diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-11-11 22:10:13 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-11-11 22:10:13 +0000 |
commit | 2e64d78c78088115ee3c2c13fc3805dfad30cc8b (patch) | |
tree | 999460e81233620eebf4eaad94905c9881c81381 | |
parent | 08189f93fe963ae80cd14a2801d130be81c936d5 (diff) | |
parent | a7037547fecf0998ea09b1139123c3c1ef97472d (diff) | |
download | keystone-2e64d78c78088115ee3c2c13fc3805dfad30cc8b.tar.gz |
Merge "Add test showing password logged" into stable/juno
-rw-r--r-- | keystone/tests/test_v3_identity.py | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/keystone/tests/test_v3_identity.py b/keystone/tests/test_v3_identity.py index 6542a47b0..dfcffda9d 100644 --- a/keystone/tests/test_v3_identity.py +++ b/keystone/tests/test_v3_identity.py @@ -12,8 +12,10 @@ # License for the specific language governing permissions and limitations # under the License. +import logging import uuid +import fixtures from oslo.config import cfg from testtools import matchers @@ -1657,6 +1659,45 @@ class IdentityTestCase(test_v3.RestfulTestCase): self.assertRoleAssignmentInListResponse(r, up1_entity, link_url=gp1_url) + def test_create_user_password_not_logged(self): + # When a user is created, the password isn't logged at any level. + + # FIXME(blk-u): This doesn't work as expected, see bug 1465922 + + log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG)) + + ref = self.new_user_ref(domain_id=self.domain_id) + self.post( + '/users', + body={'user': ref}) + + # This should be assert*Not*In, see bug 1465922 + self.assertIn(ref['password'], log_fix.output) + + def test_update_password_not_logged(self): + # When admin modifies user password, the password isn't logged at any + # level. + + # FIXME(blk-u): This doesn't work as expected, see bug 1465922 + + log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG)) + + # bootstrap a user as admin + user_ref = self.new_user_ref(domain_id=self.domain['id']) + password = user_ref['password'] + user_ref = self.identity_api.create_user(user_ref) + + # administrative password reset + new_password = uuid.uuid4().hex + self.patch('/users/%s' % user_ref['id'], + body={'user': {'password': new_password}}, + expected_status=200) + + self.assertNotIn(password, log_fix.output) + + # This should be assert*Not*In, see bug 1465922 + self.assertIn(new_password, log_fix.output) + class IdentityInheritanceTestCase(test_v3.RestfulTestCase): """Test inheritance crud and its effects.""" @@ -2300,3 +2341,21 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase): self.change_password(password=uuid.uuid4().hex, original_password=self.user_ref['password'], expected_status=401) + + def test_changing_password_not_logged(self): + # When a user changes their password, the password isn't logged at any + # level. + + # FIXME(blk-u): This doesn't work as expected, see bug 1465922 + + log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG)) + + # change password + new_password = uuid.uuid4().hex + self.change_password(password=new_password, + original_password=self.user_ref['password'], + expected_status=204) + + # These should be assert*Not*In, see bug 1465922 + self.assertIn(self.user_ref['password'], log_fix.output) + self.assertIn(new_password, log_fix.output) |