Fix tests comparing tokens
There were tests that verified that the PKI token body could be encrypted with CMS and compared to the token ID in the response. This test isn't safe because the token body may be different than the token encrypted with CMS since the order of items in the dict can change. The fix is to change the test to decode the PKI token ID and compare that to the response body JSON instead. Conflicts: keystone/tests/test_v3_auth.py Change-Id: Icc649b96071ff084d5c76f2ea2bcf3ecb08a0351
This commit is contained in:
parent
057162108a
commit
89ebfe9bd9
|
@ -128,6 +128,9 @@ class TokenAPITests(object):
|
|||
def test_default_fixture_scope_token(self):
|
||||
self.assertIsNotNone(self.get_scoped_token())
|
||||
|
||||
def verify_token(self, *args, **kwargs):
|
||||
return cms.verify_token(*args, **kwargs)
|
||||
|
||||
def test_v3_token_id(self):
|
||||
auth_data = self.build_authentication_request(
|
||||
user_id=self.user['id'],
|
||||
|
@ -137,10 +140,13 @@ class TokenAPITests(object):
|
|||
token_id = resp.headers.get('X-Subject-Token')
|
||||
self.assertIn('expires_at', token_data['token'])
|
||||
|
||||
expected_token_id = cms.cms_sign_token(json.dumps(token_data),
|
||||
CONF.signing.certfile,
|
||||
CONF.signing.keyfile)
|
||||
self.assertEqual(expected_token_id, token_id)
|
||||
decoded_token = self.verify_token(token_id, CONF.signing.certfile,
|
||||
CONF.signing.ca_certs)
|
||||
decoded_token_dict = json.loads(decoded_token)
|
||||
|
||||
token_resp_dict = json.loads(resp.body)
|
||||
|
||||
self.assertEqual(decoded_token_dict, token_resp_dict)
|
||||
# should be able to validate hash PKI token as well
|
||||
hash_token_id = cms.cms_hash_token(token_id)
|
||||
headers = {'X-Subject-Token': hash_token_id}
|
||||
|
|
Loading…
Reference in New Issue