Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 8ea9905aae3e81ad2affaddc35c7e3a500b61b4f / . / tempest / api / identity / v2 / test_users.py
blob: 98a2e687ab7d1be881573482b626b91237226385 [file] [log] [blame]
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]1# Copyright 2015 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16import copy
Lance Bragstada2c4ebc2015-10-05 20:34:39 +0000[diff] [blame]17import time
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]18
19from tempest_lib.common.utils import data_utils
20from tempest_lib import exceptions
21
22from tempest.api.identity import base
23from tempest import manager
24from tempest import test
25
26
27class IdentityUsersTest(base.BaseIdentityV2Test):
28
29 @classmethod
30 def resource_setup(cls):
31 super(IdentityUsersTest, cls).resource_setup()
32 cls.creds = cls.os.credentials
33 cls.username = cls.creds.username
34 cls.password = cls.creds.password
35 cls.tenant_name = cls.creds.tenant_name
36
37 @test.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
38 def test_user_update_own_password(self):
39 self.new_creds = copy.copy(self.creds.credentials)
40 self.new_creds.password = data_utils.rand_password()
41 # we need new non-admin Identity Client with new credentials, since
42 # current non_admin_client token will be revoked after updating
43 # password
44 self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
45 self.non_admin_client_for_cleanup.auth_provider = (
46 manager.get_auth_provider(self.new_creds))
47 user_id = self.creds.credentials.user_id
48 old_pass = self.creds.credentials.password
49 new_pass = self.new_creds.password
50
51 # to change password back. important for allow_tenant_isolation = false
52 self.addCleanup(
53 self.non_admin_client_for_cleanup.update_user_own_password,
piyush110786980c7be2015-12-15 14:14:48 +0530[diff] [blame]54 user_id, original_password=new_pass, password=old_pass)
Lance Bragstad144c2f42015-11-19 16:42:37 +0000[diff] [blame]55 # user updates own password
Lance Bragstadf6026442015-11-25 15:29:50 +0000[diff] [blame]56 self.non_admin_client.update_user_own_password(
piyush110786980c7be2015-12-15 14:14:48 +0530[diff] [blame]57 user_id, password=new_pass, original_password=old_pass)
Lance Bragstada2c4ebc2015-10-05 20:34:39 +0000[diff] [blame]58 # TODO(lbragstad): Sleeping after the response status has been checked
59 # and the body loaded as JSON allows requests to fail-fast. The sleep
60 # is necessary because keystone will err on the side of security and
61 # invalidate tokens within a small margin of error (within the same
62 # wall clock second) after a revocation event is issued (such as a
63 # password change). Remove this once keystone and Fernet support
64 # sub-second precision.
65 time.sleep(1)
66
Jane Zadorozhna9c938c62015-07-01 17:06:16 +0300[diff] [blame]67 # check authorization with new password
68 self.non_admin_token_client.auth(self.username,
69 new_pass,
70 self.tenant_name)
71
72 # authorize with old token should lead to Unauthorized
73 self.assertRaises(exceptions.Unauthorized,
74 self.non_admin_token_client.auth_token,
75 self.non_admin_client.token)
76
77 # authorize with old password should lead to Unauthorized
78 self.assertRaises(exceptions.Unauthorized,
79 self.non_admin_token_client.auth,
80 self.username,
81 old_pass,
82 self.tenant_name)