# Pastebin lRdJhOap --- a/keystone/tests/unit/identity/test_backend_sql.py +++ b/keystone/tests/unit/identity/test_backend_sql.py @@ -696,9 +696,9 @@ class PasswordExpiresValidationTests(test_backend_sql.SqlTests): password=self.password) def test_authenticate_with_expired_password_for_ignore_user_option(self): - # update the user to have the 'ignore_password_expiry' option set. + # set user to have the 'ignore_password_expiry' option set to False self.user_dict.setdefault('options', {})[ - iro.IGNORE_PASSWORD_EXPIRY_OPT.option_name] = True + iro.IGNORE_PASSWORD_EXPIRY_OPT.option_name] = False # set password created_at so that the password will expire password_created_at = ( datetime.datetime.utcnow() - @@ -706,22 +706,22 @@ class PasswordExpiresValidationTests(test_backend_sql.SqlTests): days=CONF.security_compliance.password_expires_days + 1) ) user = self._create_user(self.user_dict, password_created_at) - # test password is not expired due to ignore list - self.identity_api.authenticate(self.make_request(), - user_id=user['id'], - password=self.password) - - # update user to explicitly have the expiry option to False - user['options'][ - iro.IGNORE_PASSWORD_EXPIRY_OPT.option_name] = False - user = self.identity_api.update_user(user['id'], - user) self.assertRaises(exception.PasswordExpired, self.identity_api.authenticate, self.make_request(), user_id=user['id'], password=self.password) + # update user to explicitly have the expiry option to True + user['options'][ + iro.IGNORE_PASSWORD_EXPIRY_OPT.option_name] = True + user = self.identity_api.update_user(user['id'], + user) + # test password is not expired due to ignore option + self.identity_api.authenticate(self.make_request(), + user_id=user['id'], + password=self.password)