Bug 888448:

- Changes to allow validate token call return user name as per contract. - Additional test assertions to test the same. - Changes to middleware. Change-Id: I7138deb4a260e47a50625b2c49132691f7e5a970
openstack · Nov 11, 2011 · eed8a93 · eed8a93
1 parent 0777f2d
commit eed8a93
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 13 deletions.
diff --git a/keystone/logic/types/auth.py b/keystone/logic/types/auth.py
@@ -442,7 +442,7 @@ def to_xml(self):
 
         user = etree.Element("user",
             id=unicode(self.user.id),
-            username=unicode(self.user.username))
+            name=unicode(self.user.username))
 
         if self.user.tenant_id is not None:
             user.set('tenantId', unicode(self.user.tenant_id))
@@ -468,7 +468,7 @@ def to_json(self):
 
         user = {
             "id": unicode(self.user.id),
-            "username": unicode(self.user.username)}
+            "name": unicode(self.user.username)}
 
         if self.user.tenant_id is not None:
             user['tenantId'] = unicode(self.user.tenant_id)

diff --git a/keystone/middleware/quantum_auth_token.py b/keystone/middleware/quantum_auth_token.py
@@ -317,7 +317,7 @@ def _expound_claims(self):
             for role_ref in role_refs:
                 roles.append(role_ref["roleId"])
 
-        verified_claims = {'user': token_info['access']['user']['username'],
+        verified_claims = {'user': token_info['access']['user']['name'],
                     'tenant': token_info['access']['user']['tenantId'],
                     'roles': roles}
 

diff --git a/keystone/middleware/swift_auth.py b/keystone/middleware/swift_auth.py
@@ -151,7 +151,7 @@ def _keystone_validate_token(self, claim):
             tenant = identity_info['access']['token']['tenant']['id']
             expires = self.convert_date(
                 identity_info['access']['token']['expires'])
-            user = identity_info['access']['user']['username']
+            user = identity_info['access']['user']['name']
             roles = [x['name'] for x in \
                          identity_info['access']['user']['roles']]
         except(KeyError, IndexError):

diff --git a/keystone/test/functional/test_auth.py b/keystone/test/functional/test_auth.py
@@ -102,7 +102,7 @@ def test_unscoped_user_auth(self):
         self.assertEqual(r.json['access']['token']['id'], self.service_token)
         self.assertTrue(r.json['access']['token']['expires'])
         self.assertEqual(r.json['access']['user']['id'], self.user['id'])
-        self.assertEqual(r.json['access']['user']['username'],
+        self.assertEqual(r.json['access']['user']['name'],
             self.user['name'])
         self.assertEqual(r.json['access']['user']['roles'], [])
 
@@ -121,9 +121,9 @@ def test_user_auth_with_role_on_tenant(self):
 
         # The token shouldn't be scoped to a tenant nor have roles just yet
         self.assertIsNone(unscoped['token'].get('tenant'))
+        self.assertIsNotNone(unscoped.get('user'))
         self.assertIsNotNone(unscoped['user'].get('roles'))
         self.assertEqual(len(unscoped['user']['roles']), 0)
-        self.assertIsNotNone(unscoped.get('user'))
         self.assertEqual(unscoped['user'].get('id'), self.user['id'])
         self.assertEqual(unscoped['user'].get('name'), self.user['name'])
 
@@ -158,7 +158,7 @@ def test_user_auth_with_role_on_tenant(self):
         access = r.json['access']
 
         self.assertEqual(access['user']['id'], self.user['id'])
-        self.assertEqual(access['user']['username'], self.user['name'])
+        self.assertEqual(access['user']['name'], self.user['name'])
         self.assertEqual(access['token']['tenant']['id'], tenant['id'])
         self.assertEqual(access['token']['tenant']['name'], tenant['name'])
 
@@ -243,7 +243,7 @@ def test_user_auth_with_role_on_tenant_xml(self):
         user = r.xml.find('{%s}user' % self.xmlns)
         self.assertIsNotNone(user)
         self.assertEqual(user.get('id'), self.user['id'])
-        self.assertEqual(user.get('username'), self.user['name'])
+        self.assertEqual(user.get('name'), self.user['name'])
         self.assertIsNone(user.get('tenantId'))
 
     def test_scope_to_tenant_by_name(self):
@@ -274,7 +274,7 @@ def test_scope_to_tenant_by_name(self):
         access = r.json['access']
 
         self.assertEqual(access['user']['id'], self.user['id'])
-        self.assertEqual(access['user']['username'], self.user['name'])
+        self.assertEqual(access['user']['name'], self.user['name'])
         self.assertEqual(access['token']['tenant']['id'], tenant['id'])
         self.assertEqual(access['token']['tenant']['name'], tenant['name'])
 
@@ -299,7 +299,7 @@ def test_scope_to_tenant_by_name_with_credentials(self):
         access = r.json['access']
 
         self.assertEqual(access['user']['id'], self.user['id'])
-        self.assertEqual(access['user']['username'], self.user['name'])
+        self.assertEqual(access['user']['name'], self.user['name'])
         self.assertEqual(access['token']['tenant']['id'], tenant['id'])
         self.assertEqual(access['token']['tenant']['name'], tenant['name'])
 

diff --git a/keystone/test/functional/test_client.py b/keystone/test/functional/test_client.py
@@ -28,7 +28,7 @@ def test_admin_validate_token(self):
         token = self.client.admin_token
         result = self.client.validate_token(token)
         self.assertEquals("admin",
-                          result["access"]["user"]["username"])
+                          result["access"]["user"]["name"])
 
     def test_admin_check_token(self):
         """

diff --git a/keystone/test/functional/test_token.py b/keystone/test/functional/test_token.py
@@ -41,6 +41,9 @@ def test_validate_token_true(self):
             self.role['id'])
         self.assertEqual(r.json['access']['user']["roles"][0]['name'],
             self.role['name'])
+        self.assertIsNotNone(r.json['access']['user']['id'], self.user['id'])
+        self.assertIsNotNone(r.json['access']['user']['name'],
+            self.user['name'])
 
     def test_validate_token_true_using_service_token(self):
         self.admin_token = self.service_admin_token
@@ -61,6 +64,8 @@ def test_validate_token_true_xml(self):
 
         user = r.xml.find('{%s}user' % self.xmlns)
         self.assertIsNotNone(user)
+        self.assertEqual(self.user['id'], user.get('id'))
+        self.assertEqual(self.user['name'], user.get('name'))
 
         roles = user.find('{%s}roles' % self.xmlns)
         self.assertIsNotNone(roles)

diff --git a/keystone/test/unit/test_server.py b/keystone/test/unit/test_server.py
@@ -41,7 +41,7 @@ def test_send_result_xml(self):
         user = xml.find("{http://docs.openstack.org/identity/api/v2.0}user")
         token = xml.find("{http://docs.openstack.org/identity/api/v2.0}token")
 
-        self.assertTrue(user.get("username"), "username")
+        self.assertTrue(user.get("name"), "username")
         self.assertTrue(user.get("id"), "id")
         self.assertTrue(user.get("tenantId"), '12345')
         self.assertTrue(token.get("id"), '2231312')
@@ -54,7 +54,7 @@ def test_send_result_json(self):
             "application/json; charset=UTF-8")
         dict = json.loads(response.unicode_body)
         self.assertTrue(dict['access']['user']['id'], 'id')
-        self.assertTrue(dict['access']['user']['username'], 'username')
+        self.assertTrue(dict['access']['user']['name'], 'username')
         self.assertTrue(dict['access']['user']['tenantId'], '12345')
         self.assertTrue(dict['access']['token']['id'], '2231312')
         self.assertTrue(dict['access']['token']['expires'],