"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/unit/identity/test_backend_sql.py" between
keystone-16.0.1.tar.gz and keystone-16.0.2.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Train" series (maintained release).

test_backend_sql.py  (keystone-16.0.1):test_backend_sql.py  (keystone-16.0.2)
skipping to change at line 572 skipping to change at line 572
PROVIDERS.identity_api.authenticate, PROVIDERS.identity_api.authenticate,
user_id=self.user['id'], user_id=self.user['id'],
password=uuid.uuid4().hex) password=uuid.uuid4().hex)
# authenticate with correct password # authenticate with correct password
PROVIDERS.identity_api.authenticate( PROVIDERS.identity_api.authenticate(
user_id=self.user['id'], user_id=self.user['id'],
password=self.password password=self.password
) )
# test locking out user after max failed attempts # test locking out user after max failed attempts
self._fail_auth_repeatedly(self.user['id']) self._fail_auth_repeatedly(self.user['id'])
self.assertRaises(exception.AccountLocked, self.assertRaises(exception.Unauthorized,
PROVIDERS.identity_api.authenticate, PROVIDERS.identity_api.authenticate,
user_id=self.user['id'], user_id=self.user['id'],
password=uuid.uuid4().hex) password=uuid.uuid4().hex)
def test_lock_out_for_ignored_user(self): def test_lock_out_for_ignored_user(self):
# mark the user as exempt from failed password attempts # mark the user as exempt from failed password attempts
# ignore user and reset password, password not expired # ignore user and reset password, password not expired
self.user['options'][iro.IGNORE_LOCKOUT_ATTEMPT_OPT.option_name] = True self.user['options'][iro.IGNORE_LOCKOUT_ATTEMPT_OPT.option_name] = True
PROVIDERS.identity_api.update_user(self.user['id'], self.user) PROVIDERS.identity_api.update_user(self.user['id'], self.user)
skipping to change at line 601 skipping to change at line 601
# authenticate with correct password, account should not be locked # authenticate with correct password, account should not be locked
PROVIDERS.identity_api.authenticate( PROVIDERS.identity_api.authenticate(
user_id=self.user['id'], user_id=self.user['id'],
password=self.password password=self.password
) )
def test_set_enabled_unlocks_user(self): def test_set_enabled_unlocks_user(self):
with self.make_request(): with self.make_request():
# lockout user # lockout user
self._fail_auth_repeatedly(self.user['id']) self._fail_auth_repeatedly(self.user['id'])
self.assertRaises(exception.AccountLocked, self.assertRaises(exception.Unauthorized,
PROVIDERS.identity_api.authenticate, PROVIDERS.identity_api.authenticate,
user_id=self.user['id'], user_id=self.user['id'],
password=uuid.uuid4().hex) password=uuid.uuid4().hex)
# set enabled, user should be unlocked # set enabled, user should be unlocked
self.user['enabled'] = True self.user['enabled'] = True
PROVIDERS.identity_api.update_user(self.user['id'], self.user) PROVIDERS.identity_api.update_user(self.user['id'], self.user)
user_ret = PROVIDERS.identity_api.authenticate( user_ret = PROVIDERS.identity_api.authenticate(
user_id=self.user['id'], user_id=self.user['id'],
password=self.password password=self.password
) )
self.assertTrue(user_ret['enabled']) self.assertTrue(user_ret['enabled'])
def test_lockout_duration(self): def test_lockout_duration(self):
# freeze time # freeze time
with freezegun.freeze_time(datetime.datetime.utcnow()) as frozen_time: with freezegun.freeze_time(datetime.datetime.utcnow()) as frozen_time:
with self.make_request(): with self.make_request():
# lockout user # lockout user
self._fail_auth_repeatedly(self.user['id']) self._fail_auth_repeatedly(self.user['id'])
self.assertRaises(exception.AccountLocked, self.assertRaises(exception.Unauthorized,
PROVIDERS.identity_api.authenticate, PROVIDERS.identity_api.authenticate,
user_id=self.user['id'], user_id=self.user['id'],
password=uuid.uuid4().hex) password=uuid.uuid4().hex)
# freeze time past the duration, user should be unlocked and # freeze time past the duration, user should be unlocked and
# failed auth count should get reset # failed auth count should get reset
frozen_time.tick(delta=datetime.timedelta( frozen_time.tick(delta=datetime.timedelta(
seconds=CONF.security_compliance.lockout_duration + 1)) seconds=CONF.security_compliance.lockout_duration + 1))
PROVIDERS.identity_api.authenticate( PROVIDERS.identity_api.authenticate(
user_id=self.user['id'], user_id=self.user['id'],
password=self.password password=self.password
skipping to change at line 646 skipping to change at line 646
PROVIDERS.identity_api.authenticate, PROVIDERS.identity_api.authenticate,
user_id=self.user['id'], user_id=self.user['id'],
password=uuid.uuid4().hex) password=uuid.uuid4().hex)
def test_lockout_duration_failed_auth_cnt_resets(self): def test_lockout_duration_failed_auth_cnt_resets(self):
# freeze time # freeze time
with freezegun.freeze_time(datetime.datetime.utcnow()) as frozen_time: with freezegun.freeze_time(datetime.datetime.utcnow()) as frozen_time:
with self.make_request(): with self.make_request():
# lockout user # lockout user
self._fail_auth_repeatedly(self.user['id']) self._fail_auth_repeatedly(self.user['id'])
self.assertRaises(exception.AccountLocked, self.assertRaises(exception.Unauthorized,
PROVIDERS.identity_api.authenticate, PROVIDERS.identity_api.authenticate,
user_id=self.user['id'], user_id=self.user['id'],
password=uuid.uuid4().hex) password=uuid.uuid4().hex)
# freeze time past the duration, failed_auth_cnt should reset # freeze time past the duration, failed_auth_cnt should reset
frozen_time.tick(delta=datetime.timedelta( frozen_time.tick(delta=datetime.timedelta(
seconds=CONF.security_compliance.lockout_duration + 1)) seconds=CONF.security_compliance.lockout_duration + 1))
# repeat failed auth the max times # repeat failed auth the max times
self._fail_auth_repeatedly(self.user['id']) self._fail_auth_repeatedly(self.user['id'])
# test user account is locked # test user account is locked
self.assertRaises(exception.AccountLocked, self.assertRaises(exception.Unauthorized,
PROVIDERS.identity_api.authenticate, PROVIDERS.identity_api.authenticate,
user_id=self.user['id'], user_id=self.user['id'],
password=uuid.uuid4().hex) password=uuid.uuid4().hex)
def _fail_auth_repeatedly(self, user_id): def _fail_auth_repeatedly(self, user_id):
wrong_password = uuid.uuid4().hex wrong_password = uuid.uuid4().hex
for _ in range(CONF.security_compliance.lockout_failure_attempts): for _ in range(CONF.security_compliance.lockout_failure_attempts):
with self.make_request(): with self.make_request():
self.assertRaises(AssertionError, self.assertRaises(AssertionError,
PROVIDERS.identity_api.authenticate, PROVIDERS.identity_api.authenticate,
 End of changes. 5 change blocks. 
5 lines changed or deleted 5 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)