summaryrefslogtreecommitdiff
path: root/tempest/api/identity/v2/test_users.py
blob: 62ddeadd7a656473f19e752c8d4efe62618658d8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# Copyright 2015 OpenStack Foundation
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import copy
import time

from tempest.api.identity import base
from tempest.lib.common.utils import data_utils
from tempest.lib import exceptions
from tempest import manager
from tempest import test


class IdentityUsersTest(base.BaseIdentityV2Test):

    @classmethod
    def resource_setup(cls):
        super(IdentityUsersTest, cls).resource_setup()
        cls.creds = cls.os.credentials
        cls.username = cls.creds.username
        cls.password = cls.creds.password
        cls.tenant_name = cls.creds.tenant_name

    @test.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
    def test_user_update_own_password(self):
        self.new_creds = copy.copy(self.creds.credentials)
        self.new_creds.password = data_utils.rand_password()
        # we need new non-admin Identity Client with new credentials, since
        # current non_admin_client token will be revoked after updating
        # password
        self.non_admin_users_client_for_cleanup = copy.copy(
            self.non_admin_users_client)
        self.non_admin_users_client_for_cleanup.auth_provider = (
            manager.get_auth_provider(self.new_creds))
        user_id = self.creds.credentials.user_id
        old_pass = self.creds.credentials.password
        new_pass = self.new_creds.password

        # to change password back. important for allow_tenant_isolation = false
        self.addCleanup(
            self.non_admin_users_client_for_cleanup.update_user_own_password,
            user_id, original_password=new_pass, password=old_pass)
        # user updates own password
        self.non_admin_users_client.update_user_own_password(
            user_id, password=new_pass, original_password=old_pass)
        # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
        # Keystone should only be precise to the second. Sleep to ensure
        # we are passing the second boundary.
        time.sleep(1)

        # check authorization with new password
        self.non_admin_token_client.auth(self.username,
                                         new_pass,
                                         self.tenant_name)

        # authorize with old token should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth_token,
                          self.non_admin_users_client.token)

        # authorize with old password should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth,
                          self.username,
                          old_pass,
                          self.tenant_name)