freeipa/ipatests/test_webui/test_user.py
Michal Reznik dc4f28de52 test_webui: add user life-cycles tests
Add user life-cycles test cases.

https://pagure.io/freeipa/issue/7463

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2018-04-09 09:06:48 +02:00

594 lines
20 KiB
Python

# Authors:
# Petr Vobornik <pvoborni@redhat.com>
#
# Copyright (C) 2013 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
User tests
"""
from ipatests.test_webui.ui_driver import UI_driver
from ipatests.test_webui.ui_driver import screenshot
import ipatests.test_webui.data_user as user
import ipatests.test_webui.data_group as group
import ipatests.test_webui.data_netgroup as netgroup
import ipatests.test_webui.data_hbac as hbac
import ipatests.test_webui.test_rbac as rbac
import ipatests.test_webui.data_sudo as sudo
import pytest
try:
from selenium.webdriver.common.by import By
except ImportError:
pass
USR_EXIST = 'user with name "{}" already exists'
ENTRY_EXIST = 'This entry already exists'
ACTIVE_ERR = 'active user with name "{}" already exists'
DISABLED = 'This entry is already disabled'
@pytest.mark.tier1
class user_tasks(UI_driver):
def load_file(self, path):
with open(path, 'r') as file_d:
content = file_d.read()
return content
@pytest.mark.tier1
class test_user(user_tasks):
@screenshot
def test_crud(self):
"""
Basic CRUD: user
"""
self.init_app()
self.basic_crud(user.ENTITY, user.DATA)
@screenshot
def test_associations(self):
"""
User direct associations
"""
self.init_app()
# prepare - add user, group, netgroup, role, hbac rule, sudo rule
# ---------------------------------------------------------------
self.add_record(user.ENTITY, user.DATA, navigate=False)
self.add_record(group.ENTITY, group.DATA)
self.add_record(netgroup.ENTITY, netgroup.DATA)
self.add_record(rbac.ROLE_ENTITY, rbac.ROLE_DATA)
self.add_record(hbac.RULE_ENTITY, hbac.RULE_DATA)
self.add_record(sudo.RULE_ENTITY, sudo.RULE_DATA)
# add & remove associations
# -------------------------
self.navigate_to_entity(user.ENTITY)
self.navigate_to_record(user.PKEY)
self.add_associations([group.PKEY, 'editors'], facet='memberof_group', delete=True)
self.add_associations([netgroup.PKEY], facet='memberof_netgroup', delete=True)
self.add_associations([rbac.ROLE_PKEY], facet='memberof_role', delete=True)
self.add_associations([hbac.RULE_PKEY], facet='memberof_hbacrule', delete=True)
self.add_associations([sudo.RULE_PKEY], facet='memberof_sudorule', delete=True)
# cleanup
# -------
self.delete(user.ENTITY, [user.DATA])
self.delete(group.ENTITY, [group.DATA])
self.delete(netgroup.ENTITY, [netgroup.DATA])
self.delete(rbac.ROLE_ENTITY, [rbac.ROLE_DATA])
self.delete(hbac.RULE_ENTITY, [hbac.RULE_DATA])
self.delete(sudo.RULE_ENTITY, [sudo.RULE_DATA])
@screenshot
def test_indirect_associations(self):
"""
User indirect associations
"""
self.init_app()
# add
# ---
self.add_record(user.ENTITY, user.DATA, navigate=False)
self.add_record(group.ENTITY, group.DATA)
self.navigate_to_record(group.PKEY)
self.add_associations([user.PKEY])
self.add_record(group.ENTITY, group.DATA2)
self.navigate_to_record(group.PKEY2)
self.add_associations([group.PKEY], facet='member_group')
self.add_record(netgroup.ENTITY, netgroup.DATA)
self.navigate_to_record(netgroup.PKEY)
self.add_table_associations('memberuser_group', [group.PKEY2])
self.add_record(rbac.ROLE_ENTITY, rbac.ROLE_DATA)
self.navigate_to_record(rbac.ROLE_PKEY)
self.add_associations([group.PKEY2], facet='member_group')
self.add_record(hbac.RULE_ENTITY, hbac.RULE_DATA)
self.navigate_to_record(hbac.RULE_PKEY)
self.add_table_associations('memberuser_group', [group.PKEY2])
self.add_record(sudo.RULE_ENTITY, sudo.RULE_DATA)
self.navigate_to_record(sudo.RULE_PKEY)
self.add_table_associations('memberuser_group', [group.PKEY2])
# check indirect associations
# ---------------------------
self.navigate_to_entity(user.ENTITY, 'search')
self.navigate_to_record(user.PKEY)
self.assert_indirect_record(group.PKEY2, user.ENTITY, 'memberof_group')
self.assert_indirect_record(netgroup.PKEY, user.ENTITY, 'memberof_netgroup')
self.assert_indirect_record(rbac.ROLE_PKEY, user.ENTITY, 'memberof_role')
self.assert_indirect_record(hbac.RULE_PKEY, user.ENTITY, 'memberof_hbacrule')
self.assert_indirect_record(sudo.RULE_PKEY, user.ENTITY, 'memberof_sudorule')
## cleanup
## -------
self.delete(user.ENTITY, [user.DATA])
self.delete(group.ENTITY, [group.DATA, group.DATA2])
self.delete(netgroup.ENTITY, [netgroup.DATA])
self.delete(rbac.ROLE_ENTITY, [rbac.ROLE_DATA])
self.delete(hbac.RULE_ENTITY, [hbac.RULE_DATA])
self.delete(sudo.RULE_ENTITY, [sudo.RULE_DATA])
@screenshot
def test_actions(self):
"""
Test user actions
"""
self.init_app()
self.add_record(user.ENTITY, user.DATA, navigate=False)
self.navigate_to_record(user.PKEY)
self.disable_action()
self.enable_action()
# reset password
pwd = self.config.get('ipa_password')
self.reset_password_action(pwd)
self.assert_text_field('has_password', '******')
self.action_list_action('unlock')
# delete
self.delete_action(user.ENTITY, user.PKEY, action='delete_active_user')
@screenshot
def test_certificates(self):
"""
Test user certificate actions
Requires to have CA installed and 'user_csr_path' configuration option
set.
"""
if not self.has_ca():
self.skip('CA is not configured')
csr_path = self.config.get('user_csr_path')
if not csr_path:
self.skip('CSR file is not configured')
self.init_app()
# ENHANCEMENT: generate csr dynamically
csr = self.load_file(csr_path)
cert_widget_sel = "div.certificate-widget"
self.add_record(user.ENTITY, user.DATA)
self.navigate_to_record(user.PKEY)
# cert request
self.action_list_action('request_cert', confirm=False)
self.assert_dialog()
self.fill_text("textarea[name='csr']", csr)
self.dialog_button_click('issue')
self.wait_for_request(n=2, d=3)
self.assert_visible(cert_widget_sel)
# cert view
self.action_list_action('view', confirm=False,
parents_css_sel=cert_widget_sel)
self.assert_dialog()
self.dialog_button_click('close')
# cert get
self.action_list_action('get', confirm=False,
parents_css_sel=cert_widget_sel)
self.assert_dialog()
# check that the textarea is not empty
self.assert_empty_value('textarea.certificate', negative=True)
self.dialog_button_click('close')
# cert download - we can only try to click the download action
self.action_list_action('download', confirm=False,
parents_css_sel=cert_widget_sel)
# check that revoke action is enabled
self.assert_action_list_action('revoke',
parents_css_sel=cert_widget_sel,
facet_actions=False)
# check that remove_hold action is not enabled
self.assert_action_list_action('remove_hold', enabled=False,
parents_css_sel=cert_widget_sel,
facet_actions=False)
# cert revoke
self.action_list_action('revoke', confirm=False,
parents_css_sel=cert_widget_sel)
self.wait()
self.select('select', '6')
self.dialog_button_click('ok')
self.wait_for_request(n=2, d=3)
self.assert_visible(cert_widget_sel + " div.watermark")
# check that revoke action is not enabled
self.assert_action_list_action('revoke', enabled=False,
parents_css_sel=cert_widget_sel,
facet_actions=False)
# check that remove_hold action is enabled
self.assert_action_list_action('remove_hold',
parents_css_sel=cert_widget_sel,
facet_actions=False)
# cert remove hold
self.action_list_action('remove_hold', confirm=False,
parents_css_sel=cert_widget_sel)
self.wait()
self.dialog_button_click('ok')
self.wait_for_request(n=2)
# check that revoke action is enabled
self.assert_action_list_action('revoke',
parents_css_sel=cert_widget_sel,
facet_actions=False)
# check that remove_hold action is not enabled
self.assert_action_list_action('remove_hold', enabled=False,
parents_css_sel=cert_widget_sel,
facet_actions=False)
# cleanup
self.navigate_to_entity(user.ENTITY, 'search')
self.delete_record(user.PKEY, user.DATA.get('del'))
@screenshot
def test_password_expiration_notification(self):
"""
Test password expiration notification
"""
pwd = self.config.get('ipa_password')
self.init_app()
self.set_ipapwdexpadvnotify('15')
# create user and group and add user to that group
self.add_record(user.ENTITY, user.DATA)
self.add_record(group.ENTITY, group.DATA)
self.navigate_to_entity(group.ENTITY)
self.navigate_to_record(group.PKEY)
self.add_associations([user.PKEY])
# password policy for group
self.add_record('pwpolicy', {
'pkey': group.PKEY,
'add': [
('combobox', 'cn', group.PKEY),
('textbox', 'cospriority', '12345'),
]})
self.navigate_to_record(group.PKEY)
self.mod_record('pwpolicy', {
'pkey': group.PKEY,
'mod': [
('textbox', 'krbmaxpwdlife', '7'),
('textbox', 'krbminpwdlife', '0'),
]})
# reset password
self.navigate_to_record(user.PKEY, entity=user.ENTITY)
self.reset_password_action(pwd)
#re-login as new user
self.logout()
self.init_app(user.PKEY, pwd)
header = self.find('.navbar-pf', By.CSS_SELECTOR)
self.assert_text(
'.header-passwordexpires',
'Your password expires in 6 days.',
header)
# test password reset
self.profile_menu_action('password_reset')
self.fill_password_dialog(pwd, pwd)
# cleanup
self.logout()
self.init_app()
self.set_ipapwdexpadvnotify('4')
self.delete(user.ENTITY, [user.DATA])
self.delete(group.ENTITY, [group.DATA])
def set_ipapwdexpadvnotify(self, days):
"""
Set ipa config "Password Expiration Notification (days)" field
"""
self.navigate_to_entity('config')
self.mod_record('config', {
'mod': [
('textbox', 'ipapwdexpadvnotify', days),
]
})
def reset_password_action(self, password):
"""
Execute reset password action
"""
self.action_list_action('reset_password', False)
self.fill_password_dialog(password)
def fill_password_dialog(self, password, current=None):
"""
Fill password dialog
"""
self.assert_dialog()
fields = [
('password', 'password', password),
('password', 'password2', password),
]
if current:
fields.append(('password', 'current_password', current))
self.fill_fields(fields)
self.dialog_button_click('confirm')
self.wait_for_request(n=3)
self.assert_no_error_dialog()
@pytest.mark.tier1
class test_user_no_private_group(UI_driver):
@screenshot
def test_noprivate_nonposix(self):
"""
User without private group and without specified GID
"""
self.init_app()
with pytest.raises(AssertionError) as e:
self.add_record(user.ENTITY, user.DATA3)
assert (str(e.value) == 'Unexpected error: Default group for new '
'users is not POSIX')
@screenshot
def test_noprivate_posix(self):
"""
User without private group and specified existing posix GID
"""
self.init_app()
self.add_record(group.ENTITY, group.DATA6)
self.add_record(user.ENTITY, user.DATA4)
self.delete(user.ENTITY, [user.DATA4])
self.delete(group.ENTITY, [group.DATA6])
@screenshot
def test_noprivate_gidnumber(self):
"""
User without private group and specified unused GID
"""
self.init_app()
self.add_record(user.ENTITY, user.DATA4, combobox_input='gidnumber')
self.delete(user.ENTITY, [user.DATA4])
@pytest.mark.tier1
class TestLifeCycles(UI_driver):
@screenshot
def test_life_cycles(self):
"""
Test user life-cycles
"""
self.init_app()
# create "itest-user" and send him to preserved
self.add_record(user.ENTITY, user.DATA)
self.delete_record(user.PKEY, confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
self.assert_notification(assert_text='1 item(s) deleted')
# try to add the same user again (should fail)
self.add_record(user.ENTITY, user.DATA, negative=True)
self.assert_last_error_dialog(USR_EXIST.format(user.PKEY))
self.close_all_dialogs()
self.wait()
# restore "itest-user" user
self.switch_to_facet('search_preserved')
self.select_record(user.PKEY)
self.button_click('undel')
self.dialog_button_click('ok')
self.assert_no_error_dialog()
self.assert_notification(assert_text='1 user(s) restored')
self.wait()
# add already existing user "itest-user" to stage and try to activate
# the latter (should fail)
self.add_record('stageuser', user.DATA)
self.select_record(user.PKEY)
self.button_click('activate')
self.dialog_button_click('ok')
err_msg = ACTIVE_ERR.format(user.PKEY)
self.assert_last_error_dialog(err_msg, details=True)
self.dialog_button_click('ok')
# delete "itest-user" staged user
self.delete_record(user.PKEY)
self.assert_record(user.PKEY, negative=True)
# add "itest-user2" and send him to staged (through preserved)
self.close_all_dialogs()
self.add_record(user.ENTITY, user.DATA2)
self.delete_record(user.PKEY2, confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
self.switch_to_facet('search_preserved')
self.select_record(user.PKEY2)
self.button_click('batch_stage')
self.dialog_button_click('ok')
self.assert_no_error_dialog()
self.wait(0.7)
# fix assert after https://pagure.io/freeipa/issue/7477 is closed
self.assert_notification(assert_text='1 users(s) staged')
# add new "itest-user2" - one is already staged (should pass)
self.add_record(user.ENTITY, user.DATA2)
self.assert_record(user.PKEY2)
# send active "itest-user2" to preserved
self.delete_record(user.PKEY2, confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
# try to activate staged "itest-user2" while one is already preserved
# (should fail)
self.navigate_to_entity('stageuser')
self.select_record(user.PKEY2)
self.button_click('activate')
self.dialog_button_click('ok')
self.assert_last_error_dialog(ENTRY_EXIST, details=True)
self.dialog_button_click('ok')
# delete preserved "itest-user2" and activate the staged one
# (should pass)
self.switch_to_facet('search_preserved')
self.delete_record(user.PKEY2)
self.navigate_to_entity('stageuser')
self.select_record(user.PKEY2)
self.button_click('activate')
self.wait()
self.dialog_button_click('ok')
self.assert_notification(assert_text='1 user(s) activated')
# send multiple records to preserved
self.navigate_to_entity('stageuser')
self.navigate_to_entity('user')
self.delete_record([user.PKEY, user.PKEY2],
confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
self.assert_notification(assert_text='2 item(s) deleted')
# restore multiple records
self.switch_to_facet('search_preserved')
self.select_multiple_records([user.DATA, user.DATA2])
self.button_click('undel')
self.dialog_button_click('ok')
self.assert_no_error_dialog()
self.assert_notification(assert_text='2 user(s) restored')
self.wait()
# send multiple users to staged (through preserved)
self.navigate_to_entity('user')
self.delete_record([user.PKEY, user.PKEY2],
confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
self.switch_to_facet('search_preserved')
self.select_multiple_records([user.DATA, user.DATA2])
self.button_click('batch_stage')
self.dialog_button_click('ok')
self.assert_no_error_dialog()
self.wait(0.7)
self.assert_notification(assert_text='2 users(s) staged')
# activate multiple users from stage
self.navigate_to_entity('stageuser')
self.select_multiple_records([user.DATA, user.DATA2])
self.button_click('activate')
self.dialog_button_click('ok')
self.assert_notification(assert_text='2 user(s) activated')
# try to disable record from user page
self.navigate_to_entity(user.ENTITY)
self.select_record(user.PKEY)
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_record_value('Disabled', user.PKEY,
'nsaccountlock')
# try to disable same record again (should fail)
self.select_record(user.PKEY)
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_last_error_dialog(DISABLED, details=True)
self.dialog_button_click('ok')
# enable the user again
self.select_record(user.PKEY)
self.facet_button_click('enable')
self.dialog_button_click('ok')
self.assert_record_value('Enabled', user.PKEY,
'nsaccountlock')
# same for multiple users (disable, disable again, enable)
self.select_multiple_records([user.DATA, user.DATA2])
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_record_value('Disabled', [user.PKEY, user.PKEY2],
'nsaccountlock')
self.select_multiple_records([user.DATA, user.DATA2])
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_last_error_dialog(DISABLED, details=True)
self.dialog_button_click('ok')
self.select_multiple_records([user.DATA, user.DATA2])
self.facet_button_click('enable')
self.dialog_button_click('ok')
self.assert_record_value('Enabled', [user.PKEY, user.PKEY2],
'nsaccountlock')
# cleanup
self.navigate_to_entity('user')
self.delete_record([user.PKEY, user.PKEY2])