def test_invalid_credentials(self): user = self.data.user form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': "******", 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") exc = keystone_exceptions.Unauthorized(401) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password="******", username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, debug=False).AndRaise(exc) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, "Invalid user name or password.")
def test_login_first_tenant_invalid(self): form_data = { 'method': 'Login', 'region': 'http://localhost:5000/v2.0', 'password': self.user.password, 'username': self.user.name } self.mox.StubOutWithMock(api, 'token_create') self.mox.StubOutWithMock(api, 'tenant_list_for_token') self.mox.StubOutWithMock(api, 'token_create_scoped') aToken = self.tokens.unscoped_token bToken = self.tokens.scoped_token disabled_tenant = self.tenants.get(name="disabled_tenant") tenant = self.tenants.get(name="test_tenant") tenants = [tenant, disabled_tenant] api.token_create(IsA(http.HttpRequest), "", self.user.name, self.user.password).AndReturn(aToken) api.tenant_list_for_token(IsA(http.HttpRequest), aToken.id).AndReturn(tenants) exc = keystone_exceptions.Unauthorized("Not authorized.") api.token_create_scoped(IsA(http.HttpRequest), disabled_tenant.id, aToken.id).AndRaise(exc) api.token_create_scoped(IsA(http.HttpRequest), tenant.id, aToken.id).AndReturn(bToken) self.mox.ReplayAll() res = self.client.post(reverse('horizon:auth_login'), form_data) self.assertNoFormErrors(res) self.assertNoMessages() self.assertRedirectsNoFollow(res, DASH_INDEX_URL)
def test_retrieve_keystone_bad_client_authorization_error(self): url = 'myurl' tenant_id = '789012345' token = 'abcdefABCDEF' bttl = 5 redis_client = fakeredis_connection() with mock.patch( 'keystoneclient.v2_0.client.Client') as MockKeystoneClient: MockKeystoneClient.side_effect = exceptions.Unauthorized( 'Mock - invalid client object') keystone_create_error = auth._retrieve_data_from_keystone( redis_client, url, tenant_id, token, bttl, self.default_max_cache_life) self.assertIsNone(keystone_create_error) with mock.patch( 'keystoneclient.v2_0.client.Client') as MockKeystoneClient: MockKeystoneClient.side_effect = exceptions.AuthorizationFailure( 'Mock - invalid client object') keystone_create_error = auth._retrieve_data_from_keystone( redis_client, url, tenant_id, token, bttl, self.default_max_cache_life) self.assertIsNone(keystone_create_error)
def test_introspect_failed_authentication(self, introspect_mock, keystone_mock): conf.CONF.set('discoverd', 'authenticate', 'true') keystone_mock.side_effect = keystone_exc.Unauthorized() res = self.app.post('/v1/introspection/uuid1', headers={'X-Auth-Token': 'token'}) self.assertEqual(403, res.status_code) self.assertFalse(introspect_mock.called) keystone_mock.assert_called_once_with(token='token')
def a(a): if a == 1: raise keystone_exc.Unauthorized() if a == 2: raise keystone_exc.AuthorizationFailure() if a == 3: raise keystone_exc.ConnectionRefused() return a
def check_is_admin(token): """Check whether the token is from a user with the admin role. :param token: Keystone authentication token. :raises: keystoneclient.exceptions.Unauthorized if the user does not have the admin role in the tenant provided in the admin_tenant_name option. """ kc = keystone.Client(token=token, tenant_name=conf.get('discoverd', 'admin_tenant_name'), auth_url=conf.get('discoverd', 'os_auth_url')) if "admin" not in [role.name for role in kc.roles.roles_for_user( kc.user_id, tenant=kc.tenant_id)]: raise keystone_exc.Unauthorized()
def test_request_with_bad_credentials(self): self.m.StubOutWithMock(ks_v3_auth, 'Password') m = ks_v3_auth.Password(auth_url=self.config['auth_uri'], password='******', project_id='tenant_id1', user_domain_id='default', username='******') m.AndRaise(keystone_exc.Unauthorized(401)) self.m.ReplayAll() req = webob.Request.blank('/tenant_id1/') req.headers['X_AUTH_USER'] = '******' req.headers['X_AUTH_KEY'] = 'badpassword' req.headers['X_AUTH_URL'] = self.config['auth_uri'] self.middleware(req.environ, self._start_fake_response) self.m.VerifyAll() self.assertEqual(401, self.response_status)
def test_login_invalid_credentials(self): self.mox.StubOutWithMock(api, 'token_create') unauthorized = keystone_exceptions.Unauthorized("Invalid") api.token_create(IsA(http.HttpRequest), "", self.TEST_USER, self.PASSWORD).AndRaise(unauthorized) self.mox.ReplayAll() form_data = { 'method': 'Login', 'region': 'http://localhost:5000/v2.0,local', 'password': self.PASSWORD, 'username': self.TEST_USER } res = self.client.post(reverse('horizon:auth_login'), form_data, follow=True) self.assertTemplateUsed(res, 'splash.html')
def test_invalid_credentials(self): user = self.data.user form_data = self.get_form_data(user) form_data['password'] = "******" exc = keystone_exceptions.Unauthorized(401) self._mock_client_password_auth_failure(user.name, "invalid", exc) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, "Invalid user name or password.")
def test_request_with_bad_credentials(self): self.m.StubOutWithMock(keystone_client, 'Client', use_mock_anything=True) keystone_client.Client(auth_url=self.config['auth_uri'], cacert=None, cert=None, endpoint=self.config['auth_uri'], insecure=False, key=None, password='******', project_id='tenant_id1', username='******').AndRaise( keystone_exc.Unauthorized(401)) self.m.ReplayAll() req = webob.Request.blank('/tenant_id1/') req.headers['X_AUTH_USER'] = '******' req.headers['X_AUTH_KEY'] = 'badpassword' req.headers['X_AUTH_URL'] = self.config['auth_uri'] self.middleware(req.environ, self._start_fake_response) self.m.VerifyAll() self.assertEqual(401, self.response_status)
def test_login_invalid_credentials(self): self.mox.StubOutWithMock(api, 'token_create') unauthorized = keystone_exceptions.Unauthorized("Invalid") unauthorized.silence_logging = True api.token_create(IsA(http.HttpRequest), "", self.user.name, self.user.password).AndRaise(unauthorized) self.mox.ReplayAll() form_data = { 'method': 'Login', 'region': 'http://localhost:5000/v2.0', 'password': self.user.password, 'username': self.user.name } res = self.client.post(reverse('horizon:auth_login'), form_data, follow=True) self.assertTemplateUsed(res, 'horizon/auth/login.html') # Verify that API error messages are rendered, but not using the # messages framework. self.assertContains(res, "Invalid user name or password.") self.assertNotContains(res, 'class="messages"')