Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / a2c4ebc4fac75c0889489e4bed5a0aa89f8193f1 / . / tempest / api / identity / v2 / test_users.py
blob: 50aaa25208a00bb386f26333bde469d5f09cc986 [file] [log] [blame]
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]1# Copyright 2015 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16import copy
Lance Bragstada2c4ebc2015-10-05 20:34:39 +0000[diff] [blame^]17import time
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]18
19from tempest_lib.common.utils import data_utils
20from tempest_lib import exceptions
21
22from tempest.api.identity import base
23from tempest import manager
24from tempest import test
25
26
27class IdentityUsersTest(base.BaseIdentityV2Test):
28
29 @classmethod
30 def resource_setup(cls):
31 super(IdentityUsersTest, cls).resource_setup()
32 cls.creds = cls.os.credentials
33 cls.username = cls.creds.username
34 cls.password = cls.creds.password
35 cls.tenant_name = cls.creds.tenant_name
36
37 @test.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
38 def test_user_update_own_password(self):
39 self.new_creds = copy.copy(self.creds.credentials)
40 self.new_creds.password = data_utils.rand_password()
41 # we need new non-admin Identity Client with new credentials, since
42 # current non_admin_client token will be revoked after updating
43 # password
44 self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
45 self.non_admin_client_for_cleanup.auth_provider = (
46 manager.get_auth_provider(self.new_creds))
47 user_id = self.creds.credentials.user_id
48 old_pass = self.creds.credentials.password
49 new_pass = self.new_creds.password
50
51 # to change password back. important for allow_tenant_isolation = false
52 self.addCleanup(
53 self.non_admin_client_for_cleanup.update_user_own_password,
54 user_id=user_id,
55 new_pass=old_pass,
56 old_pass=new_pass)
57
Lance Bragstada2c4ebc2015-10-05 20:34:39 +0000[diff] [blame^]58 # TODO(lbragstad): Sleeping after the response status has been checked
59 # and the body loaded as JSON allows requests to fail-fast. The sleep
60 # is necessary because keystone will err on the side of security and
61 # invalidate tokens within a small margin of error (within the same
62 # wall clock second) after a revocation event is issued (such as a
63 # password change). Remove this once keystone and Fernet support
64 # sub-second precision.
65 time.sleep(1)
66
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]67 # user updates own password
68 resp = self.non_admin_client.update_user_own_password(
Anusha Raminenifa5591f2015-09-24 14:25:01 +0530[diff] [blame]69 user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]70
71 # check authorization with new token
72 self.non_admin_token_client.auth_token(resp['token']['id'])
73 # check authorization with new password
74 self.non_admin_token_client.auth(self.username,
75 new_pass,
76 self.tenant_name)
77
78 # authorize with old token should lead to Unauthorized
79 self.assertRaises(exceptions.Unauthorized,
80 self.non_admin_token_client.auth_token,
81 self.non_admin_client.token)
82
83 # authorize with old password should lead to Unauthorized
84 self.assertRaises(exceptions.Unauthorized,
85 self.non_admin_token_client.auth,
86 self.username,
87 old_pass,
88 self.tenant_name)