From bef7f497f0fdcb7d9f529c8b0a811d79b4465f3a Mon Sep 17 00:00:00 2001
From: Brant Knudson <bknudson@us.ibm.com>
Date: Thu, 24 Apr 2014 18:29:07 -0500
Subject: [PATCH] Enhance tests for auth_token middleware

There was code in _verify_uuid_token that was not covered by unit
tests. This change increases the coverage.

Change-Id: I63e171a0a8e63ae599c967adc9ff09670063b807
Related-Bug: #1174499
---
 .../tests/test_auth_token_middleware.py       | 41 ++++++++++++++++---
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/keystoneclient/tests/test_auth_token_middleware.py b/keystoneclient/tests/test_auth_token_middleware.py
index 68af153bc..69f25a93e 100644
--- a/keystoneclient/tests/test_auth_token_middleware.py
+++ b/keystoneclient/tests/test_auth_token_middleware.py
@@ -519,8 +519,10 @@ class CommonAuthTokenMiddlewareTest(object):
         self.assertIn('keystone.token_info', req.environ)
 
     def test_valid_uuid_request(self):
-        self.assert_valid_request_200(self.token_dict['uuid_token_default'])
-        self.assert_valid_last_url(self.token_dict['uuid_token_default'])
+        for _ in range(2):  # Do it twice because first result was cached.
+            token = self.token_dict['uuid_token_default']
+            self.assert_valid_request_200(token)
+            self.assert_valid_last_url(token)
 
     def test_valid_uuid_request_with_auth_fragments(self):
         del self.conf['identity_uri']
@@ -532,11 +534,32 @@ class CommonAuthTokenMiddlewareTest(object):
         self.assert_valid_request_200(self.token_dict['uuid_token_default'])
         self.assert_valid_last_url(self.token_dict['uuid_token_default'])
 
+    def _test_cache_revoked(self, token, revoked_form=None):
+        # When the token is cached and revoked, 401 is returned.
+
+        req = webob.Request.blank('/')
+        req.headers['X-Auth-Token'] = token
+
+        # Token should be cached as ok after this.
+        self.middleware(req.environ, self.start_fake_response)
+        self.assertEqual(200, self.response_status)
+
+        # Put it in revocation list.
+        self.middleware.token_revocation_list = self.get_revocation_list_json(
+            token_ids=[revoked_form or token])
+        self.middleware(req.environ, self.start_fake_response)
+        self.assertEqual(401, self.response_status)
+
+    def test_cached_revoked_uuid(self):
+        # When the UUID token is cached and revoked, 401 is returned.
+        self._test_cache_revoked(self.token_dict['uuid_token_default'])
+
     def test_valid_signed_request(self):
-        self.assert_valid_request_200(
-            self.token_dict['signed_token_scoped'])
-        #ensure that signed requests do not generate HTTP traffic
-        self.assertLastPath(None)
+        for _ in range(2):  # Do it twice because first result was cached.
+            self.assert_valid_request_200(
+                self.token_dict['signed_token_scoped'])
+            #ensure that signed requests do not generate HTTP traffic
+            self.assertLastPath(None)
 
     def test_revoked_token_receives_401(self):
         self.middleware.token_revocation_list = self.get_revocation_list_json()
@@ -545,6 +568,12 @@ class CommonAuthTokenMiddlewareTest(object):
         self.middleware(req.environ, self.start_fake_response)
         self.assertEqual(self.response_status, 401)
 
+    def test_cached_revoked_pki(self):
+        # When the PKI token is cached and revoked, 401 is returned.
+        token = self.token_dict['signed_token_scoped']
+        revoked_form = cms.cms_hash_token(token)
+        self._test_cache_revoked(token, revoked_form)
+
     def get_revocation_list_json(self, token_ids=None):
         if token_ids is None:
             token_ids = [self.token_dict['revoked_token_hash']]