blob: ab48c07c87f58db14cb3bcb68241d2e8efd61c36 [file] [log] [blame]
Jane Zadorozhna9c938c62015-07-01 17:06:16 +03001# Copyright 2015 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16import copy
Lance Bragstada2c4ebc2015-10-05 20:34:39 +000017import time
Jane Zadorozhna9c938c62015-07-01 17:06:16 +030018
Jane Zadorozhna9c938c62015-07-01 17:06:16 +030019from tempest.api.identity import base
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -050020from tempest.lib.common.utils import data_utils
21from tempest.lib import exceptions
Jane Zadorozhna9c938c62015-07-01 17:06:16 +030022from tempest import manager
23from tempest import test
24
25
26class IdentityV3UsersTest(base.BaseIdentityV3Test):
27
28 @classmethod
29 def resource_setup(cls):
30 super(IdentityV3UsersTest, cls).resource_setup()
31 cls.creds = cls.os.credentials
32 cls.user_id = cls.creds.user_id
33 cls.username = cls.creds.username
34 cls.password = cls.creds.password
35
36 @test.idempotent_id('ad71bd23-12ad-426b-bb8b-195d2b635f27')
37 def test_user_update_own_password(self):
38 self.new_creds = copy.copy(self.creds.credentials)
39 self.new_creds.password = data_utils.rand_password()
40 # we need new non-admin Identity V3 Client with new credentials, since
Daniel Mellado7aea5342016-02-09 09:10:12 +000041 # current non_admin_users_client token will be revoked after updating
Jane Zadorozhna9c938c62015-07-01 17:06:16 +030042 # password
Daniel Mellado7aea5342016-02-09 09:10:12 +000043 self.non_admin_users_client_for_cleanup = (
44 copy.copy(self.non_admin_users_client))
45 self.non_admin_users_client_for_cleanup.auth_provider = (
Jane Zadorozhna9c938c62015-07-01 17:06:16 +030046 manager.get_auth_provider(self.new_creds))
47 user_id = self.creds.credentials.user_id
48 old_pass = self.creds.credentials.password
49 new_pass = self.new_creds.password
50 # to change password back. important for allow_tenant_isolation = false
51 self.addCleanup(
Daniel Mellado7aea5342016-02-09 09:10:12 +000052 self.non_admin_users_client_for_cleanup.update_user_password,
piyush110786983b5f92015-12-15 12:19:04 +053053 user_id,
Jane Zadorozhna9c938c62015-07-01 17:06:16 +030054 password=old_pass,
55 original_password=new_pass)
56
Lance Bragstad144c2f42015-11-19 16:42:37 +000057 # user updates own password
Daniel Mellado7aea5342016-02-09 09:10:12 +000058 self.non_admin_users_client.update_user_password(
piyush110786983b5f92015-12-15 12:19:04 +053059 user_id, password=new_pass, original_password=old_pass)
Lance Bragstad144c2f42015-11-19 16:42:37 +000060
Lance Bragstada2c4ebc2015-10-05 20:34:39 +000061 # TODO(lbragstad): Sleeping after the response status has been checked
62 # and the body loaded as JSON allows requests to fail-fast. The sleep
63 # is necessary because keystone will err on the side of security and
64 # invalidate tokens within a small margin of error (within the same
65 # wall clock second) after a revocation event is issued (such as a
66 # password change). Remove this once keystone and Fernet support
67 # sub-second precision.
68 time.sleep(1)
69
Jane Zadorozhna9c938c62015-07-01 17:06:16 +030070 # check authorization with new password
71 self.non_admin_token.auth(user_id=self.user_id, password=new_pass)
72
73 # authorize with old token should lead to IdentityError (404 code)
74 self.assertRaises(exceptions.IdentityError,
75 self.non_admin_token.auth,
76 token=self.non_admin_client.token)
77
78 # authorize with old password should lead to Unauthorized
79 self.assertRaises(exceptions.Unauthorized,
80 self.non_admin_token.auth,
81 user_id=self.user_id,
82 password=old_pass)