# Authors: # Petr Vobornik # # Copyright (C) 2013 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . """ User tests """ from ipatests.test_webui.crypto_utils import generate_csr from ipatests.test_webui.ui_driver import UI_driver from ipatests.test_webui.ui_driver import screenshot import ipatests.test_webui.data_user as user import ipatests.test_webui.data_group as group import ipatests.test_webui.data_netgroup as netgroup import ipatests.test_webui.data_hbac as hbac import ipatests.test_webui.data_pwpolicy as pwpolicy import ipatests.test_webui.test_rbac as rbac import ipatests.test_webui.data_sudo as sudo import pytest try: from selenium.webdriver.common.by import By from selenium.webdriver.common.keys import Keys from selenium.webdriver.common.action_chains import ActionChains except ImportError: pass EMPTY_MOD = 'no modifications to be performed' USR_EXIST = 'user with name "{}" already exists' USR_ADDED = 'User successfully added' INVALID_SSH_KEY = "invalid 'sshpubkey': invalid SSH public key" INV_FIRSTNAME = ("invalid 'first': Leading and trailing spaces are " "not allowed") FIELD_REQ = 'Required field' ERR_INCLUDE = 'may only include letters, numbers, _, -, . and $' ERR_MISMATCH = 'Passwords must match' ERR_ADMIN_DEL = ('admin cannot be deleted or disabled because it is the last ' 'member of group admins') USR_EXIST = 'user with name "{}" already exists' ENTRY_EXIST = 'This entry already exists' ACTIVE_ERR = 'active user with name "{}" already exists' DISABLED = 'This entry is already disabled' LONG_LOGIN = "invalid 'login': can be at most 32 characters" @pytest.mark.tier1 class user_tasks(UI_driver): def load_file(self, path): with open(path, 'r') as file_d: content = file_d.read() return content def create_email_addr(self, pkey): """ Piece an email address together from hostname due possible different DNS setup """ domain = '.'.join(self.config.get('ipa_server').split('.')[1:]) return '{}@{}'.format(pkey, domain) def add_default_email_for_validation(self, data): """ E-mail is generated automatically and we do not know domain yet in data_user so in order to validate all mail fields we need to get it there. """ mail = self.create_email_addr(user.DATA.get('pkey')) for ele in data['mod_v']: if 'mail' in ele: ele[2].append(mail) return data def assert_user_auth_type(self, auth_type, enabled=True): """ Check if provided auth type is enabled or disabled for the user :param auth_type: one of password, radius, otp, pkinit, hardened or idp :param enabled: check if enabled if True, check for disabled if False """ s_checkbox = 'div[name="ipauserauthtype"] input[value="{}"]'.format( auth_type) checkbox = self.find(s_checkbox, By.CSS_SELECTOR, strict=True) assert checkbox.is_selected() == enabled def add_user_auth_type(self, auth_type, save=False): """ Select user auth type :param auth_type: one of password, radius, otp, pkinit, hardened or idp """ s_checkbox = 'div[name="ipauserauthtype"] input[value="{}"]'.format( auth_type) checkbox = self.find(s_checkbox, By.CSS_SELECTOR, strict=True) if not checkbox.is_selected(): checkbox.click() if save: self.facet_button_click('save') @pytest.mark.tier1 class test_user(user_tasks): @screenshot def test_crud(self): """ Basic CRUD: user """ self.init_app() data = self.add_default_email_for_validation(user.DATA) self.basic_crud(user.ENTITY, data) @screenshot def test_associations(self): """ User direct associations """ self.init_app() # prepare - add user, group, netgroup, role, hbac rule, sudo rule # --------------------------------------------------------------- self.add_record(user.ENTITY, user.DATA, navigate=False) self.add_record(group.ENTITY, group.DATA) self.add_record(netgroup.ENTITY, netgroup.DATA) self.add_record(rbac.ROLE_ENTITY, rbac.ROLE_DATA) self.add_record(hbac.RULE_ENTITY, hbac.RULE_DATA) self.add_record(sudo.RULE_ENTITY, sudo.RULE_DATA) # add & remove associations # ------------------------- self.navigate_to_entity(user.ENTITY) self.navigate_to_record(user.PKEY) self.add_associations([group.PKEY, 'editors'], facet='memberof_group', delete=True) self.add_associations([netgroup.PKEY], facet='memberof_netgroup', delete=True) self.add_associations([rbac.ROLE_PKEY], facet='memberof_role', delete=True) self.add_associations([hbac.RULE_PKEY], facet='memberof_hbacrule', delete=True) self.add_associations([sudo.RULE_PKEY], facet='memberof_sudorule', delete=True) # cleanup # ------- self.delete(user.ENTITY, [user.DATA]) self.delete(group.ENTITY, [group.DATA]) self.delete(netgroup.ENTITY, [netgroup.DATA]) self.delete(rbac.ROLE_ENTITY, [rbac.ROLE_DATA]) self.delete(hbac.RULE_ENTITY, [hbac.RULE_DATA]) self.delete(sudo.RULE_ENTITY, [sudo.RULE_DATA]) @screenshot def test_indirect_associations(self): """ User indirect associations """ self.init_app() # add # --- self.add_record(user.ENTITY, user.DATA, navigate=False) self.add_record(group.ENTITY, group.DATA) self.navigate_to_record(group.PKEY) self.add_associations([user.PKEY]) self.add_record(group.ENTITY, group.DATA2) self.navigate_to_record(group.PKEY2) self.add_associations([group.PKEY], facet='member_group') self.add_record(netgroup.ENTITY, netgroup.DATA) self.navigate_to_record(netgroup.PKEY) self.add_table_associations('memberuser_group', [group.PKEY2]) self.add_record(rbac.ROLE_ENTITY, rbac.ROLE_DATA) self.navigate_to_record(rbac.ROLE_PKEY) self.add_associations([group.PKEY2], facet='member_group') self.add_record(hbac.RULE_ENTITY, hbac.RULE_DATA) self.navigate_to_record(hbac.RULE_PKEY) self.add_table_associations('memberuser_group', [group.PKEY2]) self.add_record(sudo.RULE_ENTITY, sudo.RULE_DATA) self.navigate_to_record(sudo.RULE_PKEY) self.add_table_associations('memberuser_group', [group.PKEY2]) # check indirect associations # --------------------------- self.navigate_to_entity(user.ENTITY, 'search') self.navigate_to_record(user.PKEY) self.assert_indirect_record(group.PKEY2, user.ENTITY, 'memberof_group') self.assert_indirect_record(netgroup.PKEY, user.ENTITY, 'memberof_netgroup') self.assert_indirect_record(rbac.ROLE_PKEY, user.ENTITY, 'memberof_role') self.assert_indirect_record(hbac.RULE_PKEY, user.ENTITY, 'memberof_hbacrule') self.assert_indirect_record(sudo.RULE_PKEY, user.ENTITY, 'memberof_sudorule') # cleanup # ------- self.delete(user.ENTITY, [user.DATA]) self.delete(group.ENTITY, [group.DATA, group.DATA2]) self.delete(netgroup.ENTITY, [netgroup.DATA]) self.delete(rbac.ROLE_ENTITY, [rbac.ROLE_DATA]) self.delete(hbac.RULE_ENTITY, [hbac.RULE_DATA]) self.delete(sudo.RULE_ENTITY, [sudo.RULE_DATA]) @screenshot def test_actions(self): """ Test user actions """ self.init_app() self.add_record(user.ENTITY, user.DATA, navigate=False) self.navigate_to_record(user.PKEY) self.disable_action() self.enable_action() # reset password pwd = self.config.get('ipa_password') self.reset_password_action(pwd) self.assert_text_field('has_password', '******') # unlock option should be disabled for new user self.assert_action_list_action('unlock', enabled=False) # delete self.delete_action(user.ENTITY, user.PKEY, action='delete_active_user') @screenshot def test_certificates(self): """ Test user certificate actions Requires to have CA installed. """ if not self.has_ca(): self.skip('CA is not configured') self.init_app() cert_widget_sel = "div.certificate-widget" self.add_record(user.ENTITY, user.DATA) self.wait() self.close_notifications() self.navigate_to_record(user.PKEY) # cert request csr = generate_csr(user.PKEY, False) self.action_list_action('request_cert', confirm=False) self.wait(seconds=2) self.assert_dialog() self.fill_text("textarea[name='csr']", csr) self.dialog_button_click('issue') self.wait_for_request(n=2, d=3) self.assert_visible(cert_widget_sel) # cert view self.action_list_action('view', confirm=False, parents_css_sel=cert_widget_sel) self.assert_dialog() self.dialog_button_click('close') # cert get self.action_list_action('get', confirm=False, parents_css_sel=cert_widget_sel) self.assert_dialog() # check that the textarea is not empty self.assert_empty_value('textarea.certificate', negative=True) self.dialog_button_click('close') # cert download - we can only try to click the download action self.action_list_action('download', confirm=False, parents_css_sel=cert_widget_sel) # check that revoke action is enabled self.assert_action_list_action('revoke', parents_css_sel=cert_widget_sel, facet_actions=False) # check that remove_hold action is not enabled self.assert_action_list_action('remove_hold', enabled=False, parents_css_sel=cert_widget_sel, facet_actions=False) # cert revoke self.action_list_action('revoke', confirm=False, parents_css_sel=cert_widget_sel) self.wait() self.select('select', '6') self.dialog_button_click('ok') self.wait_for_request(n=2, d=3) self.assert_visible(cert_widget_sel + " div.watermark") # check that revoke action is not enabled self.assert_action_list_action('revoke', enabled=False, parents_css_sel=cert_widget_sel, facet_actions=False) # check that remove_hold action is enabled self.assert_action_list_action('remove_hold', parents_css_sel=cert_widget_sel, facet_actions=False) # cert remove hold self.action_list_action('remove_hold', confirm=False, parents_css_sel=cert_widget_sel) self.wait() self.dialog_button_click('ok') self.wait_for_request(n=2) # check that revoke action is enabled self.assert_action_list_action('revoke', parents_css_sel=cert_widget_sel, facet_actions=False) # check that remove_hold action is not enabled self.assert_action_list_action('remove_hold', enabled=False, parents_css_sel=cert_widget_sel, facet_actions=False) # cleanup self.navigate_to_entity(user.ENTITY, 'search') self.delete_record(user.PKEY, user.DATA.get('del')) @screenshot def test_certificate_serial(self): """Test long certificate serial no Long certificate serial no were shown in scientific notation at user details page. This test checks that it is no longer shown in scientific notation related:https://pagure.io/freeipa/issue/8754 """ if not self.has_ca(): self.skip('CA is not configured') self.init_app() self.add_record(user.ENTITY, user.DATA2) self.wait() self.close_notifications() self.navigate_to_record(user.PKEY2) self.add_cert_to_record(user.USER_CERT, user.PKEY2, save=False) # check if the cert serial is 264374074076456325397645183544606453821 self.assert_text( 'div[name="cert-serial-num"]', '264374074076456325397645183544606453821' ) # cleanup self.navigate_to_entity(user.ENTITY, 'search') self.delete_record(user.PKEY2, user.DATA2.get('del')) @screenshot def test_password_expiration_notification(self): """ Test password expiration notification """ pwd = self.config.get('ipa_password') self.init_app() self.set_ipapwdexpadvnotify('15') # create user and group and add user to that group self.add_record(user.ENTITY, user.DATA) self.add_record(group.ENTITY, group.DATA) self.navigate_to_entity(group.ENTITY) self.navigate_to_record(group.PKEY) self.add_associations([user.PKEY]) # password policy for group self.add_record('pwpolicy', { 'pkey': group.PKEY, 'add': [ ('combobox', 'cn', group.PKEY), ('textbox', 'cospriority', '12345'), ]}) self.navigate_to_record(group.PKEY) self.mod_record('pwpolicy', { 'pkey': group.PKEY, 'mod': [ ('textbox', 'krbmaxpwdlife', '7'), ('textbox', 'krbminpwdlife', '0'), ]}) # reset password self.navigate_to_record(user.PKEY, entity=user.ENTITY) self.reset_password_action(pwd) # re-login as new user self.logout() self.init_app(user.PKEY, pwd) header = self.find('.navbar-pf', By.CSS_SELECTOR) self.assert_text( '.header-passwordexpires', 'Your password expires in 6 days.', header) # test password reset self.profile_menu_action('password_reset') self.fill_password_dialog(pwd, pwd) # cleanup self.logout() self.init_app() self.set_ipapwdexpadvnotify('4') self.delete(user.ENTITY, [user.DATA]) self.delete(group.ENTITY, [group.DATA]) def set_ipapwdexpadvnotify(self, days): """ Set ipa config "Password Expiration Notification (days)" field """ self.navigate_to_entity('config') self.mod_record('config', { 'mod': [ ('textbox', 'ipapwdexpadvnotify', days), ] }) def reset_password_action(self, password): """ Execute reset password action """ self.action_list_action('reset_password', False) self.fill_password_dialog(password) def fill_password_dialog(self, password, current=None): """ Fill password dialog """ self.assert_dialog() fields = [ ('password', 'password', password), ('password', 'password2', password), ] if current: fields.append(('password', 'current_password', current)) self.fill_fields(fields) self.dialog_button_click('confirm') self.wait_for_request(n=3) self.assert_no_error_dialog() @screenshot def test_grace_login_limit(self): """ Verify existence of grace login limit field and its value based on pwpolicy value Related: https://pagure.io/freeipa/issue/9211 """ self.init_app() self.add_record(group.ENTITY, [group.DATA]) # add record DATA8 already with passwordgracelimit self.add_record(pwpolicy.ENTITY, [pwpolicy.DATA8]) self.navigate_to_record(group.PKEY) # fill with values from DATA8, passwordgracelimit has value 42 self.fill_fields(pwpolicy.DATA8['mod']) try: # click save if needed self.button_click('save') except AssertionError: # autosave active pass # add record itest-user self.add_record(user.ENTITY, user.DATA) # add itest-user to itest-group self.navigate_to_entity(group.ENTITY) self.navigate_to_record(group.PKEY) self.add_associations([user.PKEY]) self.navigate_to_record(user.PKEY, entity=user.ENTITY) self.facet_button_click('refresh') self.wait(2) field = 'passwordgracelimit' # password grace limit is currently on the 10th place expected_value = pwpolicy.DATA8['mod'][9][2] current_value = self.get_field_value(field, element="input") try: assert current_value == expected_value finally: # cleanup self.delete(user.ENTITY, [user.DATA]) self.delete(group.ENTITY, [group.DATA]) self.delete(pwpolicy.ENTITY, [pwpolicy.DATA8]) @screenshot def test_login_without_username(self): """ Try to login with no username provided """ self.init_app(login='', password='xxx123') alert_e = self.find('.alert[data-name="username"]', By.CSS_SELECTOR) assert 'Username: Required field' in alert_e.text, 'Alert expected' assert self.login_screen_visible() @screenshot def test_disable_delete_admin(self): """ Test disabling/deleting admin is not allowed """ self.init_app() self.navigate_to_entity(user.ENTITY) # try to disable admin user self.select_record('admin') self.facet_button_click('disable') self.dialog_button_click('ok') self.assert_last_error_dialog(ERR_ADMIN_DEL, details=True) self.dialog_button_click('ok') self.assert_record('admin') # try to delete admin user. Later we are # confirming by keyboard to test also ticket 4097 self.select_record('admin') self.facet_button_click('remove') self.dialog_button_click('ok') self.assert_last_error_dialog(ERR_ADMIN_DEL, details=True) actions = ActionChains(self.driver) actions.send_keys(Keys.TAB) actions.send_keys(Keys.ENTER).perform() self.wait(0.5) self.assert_record('admin') @screenshot def test_add_user_special(self): """ Test various add user special cases """ self.init_app() # Test invalid characters (#@*?) in login self.navigate_to_entity(user.ENTITY) self.facet_button_click('add') self.fill_textbox('uid', 'itest-user#') self.assert_field_validation(ERR_INCLUDE) self.fill_textbox('uid', 'itest-user@') self.assert_field_validation(ERR_INCLUDE) self.fill_textbox('uid', 'itest-user*') self.assert_field_validation(ERR_INCLUDE) self.fill_textbox('uid', 'itest-user?') self.assert_field_validation(ERR_INCLUDE) self.dialog_button_click('cancel') # Add an user with special chars self.basic_crud(user.ENTITY, user.DATA_SPECIAL_CHARS) # Add an user with long login (should FAIL) self.add_record(user.ENTITY, user.DATA_LONG_LOGIN, negative=True) self.assert_last_error_dialog(expected_err=LONG_LOGIN) self.close_all_dialogs() # Test password mismatch self.add_record(user.ENTITY, user.DATA_PASSWD_MISMATCH, negative=True) pass_e = self.find('.widget[name="userpassword2"]', By.CSS_SELECTOR) self.assert_field_validation(ERR_MISMATCH, parent=pass_e) self.dialog_button_click('cancel') self.assert_record(user.DATA_PASSWD_MISMATCH.get('pkey'), negative=True) # test add and edit record self.add_record(user.ENTITY, user.DATA2, dialog_btn='add_and_edit') self.action_list_action('delete_active_user') # click add and cancel self.add_record(user.ENTITY, user.DATA, dialog_btn='cancel') # add leading space before password (should SUCCEED) self.navigate_to_entity(user.ENTITY) self.facet_button_click('add') self.fill_fields(user.DATA_PASSWD_LEAD_SPACE['add']) self.dialog_button_click('add') # add trailing space before password (should SUCCEED) self.navigate_to_entity(user.ENTITY) self.facet_button_click('add') self.fill_fields(user.DATA_PASSWD_TRAIL_SPACE['add']) self.dialog_button_click('add') # add user using enter self.add_record(user.ENTITY, user.DATA2, negative=True) actions = ActionChains(self.driver) actions.send_keys(Keys.ENTER).perform() self.wait() self.assert_notification(assert_text=USR_ADDED) self.assert_record(user.PKEY2) self.close_notifications() # delete user using enter self.select_record(user.PKEY2) self.facet_button_click('remove') actions.send_keys(Keys.ENTER).perform() self.wait(0.5) self.assert_notification(assert_text='1 item(s) deleted') self.assert_record(user.PKEY2, negative=True) @screenshot def test_add_delete_undo_reset_multivalue(self): """ Test add and delete multivalue with reset and undo """ self.init_app() first_mail = self.create_email_addr(user.DATA.get('pkey')) self.add_record(user.ENTITY, user.DATA) self.wait() self.close_notifications() self.navigate_to_record(user.DATA.get('pkey')) # add a new mail (without save) and reset self.add_multivalued('mail', 'temp@ipa.test') self.assert_undo_button('mail') self.facet_button_click('revert') self.assert_undo_button('mail', visible=False) # click at delete on the first mail and reset self.del_multivalued('mail', first_mail) self.assert_undo_button('mail') self.facet_button_click('revert') self.assert_undo_button('mail', visible=False) # edit the first mail and reset self.edit_multivalued('mail', first_mail, 'temp@ipa.test') self.assert_undo_button('mail') self.facet_button_click('revert') self.assert_undo_button('mail', visible=False) # add a new mail and undo self.add_multivalued('mail', 'temp@ipa.test') self.assert_undo_button('mail') self.undo_multivalued('mail', 'temp@ipa.test') self.assert_undo_button('mail', visible=False) # edit the first mail and undo self.edit_multivalued('mail', first_mail, 'temp@ipa.test') self.assert_undo_button('mail') self.undo_multivalued('mail', 'temp@ipa.test') self.assert_undo_button('mail', visible=False) # cleanup self.delete(user.ENTITY, [user.DATA]) @screenshot def test_user_misc(self): """ Test various miscellaneous test cases under one roof to save init time """ self.init_app() # add already existing user (should fail) / also test ticket 4098 self.add_record(user.ENTITY, user.DATA) self.add_record(user.ENTITY, user.DATA, negative=True, pre_delete=False) self.assert_last_error_dialog(USR_EXIST.format(user.PKEY)) actions = ActionChains(self.driver) actions.send_keys(Keys.TAB) actions.send_keys(Keys.ENTER).perform() self.wait(0.5) self.dialog_button_click('cancel') # add user without login name self.add_record(user.ENTITY, user.DATA_NO_LOGIN) self.assert_record('nsurname10') # try to add same user without login name again (should fail) self.add_record(user.ENTITY, user.DATA_NO_LOGIN, negative=True, pre_delete=False) self.assert_last_error_dialog(USR_EXIST.format('nsurname10')) self.close_all_dialogs() # try to modify user`s UID to -1 (should fail) self.navigate_to_record(user.PKEY) self.mod_record( user.ENTITY, {'mod': [('textbox', 'uidnumber', '-1')]}, negative=True) uid_e = self.find('.widget[name="uidnumber"]', By.CSS_SELECTOR) self.assert_field_validation('Minimum value is 1', parent=uid_e) self.facet_button_click('revert') # edit user`s "First name" to value with leading space (should fail) self.fill_input('givenname', ' leading_space') self.facet_button_click('save') self.assert_last_error_dialog(INV_FIRSTNAME) self.dialog_button_click('cancel') # edit user`s "First name" to value with trailing space (should fail) self.fill_input('givenname', 'trailing_space ') self.facet_button_click('save') self.assert_last_error_dialog(INV_FIRSTNAME) self.dialog_button_click('cancel') # try with blank "First name" (should fail) gn_input_s = "input[type='text'][name='givenname']" gn_input_el = self.find(gn_input_s, By.CSS_SELECTOR, strict=True) gn_input_el.clear() gn_input_el.send_keys(Keys.BACKSPACE) self.facet_button_click('save') gn_e = self.find('.widget[name="givenname"]', By.CSS_SELECTOR) self.assert_field_validation(FIELD_REQ, parent=gn_e) self.close_notifications() # search user / multiple users self.navigate_to_entity(user.ENTITY) self.wait(0.5) self.find_record('user', user.DATA) self.add_record(user.ENTITY, user.DATA2) self.find_record('user', user.DATA2) # search for both users (just 'itest-user' will do) self.find_record('user', user.DATA) self.assert_record(user.PKEY2) # cleanup self.delete_record([user.PKEY, user.PKEY2, user.PKEY_NO_LOGIN, 'nsurname10']) @screenshot def test_menu_click_minimized_window(self): """ Test if menu is clickable when there is notification in minimized browser window. related: https://pagure.io/freeipa/issue/8120 """ self.init_app() self.driver.set_window_size(570, 600) self.add_record(user.ENTITY, user.DATA2, negative=True) self.assert_notification(assert_text=USR_ADDED) menu_button = self.find('.navbar-toggle', By.CSS_SELECTOR) menu_button.click() self.assert_record(user.PKEY2) self.close_notifications() self.driver.maximize_window() # cleanup self.delete(user.ENTITY, [user.DATA2]) @screenshot def test_enabled_by_default(self): """ Test if valid user created in both ca and caless env is enabled by default. https://pagure.io/freeipa/issue/8203 """ self.init_app() # check if the user is enabled self.add_record(user.ENTITY, user.DATA, navigate=False) self.assert_record_value(expected="Enabled", pkeys=user.PKEY, column="nsaccountlock") self.navigate_to_record(user.PKEY) self.assert_action_list_action("disable", visible=True, enabled=True) self.assert_action_list_action("reset_password", visible=True, enabled=True) # add OTP authentication type and verify the change is persistent self.add_user_auth_type("otp", save=True) self.assert_user_auth_type("otp", enabled=True) @pytest.mark.tier1 class test_user_no_private_group(UI_driver): @screenshot def test_noprivate_nonposix(self): """ User without private group and without specified GID """ self.init_app() with pytest.raises(AssertionError) as e: self.add_record(user.ENTITY, user.DATA3) assert (str(e.value) == 'Unexpected error: Default group for new ' 'users is not POSIX') @screenshot def test_noprivate_posix(self): """ User without private group and specified existing posix GID """ self.init_app() self.add_record(group.ENTITY, group.DATA6) self.add_record(user.ENTITY, user.DATA4) self.delete(user.ENTITY, [user.DATA4]) self.delete(group.ENTITY, [group.DATA6]) @screenshot def test_noprivate_gidnumber(self): """ User without private group and specified unused GID """ self.init_app() self.add_record(user.ENTITY, user.DATA4, combobox_input='gidnumber') self.delete(user.ENTITY, [user.DATA4]) @pytest.mark.tier1 class TestLifeCycles(UI_driver): @screenshot def test_life_cycles(self): """ Test user life-cycles """ self.init_app() # create "itest-user" and send him to preserved self.add_record(user.ENTITY, user.DATA) self.delete_record(user.PKEY, confirm_btn=None) self.check_option('preserve', value='true') self.dialog_button_click('ok') self.assert_notification(assert_text='1 item(s) deleted') # try to add the same user again (should fail) self.add_record(user.ENTITY, user.DATA, negative=True) self.assert_last_error_dialog(USR_EXIST.format(user.PKEY)) self.close_all_dialogs() self.wait() # restore "itest-user" user self.switch_to_facet('search_preserved') self.select_record(user.PKEY) self.button_click('undel') self.dialog_button_click('ok') self.assert_no_error_dialog() self.assert_notification(assert_text='1 user(s) restored') self.wait() # add already existing user "itest-user" to stage and try to activate # the latter (should fail) self.add_record('stageuser', user.DATA) self.select_record(user.PKEY) self.button_click('activate') self.dialog_button_click('ok') err_msg = ACTIVE_ERR.format(user.PKEY) self.assert_last_error_dialog(err_msg, details=True) self.dialog_button_click('ok') # delete "itest-user" staged user self.delete_record(user.PKEY) self.assert_record(user.PKEY, negative=True) # add "itest-user2" and send him to staged (through preserved) self.close_all_dialogs() self.add_record(user.ENTITY, user.DATA2) self.delete_record(user.PKEY2, confirm_btn=None) self.check_option('preserve', value='true') self.dialog_button_click('ok') self.switch_to_facet('search_preserved') self.select_record(user.PKEY2) self.button_click('batch_stage') self.dialog_button_click('ok') self.assert_no_error_dialog() self.wait(2) # fix assert after https://pagure.io/freeipa/issue/7477 is closed self.assert_notification(assert_text='1 users(s) staged') # add new "itest-user2" - one is already staged (should pass) self.add_record(user.ENTITY, user.DATA2) self.assert_record(user.PKEY2) # send active "itest-user2" to preserved self.delete_record(user.PKEY2, confirm_btn=None) self.check_option('preserve', value='true') self.dialog_button_click('ok') # try to activate staged "itest-user2" while one is already preserved # (should fail) self.navigate_to_entity('stageuser') self.select_record(user.PKEY2) self.button_click('activate') self.dialog_button_click('ok') self.assert_last_error_dialog(ENTRY_EXIST, details=True) self.dialog_button_click('ok') # delete preserved "itest-user2" and activate the staged one # (should pass) self.switch_to_facet('search_preserved') self.delete_record(user.PKEY2) self.navigate_to_entity('stageuser') self.select_record(user.PKEY2) self.button_click('activate') self.wait() self.dialog_button_click('ok') self.assert_notification(assert_text='1 user(s) activated') # send multiple records to preserved self.navigate_to_entity('stageuser') self.navigate_to_entity(user.ENTITY) self.delete_record([user.PKEY, user.PKEY2], confirm_btn=None) self.check_option('preserve', value='true') self.dialog_button_click('ok') self.assert_notification(assert_text='2 item(s) deleted') # restore multiple records self.switch_to_facet('search_preserved') self.select_multiple_records([user.DATA, user.DATA2]) self.button_click('undel') self.dialog_button_click('ok') self.assert_no_error_dialog() self.assert_notification(assert_text='2 user(s) restored') self.wait() # send multiple users to staged (through preserved) self.navigate_to_entity(user.ENTITY) self.delete_record([user.PKEY, user.PKEY2], confirm_btn=None) self.check_option('preserve', value='true') self.dialog_button_click('ok') self.switch_to_facet('search_preserved') self.select_multiple_records([user.DATA, user.DATA2]) self.button_click('batch_stage') self.dialog_button_click('ok') self.assert_no_error_dialog() self.wait(2) self.assert_notification(assert_text='2 users(s) staged') # activate multiple users from stage self.navigate_to_entity('stageuser') self.select_multiple_records([user.DATA, user.DATA2]) self.button_click('activate') self.dialog_button_click('ok') self.assert_notification(assert_text='2 user(s) activated') # try to disable record from user page self.navigate_to_entity(user.ENTITY) self.select_record(user.PKEY) self.facet_button_click('disable') self.dialog_button_click('ok') self.assert_record_value('Disabled', user.PKEY, 'nsaccountlock') # try to disable same record again (should fail) self.select_record(user.PKEY) self.facet_button_click('disable') self.dialog_button_click('ok') self.assert_last_error_dialog(DISABLED, details=True) self.dialog_button_click('ok') # enable the user again self.select_record(user.PKEY) self.facet_button_click('enable') self.dialog_button_click('ok') self.assert_record_value('Enabled', user.PKEY, 'nsaccountlock') # same for multiple users (disable, disable again, enable) self.select_multiple_records([user.DATA, user.DATA2]) self.facet_button_click('disable') self.dialog_button_click('ok') self.assert_record_value('Disabled', [user.PKEY, user.PKEY2], 'nsaccountlock') self.select_multiple_records([user.DATA, user.DATA2]) self.facet_button_click('disable') self.dialog_button_click('ok') self.assert_last_error_dialog(DISABLED, details=True) self.dialog_button_click('ok') self.select_multiple_records([user.DATA, user.DATA2]) self.facet_button_click('enable') self.dialog_button_click('ok') self.assert_record_value('Enabled', [user.PKEY, user.PKEY2], 'nsaccountlock') # cleanup and check for ticket 4245 (select all should not remain # checked after delete action). Two "ok" buttons at the end are needed # for delete confirmation and acknowledging that "admin" cannot be # deleted. self.navigate_to_entity(user.ENTITY) select_all_btn = self.find('input[title="Select All"]', By.CSS_SELECTOR) select_all_btn.click() self.facet_button_click('remove') self.dialog_button_click('ok') self.dialog_button_click('ok') self.assert_value_checked('admin', 'uid', negative=True) @pytest.mark.tier1 class TestSSHkeys(UI_driver): @screenshot def test_ssh_keys(self): self.init_app() # add and undo SSH key self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False, navigate=True) self.assert_num_ssh_keys(1) self.undo_ssh_keys() self.assert_num_ssh_keys(0) # add and undo 2 SSH keys (using undo all) ssh_keys = [user.SSH_RSA, user.SSH_DSA] self.add_sshkey_to_record(ssh_keys, 'admin', save=False) self.assert_num_ssh_keys(2) self.undo_ssh_keys(btn_name='undo_all') self.assert_num_ssh_keys(0) # add SSH key and refresh self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False) self.assert_num_ssh_keys(1) self.facet_button_click('refresh') self.assert_num_ssh_keys(0) # add SSH key and revert self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False) self.assert_num_ssh_keys(1) self.facet_button_click('revert') self.assert_num_ssh_keys(0) # add SSH key, move elsewhere and cancel. self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False) self.assert_num_ssh_keys(1) self.switch_to_facet('memberof_group') self.dialog_button_click('cancel') self.assert_num_ssh_keys(1) self.undo_ssh_keys() # add SSH key, move elsewhere and click reset button. self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False) self.assert_num_ssh_keys(1) self.switch_to_facet('memberof_group') self.wait_for_request() self.dialog_button_click('revert') self.wait() self.switch_to_facet('details') self.assert_num_ssh_keys(0) # add SSH key, move elsewhere and click save button. self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False) self.assert_num_ssh_keys(1) self.switch_to_facet('memberof_group') self.wait() self.dialog_button_click('save') self.wait_for_request(n=4) self.switch_to_facet('details') self.assert_num_ssh_keys(1) self.delete_record_sshkeys('admin') # add, save and delete RSA and DSA keys keys = [user.SSH_RSA, user.SSH_DSA] self.add_sshkey_to_record(keys, 'admin') self.assert_num_ssh_keys(2) self.delete_record_sshkeys('admin') self.assert_num_ssh_keys(0) # add RSA SSH keys with trailing space and "=" sign at the end keys = [user.SSH_RSA+" ", user.SSH_RSA2+"="] self.add_sshkey_to_record(keys, 'admin') self.assert_num_ssh_keys(2) self.delete_record_sshkeys('admin') self.assert_num_ssh_keys(0) # lets try to add empty SSH key (should fail) self.add_sshkey_to_record('', 'admin') self.assert_last_error_dialog(EMPTY_MOD) self.dialog_button_click('cancel') self.undo_ssh_keys() # try to add invalid SSH key self.add_sshkey_to_record('invalid_key', 'admin') self.assert_last_error_dialog(INVALID_SSH_KEY) self.dialog_button_click('cancel') self.undo_ssh_keys() # add duplicate SSH keys self.add_sshkey_to_record(user.SSH_RSA, 'admin') self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False) self.facet_button_click('save') self.assert_last_error_dialog(EMPTY_MOD) self.dialog_button_click('cancel') # test SSH key edit when user lacks write rights for related attribute # see ticket 3800 (we use DATA_SPECIAL_CHARS just for convenience) self.add_record(user.ENTITY, [user.DATA2, user.DATA_SPECIAL_CHARS]) self.add_sshkey_to_record(user.SSH_RSA, user.PKEY2, navigate=True) self.logout() self.init_app(user.PKEY_SPECIAL_CHARS, user.PASSWD_SCECIAL_CHARS) self.navigate_to_record(user.PKEY2, entity=user.ENTITY) show_ssh_key_btn = self.find('div.widget .btn[name="ipasshpubkey-0"]', By.CSS_SELECTOR) show_ssh_key_btn.click() ssh_key_e = self.find('textarea', By.CSS_SELECTOR, self.get_dialog()) assert ssh_key_e.get_attribute('readonly') == 'true' self.dialog_button_click('cancel') self.logout() self.init_app() # cleanup self.delete(user.ENTITY, [user.DATA2, user.DATA_SPECIAL_CHARS]) self.delete_record_sshkeys('admin', navigate=True)