def test_invalid_credentials(self):
user = self.data.user
form_data = {'region': settings.OPENSTACK_KEYSTONE_URL,
'domain': DEFAULT_DOMAIN,
'password': "******",
'username': user.name}
self.mox.StubOutWithMock(self.ks_client_module, "Client")
exc = keystone_exceptions.Unauthorized(401)
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
password="******",
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
debug=False).AndRaise(exc)
self.mox.ReplayAll()
url = reverse('login')
# GET the page to set the test cookie.
response = self.client.get(url, form_data)
self.assertEqual(response.status_code, 200)
# POST to the page to log in.
response = self.client.post(url, form_data)
self.assertTemplateUsed(response, 'auth/login.html')
self.assertContains(response, "Invalid user name or password.")
def test_login_first_tenant_invalid(self):
form_data = {
'method': 'Login',
'region': 'http://localhost:5000/v2.0',
'password': self.user.password,
'username': self.user.name
}
self.mox.StubOutWithMock(api, 'token_create')
self.mox.StubOutWithMock(api, 'tenant_list_for_token')
self.mox.StubOutWithMock(api, 'token_create_scoped')
aToken = self.tokens.unscoped_token
bToken = self.tokens.scoped_token
disabled_tenant = self.tenants.get(name="disabled_tenant")
tenant = self.tenants.get(name="test_tenant")
tenants = [tenant, disabled_tenant]
api.token_create(IsA(http.HttpRequest), "", self.user.name,
self.user.password).AndReturn(aToken)
api.tenant_list_for_token(IsA(http.HttpRequest),
aToken.id).AndReturn(tenants)
exc = keystone_exceptions.Unauthorized("Not authorized.")
api.token_create_scoped(IsA(http.HttpRequest), disabled_tenant.id,
aToken.id).AndRaise(exc)
api.token_create_scoped(IsA(http.HttpRequest), tenant.id,
aToken.id).AndReturn(bToken)
self.mox.ReplayAll()
res = self.client.post(reverse('horizon:auth_login'), form_data)
self.assertNoFormErrors(res)
self.assertNoMessages()
self.assertRedirectsNoFollow(res, DASH_INDEX_URL)
def test_retrieve_keystone_bad_client_authorization_error(self):
url = 'myurl'
tenant_id = '789012345'
token = 'abcdefABCDEF'
bttl = 5
redis_client = fakeredis_connection()
with mock.patch(
'keystoneclient.v2_0.client.Client') as MockKeystoneClient:
MockKeystoneClient.side_effect = exceptions.Unauthorized(
'Mock - invalid client object')
keystone_create_error = auth._retrieve_data_from_keystone(
redis_client, url, tenant_id, token, bttl,
self.default_max_cache_life)
self.assertIsNone(keystone_create_error)
with mock.patch(
'keystoneclient.v2_0.client.Client') as MockKeystoneClient:
MockKeystoneClient.side_effect = exceptions.AuthorizationFailure(
'Mock - invalid client object')
keystone_create_error = auth._retrieve_data_from_keystone(
redis_client, url, tenant_id, token, bttl,
self.default_max_cache_life)
self.assertIsNone(keystone_create_error)
def test_introspect_failed_authentication(self, introspect_mock,
keystone_mock):
conf.CONF.set('discoverd', 'authenticate', 'true')
keystone_mock.side_effect = keystone_exc.Unauthorized()
res = self.app.post('/v1/introspection/uuid1',
headers={'X-Auth-Token': 'token'})
self.assertEqual(403, res.status_code)
self.assertFalse(introspect_mock.called)
keystone_mock.assert_called_once_with(token='token')
def a(a):
if a == 1:
raise keystone_exc.Unauthorized()
if a == 2:
raise keystone_exc.AuthorizationFailure()
if a == 3:
raise keystone_exc.ConnectionRefused()
return a
def check_is_admin(token):
"""Check whether the token is from a user with the admin role.
:param token: Keystone authentication token.
:raises: keystoneclient.exceptions.Unauthorized if the user does not have
the admin role in the tenant provided in the admin_tenant_name option.
"""
kc = keystone.Client(token=token,
tenant_name=conf.get('discoverd',
'admin_tenant_name'),
auth_url=conf.get('discoverd', 'os_auth_url'))
if "admin" not in [role.name
for role in kc.roles.roles_for_user(
kc.user_id,
tenant=kc.tenant_id)]:
raise keystone_exc.Unauthorized()
def test_request_with_bad_credentials(self):
self.m.StubOutWithMock(ks_v3_auth, 'Password')
m = ks_v3_auth.Password(auth_url=self.config['auth_uri'],
password='******',
project_id='tenant_id1',
user_domain_id='default',
username='******')
m.AndRaise(keystone_exc.Unauthorized(401))
self.m.ReplayAll()
req = webob.Request.blank('/tenant_id1/')
req.headers['X_AUTH_USER'] = '******'
req.headers['X_AUTH_KEY'] = 'badpassword'
req.headers['X_AUTH_URL'] = self.config['auth_uri']
self.middleware(req.environ, self._start_fake_response)
self.m.VerifyAll()
self.assertEqual(401, self.response_status)
def test_login_invalid_credentials(self):
self.mox.StubOutWithMock(api, 'token_create')
unauthorized = keystone_exceptions.Unauthorized("Invalid")
api.token_create(IsA(http.HttpRequest), "", self.TEST_USER,
self.PASSWORD).AndRaise(unauthorized)
self.mox.ReplayAll()
form_data = {
'method': 'Login',
'region': 'http://localhost:5000/v2.0,local',
'password': self.PASSWORD,
'username': self.TEST_USER
}
res = self.client.post(reverse('horizon:auth_login'),
form_data,
follow=True)
self.assertTemplateUsed(res, 'splash.html')
def test_invalid_credentials(self):
user = self.data.user
form_data = self.get_form_data(user)
form_data['password'] = "******"
exc = keystone_exceptions.Unauthorized(401)
self._mock_client_password_auth_failure(user.name, "invalid", exc)
self.mox.ReplayAll()
url = reverse('login')
# GET the page to set the test cookie.
response = self.client.get(url, form_data)
self.assertEqual(response.status_code, 200)
# POST to the page to log in.
response = self.client.post(url, form_data)
self.assertTemplateUsed(response, 'auth/login.html')
self.assertContains(response, "Invalid user name or password.")
def test_request_with_bad_credentials(self):
self.m.StubOutWithMock(keystone_client,
'Client',
use_mock_anything=True)
keystone_client.Client(auth_url=self.config['auth_uri'],
cacert=None,
cert=None,
endpoint=self.config['auth_uri'],
insecure=False,
key=None,
password='******',
project_id='tenant_id1',
username='******').AndRaise(
keystone_exc.Unauthorized(401))
self.m.ReplayAll()
req = webob.Request.blank('/tenant_id1/')
req.headers['X_AUTH_USER'] = '******'
req.headers['X_AUTH_KEY'] = 'badpassword'
req.headers['X_AUTH_URL'] = self.config['auth_uri']
self.middleware(req.environ, self._start_fake_response)
self.m.VerifyAll()
self.assertEqual(401, self.response_status)
def test_login_invalid_credentials(self):
self.mox.StubOutWithMock(api, 'token_create')
unauthorized = keystone_exceptions.Unauthorized("Invalid")
unauthorized.silence_logging = True
api.token_create(IsA(http.HttpRequest), "", self.user.name,
self.user.password).AndRaise(unauthorized)
self.mox.ReplayAll()
form_data = {
'method': 'Login',
'region': 'http://localhost:5000/v2.0',
'password': self.user.password,
'username': self.user.name
}
res = self.client.post(reverse('horizon:auth_login'),
form_data,
follow=True)
self.assertTemplateUsed(res, 'horizon/auth/login.html')
# Verify that API error messages are rendered, but not using the
# messages framework.
self.assertContains(res, "Invalid user name or password.")
self.assertNotContains(res, 'class="messages"')
