diff options
| author | Adam Young <ayoung@redhat.com> | 2013-05-28 09:50:51 -0400 |
|---|---|---|
| committer | Thierry Carrez <thierry@openstack.org> | 2013-05-28 16:47:54 +0200 |
| commit | 8fe7a822d3fd9f435bb4a73a838b380659196cf7 (patch) | |
| tree | 7b69c55626b16dc6843e9bdc599485aaf160c89c /tests/test_auth_token_middleware.py | |
| parent | ef6530de45705c6e31021f8934570d7c48a60b8b (diff) | |
| download | python-keystoneclient-8fe7a822d3fd9f435bb4a73a838b380659196cf7.tar.gz | |
Check Expiry
Explicitly checks the expiry on the tokens, and rejects tokens that
have expired
had to regenerate the sample data for the tokens as they all had been
generated with values that are now expired.
bug 1179615
Change-Id: Ie06500d446f55fd0ad67ea540c92d8cfc57483f4
Diffstat (limited to 'tests/test_auth_token_middleware.py')
| -rw-r--r-- | tests/test_auth_token_middleware.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py index ae81293..83ea709 100644 --- a/tests/test_auth_token_middleware.py +++ b/tests/test_auth_token_middleware.py @@ -255,6 +255,9 @@ with open(os.path.join(signing_path, 'auth_v3_token_scoped.pem')) as f: SIGNED_v3_TOKEN_SCOPED = cms.cms_to_token(f.read()) with open(os.path.join(signing_path, 'auth_token_revoked.pem')) as f: REVOKED_TOKEN = cms.cms_to_token(f.read()) +with open(os.path.join(signing_path, + 'auth_token_scoped_expired.pem')) as f: + SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read()) REVOKED_TOKEN_HASH = utils.hash_signed_token(REVOKED_TOKEN) with open(os.path.join(signing_path, 'auth_v3_token_revoked.pem')) as f: REVOKED_v3_TOKEN = cms.cms_to_token(f.read()) @@ -464,7 +467,7 @@ class BaseFakeHTTPConnection(object): body = jsonutils.dumps({ 'access': { 'token': {'id': 'admin_token2', - 'expires': '2012-10-03T16:58:01Z'} + 'expires': '2022-10-03T16:58:01Z'} }, }) return status, body @@ -621,6 +624,7 @@ class BaseAuthTokenMiddlewareTest(testtools.TestCase): 'uuid_token_default': UUID_TOKEN_DEFAULT, 'uuid_token_unscoped': UUID_TOKEN_UNSCOPED, 'signed_token_scoped': SIGNED_TOKEN_SCOPED, + 'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED, 'revoked_token': REVOKED_TOKEN, 'revoked_token_hash': REVOKED_TOKEN_HASH } @@ -1020,6 +1024,13 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): self.middleware(req.environ, self.start_fake_response) self.assertNotEqual(self._get_cached_token(token), None) + def test_expired(self): + req = webob.Request.blank('/') + token = self.token_dict['signed_token_scoped_expired'] + req.headers['X-Auth-Token'] = token + self.middleware(req.environ, self.start_fake_response) + self.assertEqual(self.response_status, 401) + def test_memcache_set_invalid(self): req = webob.Request.blank('/') token = 'invalid-token' @@ -1358,6 +1369,7 @@ class v3AuthTokenMiddlewareTest(AuthTokenMiddlewareTest): 'uuid_token_default': v3_UUID_TOKEN_DEFAULT, 'uuid_token_unscoped': v3_UUID_TOKEN_UNSCOPED, 'signed_token_scoped': SIGNED_v3_TOKEN_SCOPED, + 'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED, 'revoked_token': REVOKED_v3_TOKEN, 'revoked_token_hash': REVOKED_v3_TOKEN_HASH } |