diff options
author | RHE <rebirthmonkey@gmail.com> | 2017-11-24 13:54:26 +0100 |
---|---|---|
committer | RHE <rebirthmonkey@gmail.com> | 2017-11-24 13:54:26 +0100 |
commit | 920a49cfa055733d575282973e23558c33087a4a (patch) | |
tree | d371dab34efa5028600dad2e7ca58063626e7ba4 /keystone-moon/keystone/tests/unit/test_auth_plugin.py | |
parent | ef3eefca70d8abb4a00dafb9419ad32738e934b2 (diff) |
remove keystone-moon
Change-Id: I80d7c9b669f19d5f6607e162de8e0e55c2f80fdd
Signed-off-by: RHE <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/tests/unit/test_auth_plugin.py')
-rw-r--r-- | keystone-moon/keystone/tests/unit/test_auth_plugin.py | 190 |
1 files changed, 0 insertions, 190 deletions
diff --git a/keystone-moon/keystone/tests/unit/test_auth_plugin.py b/keystone-moon/keystone/tests/unit/test_auth_plugin.py deleted file mode 100644 index f0862ed6..00000000 --- a/keystone-moon/keystone/tests/unit/test_auth_plugin.py +++ /dev/null @@ -1,190 +0,0 @@ -# Copyright 2013 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import uuid - -import mock - -from keystone import auth -from keystone import exception -from keystone.tests import unit - - -# for testing purposes only -METHOD_NAME = 'simple_challenge_response' -EXPECTED_RESPONSE = uuid.uuid4().hex -DEMO_USER_ID = uuid.uuid4().hex - - -class SimpleChallengeResponse(auth.AuthMethodHandler): - def authenticate(self, context, auth_payload, user_context): - if 'response' in auth_payload: - if auth_payload['response'] != EXPECTED_RESPONSE: - raise exception.Unauthorized('Wrong answer') - user_context['user_id'] = DEMO_USER_ID - else: - return {"challenge": "What's the name of your high school?"} - - -class TestAuthPlugin(unit.SQLDriverOverrides, unit.TestCase): - def setUp(self): - super(TestAuthPlugin, self).setUp() - self.load_backends() - - self.api = auth.controllers.Auth() - - def config_overrides(self): - super(TestAuthPlugin, self).config_overrides() - method_opts = { - METHOD_NAME: - 'keystone.tests.unit.test_auth_plugin.SimpleChallengeResponse', - } - - self.auth_plugin_config_override( - methods=['external', 'password', 'token', METHOD_NAME], - **method_opts) - - def test_unsupported_auth_method(self): - method_name = uuid.uuid4().hex - auth_data = {'methods': [method_name]} - auth_data[method_name] = {'test': 'test'} - auth_data = {'identity': auth_data} - self.assertRaises(exception.AuthMethodNotSupported, - auth.controllers.AuthInfo.create, - None, - auth_data) - - def test_addition_auth_steps(self): - auth_data = {'methods': [METHOD_NAME]} - auth_data[METHOD_NAME] = { - 'test': 'test'} - auth_data = {'identity': auth_data} - auth_info = auth.controllers.AuthInfo.create(None, auth_data) - auth_context = {'extras': {}, 'method_names': []} - try: - self.api.authenticate({'environment': {}}, auth_info, auth_context) - except exception.AdditionalAuthRequired as e: - self.assertIn('methods', e.authentication) - self.assertIn(METHOD_NAME, e.authentication['methods']) - self.assertIn(METHOD_NAME, e.authentication) - self.assertIn('challenge', e.authentication[METHOD_NAME]) - - # test correct response - auth_data = {'methods': [METHOD_NAME]} - auth_data[METHOD_NAME] = { - 'response': EXPECTED_RESPONSE} - auth_data = {'identity': auth_data} - auth_info = auth.controllers.AuthInfo.create(None, auth_data) - auth_context = {'extras': {}, 'method_names': []} - self.api.authenticate({'environment': {}}, auth_info, auth_context) - self.assertEqual(DEMO_USER_ID, auth_context['user_id']) - - # test incorrect response - auth_data = {'methods': [METHOD_NAME]} - auth_data[METHOD_NAME] = { - 'response': uuid.uuid4().hex} - auth_data = {'identity': auth_data} - auth_info = auth.controllers.AuthInfo.create(None, auth_data) - auth_context = {'extras': {}, 'method_names': []} - self.assertRaises(exception.Unauthorized, - self.api.authenticate, - {'environment': {}}, - auth_info, - auth_context) - - def test_duplicate_method(self): - # Having the same method twice doesn't cause load_auth_methods to fail. - self.auth_plugin_config_override( - methods=['external', 'external']) - self.clear_auth_plugin_registry() - auth.controllers.load_auth_methods() - self.assertIn('external', auth.controllers.AUTH_METHODS) - - -class TestAuthPluginDynamicOptions(TestAuthPlugin): - def config_overrides(self): - super(TestAuthPluginDynamicOptions, self).config_overrides() - # Clear the override for the [auth] ``methods`` option so it is - # possible to load the options from the config file. - self.config_fixture.conf.clear_override('methods', group='auth') - - def config_files(self): - config_files = super(TestAuthPluginDynamicOptions, self).config_files() - config_files.append(unit.dirs.tests_conf('test_auth_plugin.conf')) - return config_files - - -class TestMapped(unit.TestCase): - def setUp(self): - super(TestMapped, self).setUp() - self.load_backends() - - self.api = auth.controllers.Auth() - - def config_files(self): - config_files = super(TestMapped, self).config_files() - config_files.append(unit.dirs.tests_conf('test_auth_plugin.conf')) - return config_files - - def auth_plugin_config_override(self, methods=None, **method_classes): - # Do not apply the auth plugin overrides so that the config file is - # tested - pass - - def _test_mapped_invocation_with_method_name(self, method_name): - with mock.patch.object(auth.plugins.mapped.Mapped, - 'authenticate', - return_value=None) as authenticate: - context = {'environment': {}} - auth_data = { - 'identity': { - 'methods': [method_name], - method_name: {'protocol': method_name}, - } - } - auth_info = auth.controllers.AuthInfo.create(context, auth_data) - auth_context = {'extras': {}, - 'method_names': [], - 'user_id': uuid.uuid4().hex} - self.api.authenticate(context, auth_info, auth_context) - # make sure Mapped plugin got invoked with the correct payload - ((context, auth_payload, auth_context), - kwargs) = authenticate.call_args - self.assertEqual(method_name, auth_payload['protocol']) - - def test_mapped_with_remote_user(self): - with mock.patch.object(auth.plugins.mapped.Mapped, - 'authenticate', - return_value=None) as authenticate: - # external plugin should fail and pass to mapped plugin - method_name = 'saml2' - auth_data = {'methods': [method_name]} - # put the method name in the payload so its easier to correlate - # method name with payload - auth_data[method_name] = {'protocol': method_name} - auth_data = {'identity': auth_data} - auth_info = auth.controllers.AuthInfo.create(None, auth_data) - auth_context = {'extras': {}, - 'method_names': [], - 'user_id': uuid.uuid4().hex} - environment = {'environment': {'REMOTE_USER': 'foo@idp.com'}} - self.api.authenticate(environment, auth_info, auth_context) - # make sure Mapped plugin got invoked with the correct payload - ((context, auth_payload, auth_context), - kwargs) = authenticate.call_args - self.assertEqual(method_name, auth_payload['protocol']) - - def test_supporting_multiple_methods(self): - for method_name in ['saml2', 'openid', 'x509']: - self._test_mapped_invocation_with_method_name(method_name) |