summaryrefslogtreecommitdiffstats
path: root/test/unit/test_kerbauth.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/unit/test_kerbauth.py')
-rw-r--r--test/unit/test_kerbauth.py83
1 files changed, 68 insertions, 15 deletions
diff --git a/test/unit/test_kerbauth.py b/test/unit/test_kerbauth.py
index 471ff58..207558f 100644
--- a/test/unit/test_kerbauth.py
+++ b/test/unit/test_kerbauth.py
@@ -80,7 +80,8 @@ class TestAuth(unittest.TestCase):
patch_filter_factory()
def setUp(self):
- self.test_auth = auth.filter_factory({})(FakeApp())
+ self.test_auth = \
+ auth.filter_factory({'auth_method': 'active'})(FakeApp())
self.test_auth_passive = \
auth.filter_factory({'auth_method': 'passive'})(FakeApp())
@@ -273,13 +274,46 @@ class TestAuth(unittest.TestCase):
self.assertEquals(resp.status_int, REDIRECT_STATUS)
#User given but no key
req = self._make_request('/auth/v1.0',
- headers={'X-Auth-User': 'blah'})
+ headers={'X-Auth-User': 'test:user'})
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+
+ def test_passive_handle_get_token_account_in_req_path(self):
+ req = self._make_request('/v1/test/auth',
+ headers={'X-Auth-User': 'test:user',
+ 'X-Auth-Key': 'password'})
+ _mock_run_kinit = Mock(return_value=0)
+ _mock_get_groups = Mock(return_value="user,auth_test")
+ with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
+ with patch('swiftkerbauth.kerbauth.get_groups_from_username',
+ _mock_get_groups):
+ resp = self.test_auth_passive.handle_get_token(req)
+ _mock_run_kinit.assert_called_once_with('user', 'password')
+ self.assertEquals(_mock_get_groups.call_count, 2)
+ self.assertEquals(resp.status_int, 200)
+ self.assertIsNotNone(resp.headers['X-Auth-Token'])
+ self.assertIsNotNone(resp.headers['X-Storage-Token'])
+ self.assertIsNotNone(resp.headers['X-Storage-Url'])
+
+ def test_passive_handle_get_token_user_invalid_or_no__account(self):
+ #X-Auth-User not in acc:user format
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'user'})
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+ req = self._make_request('/v1/test/auth',
+ headers={'X-Auth-User': 'user'})
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+ # Account name mismatch
+ req = self._make_request('/v1/test/auth',
+ headers={'X-Auth-User': 'wrongacc:user'})
resp = self.test_auth_passive.handle_get_token(req)
self.assertEquals(resp.status_int, 401)
def test_passive_handle_get_token_no_kinit(self):
req = self._make_request('/auth/v1.0',
- headers={'X-Auth-User': 'user',
+ headers={'X-Auth-User': 'test:user',
'X-Auth-Key': 'password'})
_mock_run_kinit = Mock(side_effect=OSError(errno.ENOENT,
os.strerror(errno.ENOENT)))
@@ -291,7 +325,7 @@ class TestAuth(unittest.TestCase):
def test_passive_handle_get_token_kinit_fail(self):
req = self._make_request('/auth/v1.0',
- headers={'X-Auth-User': 'user',
+ headers={'X-Auth-User': 'test:user',
'X-Auth-Key': 'password'})
_mock_run_kinit = Mock(return_value=1)
with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
@@ -301,38 +335,57 @@ class TestAuth(unittest.TestCase):
def test_passive_handle_get_token_kinit_success_token_not_present(self):
req = self._make_request('/auth/v1.0',
- headers={'X-Auth-User': 'user',
+ headers={'X-Auth-User': 'test:user',
'X-Auth-Key': 'password'})
_mock_run_kinit = Mock(return_value=0)
- _mock_get_groups = Mock(return_value="user,admins")
+ _mock_get_groups = Mock(return_value="user,auth_test")
with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
with patch('swiftkerbauth.kerbauth.get_groups_from_username',
_mock_get_groups):
resp = self.test_auth_passive.handle_get_token(req)
- _mock_run_kinit.assert_called_once_with('user', 'password')
_mock_run_kinit.assert_called_once_with('user', 'password')
- _mock_get_groups.assert_called_once_with('user')
+ self.assertEquals(_mock_get_groups.call_count, 2)
self.assertEquals(resp.status_int, 200)
self.assertIsNotNone(resp.headers['X-Auth-Token'])
self.assertIsNotNone(resp.headers['X-Storage-Token'])
+ self.assertIsNotNone(resp.headers['X-Storage-Url'])
def test_passive_handle_get_token_kinit_realm_and_memcache(self):
req = self._make_request('/auth/v1.0',
- headers={'X-Auth-User': 'user',
+ headers={'X-Auth-User': 'test:user',
'X-Auth-Key': 'password'})
req.environ['swift.cache'] = None
_auth_passive = \
auth.filter_factory({'auth_method': 'passive',
'realm_name': 'EXAMPLE.COM'})(FakeApp())
_mock_run_kinit = Mock(return_value=0)
+ _mock_get_groups = Mock(return_value="user,auth_test")
with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
- try:
- _auth_passive.handle_get_token(req)
- except Exception as e:
- self.assertTrue(e.args[0].startswith("Memcache required"))
- else:
- self.fail("Expected Exception - Memcache required")
+ with patch('swiftkerbauth.kerbauth.get_groups_from_username',
+ _mock_get_groups):
+ try:
+ _auth_passive.handle_get_token(req)
+ except Exception as e:
+ self.assertTrue(e.args[0].startswith("Memcache "
+ "required"))
+ else:
+ self.fail("Expected Exception - Memcache required")
_mock_run_kinit.assert_called_once_with('user@EXAMPLE.COM', 'password')
+ _mock_get_groups.assert_called_once_with('user')
+
+ def test_passive_handle_get_token_user_in_any__account(self):
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'test:user',
+ 'X-Auth-Key': 'password'})
+ _mock_run_kinit = Mock(return_value=0)
+ _mock_get_groups = Mock(return_value="user,auth_blah")
+ with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
+ with patch('swiftkerbauth.kerbauth.get_groups_from_username',
+ _mock_get_groups):
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+ _mock_run_kinit.assert_called_once_with('user', 'password')
+ _mock_get_groups.assert_called_once_with('user')
def test_handle(self):
req = self._make_request('/auth/v1.0')
generated by cgit (git 2.34.1) at 2024-04-19 07:24:21 +0000