lance Bragstada2c4ebc2015-10-05 20:34:39 +0000[diff] [blame]45 time.sleep(1)
46
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]47 # check authorization with new password
48 self.non_admin_token_client.auth(self.username,
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]49 password,
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]50 self.tenant_name)
51
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]52 # Reset auth to get a new token with the new password
53 self.non_admin_users_client.auth_provider.clear_auth()
54 self.non_admin_users_client.auth_provider.credentials.password = (
55 password)
56
57 def _restore_password(self, user_id, old_pass, new_pass):
58 if CONF.identity_feature_enabled.security_compliance:
59 # First we need to clear the password history
60 unique_count = CONF.identity.user_unique_last_password_count
zhufl8e9a0732017-01-26 16:15:21 +0800[diff] [blame]61 for _ in range(unique_count):
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]62 random_pass = data_utils.rand_password()
63 self._update_password(
64 user_id, original_password=new_pass, password=random_pass)
65 new_pass = random_pass
66
67 self._update_password(
68 user_id, original_password=new_pass, password=old_pass)
69 # Reset auth again to verify the password restore does work.
70 # Clear auth restores the original credentials and deletes
71 # cached auth data
72 self.non_admin_users_client.auth_provider.clear_auth()
73 # NOTE(lbragstad): Fernet tokens are not subsecond aware and
74 # Keystone should only be precise to the second. Sleep to ensure we
75 # are passing the second boundary before attempting to
76 # authenticate.
77 time.sleep(1)
78 self.non_admin_users_client.auth_provider.set_auth()
79
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -0800[diff] [blame]80 @decorators.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]81 def test_user_update_own_password(self):
82 old_pass = self.creds.password
83 old_token = self.non_admin_users_client.token
84 new_pass = data_utils.rand_password()
85 user_id = self.creds.user_id
86
87 # to change password back. important for allow_tenant_isolation = false
88 self.addCleanup(self._restore_password, user_id, old_pass, new_pass)
89
90 # user updates own password
91 self._update_password(
92 user_id, original_password=old_pass, password=new_pass)
93
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]94 # authorize with old token should lead to Unauthorized
95 self.assertRaises(exceptions.Unauthorized,
96 self.non_admin_token_client.auth_token,
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]97 old_token)
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]98
99 # authorize with old password should lead to Unauthorized
100 self.assertRaises(exceptions.Unauthorized,
101 self.non_admin_token_client.auth,
102 self.username,
103 old_pass,
104 self.tenant_name)