aboutsummaryrefslogtreecommitdiffstats
path: root/keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py')
-rw-r--r--keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py59
1 files changed, 58 insertions, 1 deletions
diff --git a/keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index bb572aa3..e6a495f4 100644
--- a/keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -21,6 +21,7 @@ import stat
import tempfile
import time
import uuid
+import warnings
import fixtures
from keystoneclient import auth
@@ -313,6 +314,11 @@ class BaseAuthTokenMiddlewareTest(base.BaseAuthTokenTestCase):
self.response_status = None
self.response_headers = None
+ # NOTE(gyee): For this test suite and for the stable liberty branch
+ # only, we will ignore deprecated calls that keystonemiddleware makes.
+ warnings.filterwarnings('ignore', category=DeprecationWarning,
+ module='^keystonemiddleware\\.')
+
def call_middleware(self, **kwargs):
return self.call(self.middleware, **kwargs)
@@ -773,6 +779,33 @@ class CommonAuthTokenMiddlewareTest(object):
resp = self.call_middleware(headers={'X-Auth-Token': token})
self.assertEqual(401, resp.status_int)
+ def test_cached_revoked_error(self):
+ # When the token is cached and revocation list retrieval fails,
+ # 503 is returned
+ token = self.token_dict['uuid_token_default']
+ self.middleware._check_revocations_for_cached = True
+
+ # Token should be cached as ok after this.
+ resp = self.call_middleware(headers={'X-Auth-Token': token})
+ self.assertEqual(200, resp.status_int)
+
+ # Cause the revocation list to be fetched again next time so we can
+ # test the case where that retrieval fails
+ self.middleware._revocations._fetched_time = datetime.datetime.min
+ with mock.patch.object(self.middleware._revocations, '_fetch',
+ side_effect=exc.RevocationListError):
+ resp = self.call_middleware(headers={'X-Auth-Token': token})
+ self.assertEqual(503, resp.status_int)
+
+ def test_unexpected_exception_in_validate_offline(self):
+ # When an unexpected exception is hit during _validate_offline,
+ # 500 is returned
+ token = self.token_dict['uuid_token_default']
+ with mock.patch.object(self.middleware, '_validate_offline',
+ side_effect=Exception):
+ resp = self.call_middleware(headers={'X-Auth-Token': token})
+ self.assertEqual(500, resp.status_int)
+
def test_cached_revoked_uuid(self):
# When the UUID token is cached and revoked, 401 is returned.
self._test_cache_revoked(self.token_dict['uuid_token_default'])
@@ -869,6 +902,30 @@ class CommonAuthTokenMiddlewareTest(object):
def test_revoked_hashed_pkiz_token(self):
self._test_revoked_hashed_token('signed_token_scoped_pkiz')
+ def test_revoked_pki_token_by_audit_id(self):
+ # When the audit ID is in the revocation list, the token is invalid.
+ self.set_middleware()
+ token = self.token_dict['signed_token_scoped']
+
+ # Put the token audit ID in the revocation list,
+ # the entry will have a false token ID so the token ID doesn't match.
+ fake_token_id = uuid.uuid4().hex
+ # The audit_id value is in examples/pki/cms/auth_*_token_scoped.json.
+ audit_id = 'SLIXlXQUQZWUi9VJrqdXqA'
+ revocation_list_data = {
+ 'revoked': [
+ {
+ 'id': fake_token_id,
+ 'audit_id': audit_id
+ },
+ ]
+ }
+ self.middleware._revocations._list = jsonutils.dumps(
+ revocation_list_data)
+
+ resp = self.call_middleware(headers={'X-Auth-Token': token})
+ self.assertEqual(401, resp.status_int)
+
def get_revocation_list_json(self, token_ids=None, mode=None):
if token_ids is None:
key = 'revoked_token_hash' + (('_' + mode) if mode else '')
@@ -2085,7 +2142,7 @@ class CommonCompositeAuthTests(object):
}
self.update_expected_env(expected_env)
- token = 'invalid-user-token'
+ token = 'invalid-token'
service_token = 'invalid-service-token'
resp = self.call_middleware(headers={'X-Auth-Token': token,
'X-Service-Token': service_token})