def test_bad_consumer_secret(self): consumer = self._create_single_consumer() consumer_id = consumer.get('id') consumer = oauth1.Consumer(consumer_id, "bad_secret") url, headers = self._create_request_token(consumer, self.role_id, self.project_id) self.post(url, headers=headers, expected_status=500)
def test_expired_creating_keystone_token(self): CONF.oauth1.access_token_duration = -1 consumer = self._create_single_consumer() consumer_id = consumer.get('id') consumer_secret = consumer.get('secret') self.consumer = oauth1.Consumer(consumer_id, consumer_secret) self.assertIsNotNone(self.consumer.key) url, headers = self._create_request_token(self.consumer, self.role_id, self.project_id) content = self.post(url, headers=headers) credentials = urlparse.parse_qs(content.result) request_key = credentials.get('oauth_token')[0] request_secret = credentials.get('oauth_token_secret')[0] self.request_token = oauth1.Token(request_key, request_secret) self.assertIsNotNone(self.request_token.key) url = self._authorize_request_token(request_key) resp = self.put(url, expected_status=200) self.verifier = resp.result['token']['oauth_verifier'] self.request_token.set_verifier(self.verifier) url, headers = self._create_access_token(self.consumer, self.request_token) content = self.post(url, headers=headers) credentials = urlparse.parse_qs(content.result) access_key = credentials.get('oauth_token')[0] access_secret = credentials.get('oauth_token_secret')[0] self.access_token = oauth1.Token(access_key, access_secret) self.assertIsNotNone(self.access_token.key) url, headers, body = self._get_oauth_token(self.consumer, self.access_token) self.post(url, headers=headers, body=body, expected_status=401)
def test_bad_requested_roles(self): consumer = self._create_single_consumer() consumer_id = consumer.get('id') consumer_secret = consumer.get('secret') consumer = oauth1.Consumer(consumer_id, consumer_secret) url, headers = self._create_request_token(consumer, "bad_role", self.project_id) self.post(url, headers=headers, expected_status=401)
def test_bad_request_token_key(self): consumer = self._create_single_consumer() consumer_id = consumer.get('id') consumer_secret = consumer.get('secret') consumer = oauth1.Consumer(consumer_id, consumer_secret) url, headers = self._create_request_token(consumer, self.role_id, self.project_id) self.post(url, headers=headers) url = self._authorize_request_token("bad_key") self.put(url, expected_status=404)
def test_bad_authorizing_roles(self): consumer = self._create_single_consumer() consumer_id = consumer.get('id') consumer_secret = consumer.get('secret') consumer = oauth1.Consumer(consumer_id, consumer_secret) url, headers = self._create_request_token(consumer, self.role_id, self.project_id) content = self.post(url, headers=headers) credentials = urlparse.parse_qs(content.result) request_key = credentials.get('oauth_token')[0] self.identity_api.remove_role_from_user_and_project( self.user_id, self.project_id, self.role_id) url = self._authorize_request_token(request_key) self.admin_request(path=url, method='PUT', expected_status=404)
def authenticate(self, context, auth_info, auth_context): """Turn a signed request with an access key into a keystone token.""" headers = context['headers'] oauth_headers = oauth.get_oauth_headers(headers) consumer_id = oauth_headers.get('oauth_consumer_key') access_token_id = oauth_headers.get('oauth_token') if not access_token_id: raise exception.ValidationError(attribute='oauth_token', target='request') acc_token = self.oauth_api.get_access_token(access_token_id) consumer = self.oauth_api._get_consumer(consumer_id) expires_at = acc_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Access token is expired')) consumer_obj = oauth1.Consumer(key=consumer['id'], secret=consumer['secret']) acc_token_obj = oauth1.Token(key=acc_token['id'], secret=acc_token['access_secret']) url = oauth.rebuild_url(context['path']) oauth_request = oauth1.Request.from_request( http_method='POST', http_url=url, headers=context['headers'], query_string=context['query_string']) oauth_server = oauth1.Server() oauth_server.add_signature_method(oauth1.SignatureMethod_HMAC_SHA1()) params = oauth_server.verify_request(oauth_request, consumer_obj, token=acc_token_obj) if len(params) != 0: msg = _('There should not be any non-oauth parameters') raise exception.Unauthorized(message=msg) auth_context['user_id'] = acc_token['authorizing_user_id'] auth_context['access_token_id'] = access_token_id auth_context['project_id'] = acc_token['project_id']
def test_expired_authorizing_request_token(self): CONF.oauth1.request_token_duration = -1 consumer = self._create_single_consumer() consumer_id = consumer.get('id') consumer_secret = consumer.get('secret') self.consumer = oauth1.Consumer(consumer_id, consumer_secret) self.assertIsNotNone(self.consumer.key) url, headers = self._create_request_token(self.consumer, self.role_id, self.project_id) content = self.post(url, headers=headers) credentials = urlparse.parse_qs(content.result) request_key = credentials.get('oauth_token')[0] request_secret = credentials.get('oauth_token_secret')[0] self.request_token = oauth1.Token(request_key, request_secret) self.assertIsNotNone(self.request_token.key) url = self._authorize_request_token(request_key) self.put(url, expected_status=401)
def test_bad_verifier(self): consumer = self._create_single_consumer() consumer_id = consumer.get('id') consumer_secret = consumer.get('secret') consumer = oauth1.Consumer(consumer_id, consumer_secret) url, headers = self._create_request_token(consumer, self.role_id, self.project_id) content = self.post(url, headers=headers) credentials = urlparse.parse_qs(content.result) request_key = credentials.get('oauth_token')[0] request_secret = credentials.get('oauth_token_secret')[0] request_token = oauth1.Token(request_key, request_secret) url = self._authorize_request_token(request_key) resp = self.put(url, expected_status=200) verifier = resp.result['token']['oauth_verifier'] self.assertIsNotNone(verifier) request_token.set_verifier("bad verifier") url, headers = self._create_access_token(consumer, request_token) self.post(url, headers=headers, expected_status=401)
def test_oauth_flow(self): consumer = self._create_single_consumer() consumer_id = consumer.get('id') consumer_secret = consumer.get('secret') self.consumer = oauth1.Consumer(consumer_id, consumer_secret) self.assertIsNotNone(self.consumer.key) url, headers = self._create_request_token(self.consumer, self.project_id) content = self.post(url, headers=headers) credentials = urlparse.parse_qs(content.result) request_key = credentials.get('oauth_token')[0] request_secret = credentials.get('oauth_token_secret')[0] self.request_token = oauth1.Token(request_key, request_secret) self.assertIsNotNone(self.request_token.key) url = self._authorize_request_token(request_key) body = {'roles': [{'id': self.role_id}]} resp = self.put(url, body=body, expected_status=200) self.verifier = resp.result['token']['oauth_verifier'] self.request_token.set_verifier(self.verifier) url, headers = self._create_access_token(self.consumer, self.request_token) content = self.post(url, headers=headers) credentials = urlparse.parse_qs(content.result) access_key = credentials.get('oauth_token')[0] access_secret = credentials.get('oauth_token_secret')[0] self.access_token = oauth1.Token(access_key, access_secret) self.assertIsNotNone(self.access_token.key) url, headers, body = self._get_oauth_token(self.consumer, self.access_token) content = self.post(url, headers=headers, body=body) self.keystone_token_id = content.headers.get('X-Subject-Token') self.keystone_token = content.result.get('token') self.assertIsNotNone(self.keystone_token_id)