From c3c46d6188015cd5f75e7a6f754fd032ab30ac21 Mon Sep 17 00:00:00 2001
From: Prashanth Pai <ppai@redhat.com>
Date: Thu, 2 Jan 2014 12:20:20 +0530
Subject: Fix users not able to change their own password/key

Users were not able to update their own password/key
with the update operation resulting in 403 (HTTPForbidden).

EXAMPLES:
Command to update password/key of regular user:
gswauth-add-user -U account1:user1 -K old_pass account1 user1 new_pass

Command to update password/key of account admin:
gswauth-add-user -U account1:admin -K old_pass -a account1 admin new_pass

Command to update password/key of reseller_admin:
gswauth-add-user -U account1:radmin -K old_pass -r account1 radmin new_pass

BUG: https://bugs.launchpad.net/gluster-swift/+bug/1262227

Change-Id: I604da5aee67099b29541eb7e51a040a041f1961b
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6650
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6668
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
---
 test/functional_auth/gswauth/test_gswauth.py     |  7 ++-
 test/functional_auth/gswauth/test_gswauth_cli.py | 72 +++++++++++++++++++++++-
 2 files changed, 75 insertions(+), 4 deletions(-)

(limited to 'test/functional_auth/gswauth')

diff --git a/test/functional_auth/gswauth/test_gswauth.py b/test/functional_auth/gswauth/test_gswauth.py
index 3ee3f5d..5219f13 100644
--- a/test/functional_auth/gswauth/test_gswauth.py
+++ b/test/functional_auth/gswauth/test_gswauth.py
@@ -227,15 +227,16 @@ class TestGSWauth(unittest.TestCase):
             # attempt to change password
             path = '%sv2/%s/%s' % (config['auth_prefix'], config['account'],
                     config['username'])
-            headers = self._get_admin_headers()
+            headers = {'X-Auth-Admin-User':
+                       config['account'] + ':' + config['username'],
+                       'X-Auth-Admin-Key': config['password']}
             headers.update({'X-Auth-User-Key': 'newpassword',
                             'Content-Length': '0',
-                            'X-Auth-Admin-Key': config['password'],
                             'X-Auth-User-Admin': 'true'})
             conn = http_connect(config['auth_host'], config['auth_port'], 'PUT',
                     path, headers)
             resp = conn.getresponse()
-            self.assertTrue(resp.status == 401)
+            self.assertTrue(resp.status == 201)
 
         finally:
             try:
diff --git a/test/functional_auth/gswauth/test_gswauth_cli.py b/test/functional_auth/gswauth/test_gswauth_cli.py
index e128b54..8cac619 100644
--- a/test/functional_auth/gswauth/test_gswauth_cli.py
+++ b/test/functional_auth/gswauth/test_gswauth_cli.py
@@ -278,4 +278,74 @@ class TestUser(unittest.TestCase):
 
         #TODO:more testcases?
 
-
+    def testChangeKey(self):
+        # Create account and users
+        (status, output) = Utils.addAccount('test')
+        self.assertEqual(status, 0, 'Account creation failed: ' + output)
+
+        (status, output) = Utils.addAdminUser('test', 'admin', 'password')
+        self.assertEqual(status, 0, 'User addition failed: ' + output)
+
+        (status, output) = Utils.addUser('test', 'user', 'password')
+        self.assertEqual(status, 0, 'User addition failed: ' + output)
+
+        (status, output) = Utils.addResellerAdminUser('test', 'radmin', 'password')
+        self.assertEqual(status, 0, 'User addition failed: ' + output)
+
+        # Change acccount admin password/key
+        (status, output) = Utils.addAdminUser('test', 'admin', 'new_password', user='test:admin', key='password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+
+        # Change regular user password/key
+        (status, output) = Utils.addUser('test', 'user', 'new_password', user='test:user', key='password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+
+        # Change reseller admin password/key
+        (status, output) = Utils.addResellerAdminUser('test', 'radmin', 'new_password', user='test:radmin', key='password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+
+        # To verify that password was changed for real, re-run the above commands, but with the new password
+        # Change acccount admin password/key using the new password
+        (status, output) = Utils.addAdminUser('test', 'admin', 'password', user='test:admin', key='new_password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+
+        # Change regular user password/key using the new password
+        (status, output) = Utils.addUser('test', 'user', 'password', user='test:user', key='new_password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+
+        # Change reseller admin password/key using the new password
+        (status, output) = Utils.addResellerAdminUser('test', 'radmin', 'password', user='test:radmin', key='new_password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+
+        # Make sure that regular user cannot upgrade to admin
+        (status, output) = Utils.addAdminUser('test', 'user', 'password', user='test:user', key='password')
+        self.assertEqual('User creation failed' in output, True, 'Update key failed: ' + output)
+
+        # Make sure that regular user cannot upgrade to reseller_admin
+        (status, output) = Utils.addResellerAdminUser('test', 'user', 'password', user='test:user', key='password')
+        self.assertEqual('User creation failed' in output, True, 'Update key failed: ' + output)
+
+        # Make sure admin cannot update himself to reseller_admin
+        (status, output) = Utils.addResellerAdminUser('test', 'admin', 'password', user='test:admin', key='password')
+        self.assertEqual('User creation failed' in output, True, 'Update key failed: ' + output)
+
+        # Account admin changing regular user password/key
+        (status, output) = Utils.addUser('test', 'user', 'new_password', user='test:admin', key='password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+        # Verify by running the command with new password
+        (status, output) = Utils.addUser('test', 'user', 'password', user='test:user', key='new_password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+
+        # Reseller admin changing regular user password/key
+        (status, output) = Utils.addUser('test', 'user', 'new_password', user='test:radmin', key='password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+        # Verify by running the command with new password
+        (status, output) = Utils.addUser('test', 'user', 'password', user='test:user', key='new_password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+
+        # Reseller admin changing account admin password/key
+        (status, output) = Utils.addAdminUser('test', 'admin', 'new_password', user='test:radmin', key='password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
+        # Verify by running the command with new password
+        (status, output) = Utils.addAdminUser('test', 'admin', 'password', user='test:admin', key='new_password')
+        self.assertEqual(status, 0, 'Update key failed: ' + output)
-- 
cgit