Revoke tokens on user delete (bug 1166670)

Change-Id: Id8a2972c9adb572ef9d2b7f03bcf07a8de5614ab
This commit is contained in:
Dolph Mathews 2013-05-09 10:06:35 -05:00
parent b874c8f581
commit 678b06a91f
2 changed files with 25 additions and 0 deletions

View File

@ -223,6 +223,7 @@ class User(controller.V2Controller):
def delete_user(self, context, user_id):
self.assert_admin(context)
self.identity_api.delete_user(context, user_id)
self._delete_tokens_for_user(context, user_id)
def set_user_enabled(self, context, user_id, user):
return self.update_user(context, user_id, user)

View File

@ -396,6 +396,30 @@ class KeystoneClientTests(object):
self.get_client,
self.user_foo)
def test_delete_user_invalidates_token(self):
from keystoneclient import exceptions as client_exceptions
admin_client = self.get_client(admin=True)
client = self.get_client(admin=False)
username = uuid.uuid4().hex
password = uuid.uuid4().hex
user_id = admin_client.users.create(
name=username, password=password, email=uuid.uuid4().hex).id
token_id = client.tokens.authenticate(
username=username, password=password).id
# token should be usable before the user is deleted
client.tokens.authenticate(token=token_id)
admin_client.users.delete(user=user_id)
# authenticate with a token should not work after the user is deleted
self.assertRaises(client_exceptions.Unauthorized,
client.tokens.authenticate,
token=token_id)
def test_token_expiry_maintained(self):
foo_client = self.get_client(self.user_foo)