freeipa/ipatests/test_webui/test_user.py
Florence Blanc-Renaud dda223668a webui test: Update message for admin disable
An admin can be disabled if he is not the last member of the
admins group. Update the expecrted error message.

Fixes: https://pagure.io/freeipa/issue/9574
Related: https://pagure.io/freeipa/issue/9489

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2024-04-12 15:59:04 +02:00

1157 lines
41 KiB
Python

# Authors:
# Petr Vobornik <pvoborni@redhat.com>
#
# Copyright (C) 2013 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
User tests
"""
from ipatests.test_webui.crypto_utils import generate_csr
from ipatests.test_webui.ui_driver import UI_driver
from ipatests.test_webui.ui_driver import screenshot
import ipatests.test_webui.data_user as user
import ipatests.test_webui.data_group as group
import ipatests.test_webui.data_netgroup as netgroup
import ipatests.test_webui.data_hbac as hbac
import ipatests.test_webui.data_pwpolicy as pwpolicy
import ipatests.test_webui.test_rbac as rbac
import ipatests.test_webui.data_sudo as sudo
import pytest
try:
from selenium.webdriver.common.by import By
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.action_chains import ActionChains
except ImportError:
pass
EMPTY_MOD = 'no modifications to be performed'
USR_EXIST = 'user with name "{}" already exists'
USR_ADDED = 'User successfully added'
INVALID_SSH_KEY = "invalid 'sshpubkey': invalid SSH public key"
INV_FIRSTNAME = ("invalid 'first': Leading and trailing spaces are "
"not allowed")
FIELD_REQ = 'Required field'
ERR_INCLUDE = 'may only include letters, numbers, _, -, . and $'
ERR_MISMATCH = 'Passwords must match'
ERR_ADMIN_DISABLE = ('admin cannot be deleted or disabled because '
'it is the last member of group admins')
ERR_ADMIN_DEL = ('user admin cannot be deleted/modified: privileged user')
USR_EXIST = 'user with name "{}" already exists'
ENTRY_EXIST = 'This entry already exists'
ACTIVE_ERR = 'active user with name "{}" already exists'
DISABLED = 'This entry is already disabled'
LONG_LOGIN = "invalid 'login': can be at most 32 characters"
@pytest.mark.tier1
class user_tasks(UI_driver):
def load_file(self, path):
with open(path, 'r') as file_d:
content = file_d.read()
return content
def create_email_addr(self, pkey):
"""
Piece an email address together from hostname due possible different
DNS setup
"""
domain = '.'.join(self.config.get('ipa_server').split('.')[1:])
return '{}@{}'.format(pkey, domain)
def add_default_email_for_validation(self, data):
"""
E-mail is generated automatically and we do not know domain yet in
data_user so in order to validate all mail fields we need to get it
there.
"""
mail = self.create_email_addr(user.DATA.get('pkey'))
for ele in data['mod_v']:
if 'mail' in ele:
ele[2].append(mail)
return data
def assert_user_auth_type(self, auth_type, enabled=True):
"""
Check if provided auth type is enabled or disabled for the user
:param auth_type: one of password, radius, otp, pkinit, hardened, idp
or passkey
:param enabled: check if enabled if True, check for disabled if False
"""
s_checkbox = 'div[name="ipauserauthtype"] input[value="{}"]'.format(
auth_type)
checkbox = self.find(s_checkbox, By.CSS_SELECTOR, strict=True)
assert checkbox.is_selected() == enabled
def add_user_auth_type(self, auth_type, save=False):
"""
Select user auth type
:param auth_type: one of password, radius, otp, pkinit, hardened, idp
or passkey
"""
s_checkbox = 'div[name="ipauserauthtype"] input[value="{}"]'.format(
auth_type)
checkbox = self.find(s_checkbox, By.CSS_SELECTOR, strict=True)
if not checkbox.is_selected():
checkbox.click()
if save:
self.facet_button_click('save')
@pytest.mark.tier1
class test_user(user_tasks):
@screenshot
def test_crud(self):
"""
Basic CRUD: user
"""
self.init_app()
data = self.add_default_email_for_validation(user.DATA)
self.basic_crud(user.ENTITY, data)
@screenshot
def test_associations(self):
"""
User direct associations
"""
self.init_app()
# prepare - add user, group, netgroup, role, hbac rule, sudo rule
# ---------------------------------------------------------------
self.add_record(user.ENTITY, user.DATA, navigate=False)
self.add_record(group.ENTITY, group.DATA)
self.add_record(netgroup.ENTITY, netgroup.DATA)
self.add_record(rbac.ROLE_ENTITY, rbac.ROLE_DATA)
self.add_record(hbac.RULE_ENTITY, hbac.RULE_DATA)
self.add_record(sudo.RULE_ENTITY, sudo.RULE_DATA)
# add & remove associations
# -------------------------
self.navigate_to_entity(user.ENTITY)
self.navigate_to_record(user.PKEY)
self.add_associations([group.PKEY, 'editors'],
facet='memberof_group', delete=True)
self.add_associations([netgroup.PKEY],
facet='memberof_netgroup', delete=True)
self.add_associations([rbac.ROLE_PKEY],
facet='memberof_role', delete=True)
self.add_associations([hbac.RULE_PKEY],
facet='memberof_hbacrule', delete=True)
self.add_associations([sudo.RULE_PKEY],
facet='memberof_sudorule', delete=True)
# cleanup
# -------
self.delete(user.ENTITY, [user.DATA])
self.delete(group.ENTITY, [group.DATA])
self.delete(netgroup.ENTITY, [netgroup.DATA])
self.delete(rbac.ROLE_ENTITY, [rbac.ROLE_DATA])
self.delete(hbac.RULE_ENTITY, [hbac.RULE_DATA])
self.delete(sudo.RULE_ENTITY, [sudo.RULE_DATA])
@screenshot
def test_indirect_associations(self):
"""
User indirect associations
"""
self.init_app()
# add
# ---
self.add_record(user.ENTITY, user.DATA, navigate=False)
self.add_record(group.ENTITY, group.DATA)
self.navigate_to_record(group.PKEY)
self.add_associations([user.PKEY])
self.add_record(group.ENTITY, group.DATA2)
self.navigate_to_record(group.PKEY2)
self.add_associations([group.PKEY], facet='member_group')
self.add_record(netgroup.ENTITY, netgroup.DATA)
self.navigate_to_record(netgroup.PKEY)
self.add_table_associations('memberuser_group', [group.PKEY2])
self.add_record(rbac.ROLE_ENTITY, rbac.ROLE_DATA)
self.navigate_to_record(rbac.ROLE_PKEY)
self.add_associations([group.PKEY2], facet='member_group')
self.add_record(hbac.RULE_ENTITY, hbac.RULE_DATA)
self.navigate_to_record(hbac.RULE_PKEY)
self.add_table_associations('memberuser_group', [group.PKEY2])
self.add_record(sudo.RULE_ENTITY, sudo.RULE_DATA)
self.navigate_to_record(sudo.RULE_PKEY)
self.add_table_associations('memberuser_group', [group.PKEY2])
# check indirect associations
# ---------------------------
self.navigate_to_entity(user.ENTITY, 'search')
self.navigate_to_record(user.PKEY)
self.assert_indirect_record(group.PKEY2, user.ENTITY, 'memberof_group')
self.assert_indirect_record(netgroup.PKEY,
user.ENTITY, 'memberof_netgroup')
self.assert_indirect_record(rbac.ROLE_PKEY,
user.ENTITY, 'memberof_role')
self.assert_indirect_record(hbac.RULE_PKEY,
user.ENTITY, 'memberof_hbacrule')
self.assert_indirect_record(sudo.RULE_PKEY,
user.ENTITY, 'memberof_sudorule')
# cleanup
# -------
self.delete(user.ENTITY, [user.DATA])
self.delete(group.ENTITY, [group.DATA, group.DATA2])
self.delete(netgroup.ENTITY, [netgroup.DATA])
self.delete(rbac.ROLE_ENTITY, [rbac.ROLE_DATA])
self.delete(hbac.RULE_ENTITY, [hbac.RULE_DATA])
self.delete(sudo.RULE_ENTITY, [sudo.RULE_DATA])
@screenshot
def test_actions(self):
"""
Test user actions
"""
self.init_app()
self.add_record(user.ENTITY, user.DATA, navigate=False)
self.navigate_to_record(user.PKEY)
self.disable_action()
self.enable_action()
# reset password
pwd = self.config.get('ipa_password')
self.reset_password_action(pwd)
self.assert_text_field('has_password', '******')
# unlock option should be disabled for new user
self.assert_action_list_action('unlock', enabled=False)
# delete
self.delete_action(user.ENTITY, user.PKEY, action='delete_active_user')
@screenshot
def test_certificates(self):
"""
Test user certificate actions
Requires to have CA installed.
"""
if not self.has_ca():
self.skip('CA is not configured')
self.init_app()
cert_widget_sel = "div.certificate-widget"
self.add_record(user.ENTITY, user.DATA)
self.wait()
self.close_notifications()
self.navigate_to_record(user.PKEY)
# cert request
csr = generate_csr(user.PKEY, False)
self.action_list_action('request_cert', confirm=False)
self.wait(seconds=2)
self.assert_dialog()
self.fill_text("textarea[name='csr']", csr)
self.dialog_button_click('issue')
self.wait_for_request(n=2, d=3)
self.assert_visible(cert_widget_sel)
# cert view
self.action_list_action('view', confirm=False,
parents_css_sel=cert_widget_sel)
self.assert_dialog()
self.dialog_button_click('close')
# cert get
self.action_list_action('get', confirm=False,
parents_css_sel=cert_widget_sel)
self.assert_dialog()
# check that the textarea is not empty
self.assert_empty_value('textarea.certificate', negative=True)
self.dialog_button_click('close')
# cert download - we can only try to click the download action
self.action_list_action('download', confirm=False,
parents_css_sel=cert_widget_sel)
# check that revoke action is enabled
self.assert_action_list_action('revoke',
parents_css_sel=cert_widget_sel,
facet_actions=False)
# check that remove_hold action is not enabled
self.assert_action_list_action('remove_hold', enabled=False,
parents_css_sel=cert_widget_sel,
facet_actions=False)
# cert revoke
self.action_list_action('revoke', confirm=False,
parents_css_sel=cert_widget_sel)
self.wait()
self.select('select', '6')
self.dialog_button_click('ok')
self.wait_for_request(n=2, d=3)
self.assert_visible(cert_widget_sel + " div.watermark")
# check that revoke action is not enabled
self.assert_action_list_action('revoke', enabled=False,
parents_css_sel=cert_widget_sel,
facet_actions=False)
# check that remove_hold action is enabled
self.assert_action_list_action('remove_hold',
parents_css_sel=cert_widget_sel,
facet_actions=False)
# cert remove hold
self.action_list_action('remove_hold', confirm=False,
parents_css_sel=cert_widget_sel)
self.wait()
self.dialog_button_click('ok')
self.wait_for_request(n=2)
# check that revoke action is enabled
self.assert_action_list_action('revoke',
parents_css_sel=cert_widget_sel,
facet_actions=False)
# check that remove_hold action is not enabled
self.assert_action_list_action('remove_hold', enabled=False,
parents_css_sel=cert_widget_sel,
facet_actions=False)
# cleanup
self.navigate_to_entity(user.ENTITY, 'search')
self.delete_record(user.PKEY, user.DATA.get('del'))
@screenshot
def test_certificate_serial(self):
"""Test long certificate serial no
Long certificate serial no were shown in scientific notation
at user details page. This test checks that it is no longer shown
in scientific notation
related:https://pagure.io/freeipa/issue/8754
"""
if not self.has_ca():
self.skip('CA is not configured')
self.init_app()
self.add_record(user.ENTITY, user.DATA2)
self.wait()
self.close_notifications()
self.navigate_to_record(user.PKEY2)
self.add_cert_to_record(user.USER_CERT, user.PKEY2, save=False)
# check if the cert serial is 264374074076456325397645183544606453821
self.assert_text(
'div[name="cert-serial-num"]',
'264374074076456325397645183544606453821'
)
# cleanup
self.navigate_to_entity(user.ENTITY, 'search')
self.delete_record(user.PKEY2, user.DATA2.get('del'))
@screenshot
def test_password_expiration_notification(self):
"""
Test password expiration notification
"""
pwd = self.config.get('ipa_password')
self.init_app()
self.set_ipapwdexpadvnotify('15')
# create user and group and add user to that group
self.add_record(user.ENTITY, user.DATA)
self.add_record(group.ENTITY, group.DATA)
self.navigate_to_entity(group.ENTITY)
self.navigate_to_record(group.PKEY)
self.add_associations([user.PKEY])
# password policy for group
self.add_record('pwpolicy', {
'pkey': group.PKEY,
'add': [
('combobox', 'cn', group.PKEY),
('textbox', 'cospriority', '12345'),
]})
self.navigate_to_record(group.PKEY)
self.mod_record('pwpolicy', {
'pkey': group.PKEY,
'mod': [
('textbox', 'krbmaxpwdlife', '7'),
('textbox', 'krbminpwdlife', '0'),
]})
# reset password
self.navigate_to_record(user.PKEY, entity=user.ENTITY)
self.reset_password_action(pwd)
# re-login as new user
self.logout()
self.init_app(user.PKEY, pwd)
header = self.find('.navbar-pf', By.CSS_SELECTOR)
self.assert_text(
'.header-passwordexpires',
'Your password expires in 6 days.',
header)
# test password reset
self.profile_menu_action('password_reset')
self.fill_password_dialog(pwd, pwd)
# cleanup
self.logout()
self.init_app()
self.set_ipapwdexpadvnotify('4')
self.delete(user.ENTITY, [user.DATA])
self.delete(group.ENTITY, [group.DATA])
def set_ipapwdexpadvnotify(self, days):
"""
Set ipa config "Password Expiration Notification (days)" field
"""
self.navigate_to_entity('config')
self.mod_record('config', {
'mod': [
('textbox', 'ipapwdexpadvnotify', days),
]
})
def reset_password_action(self, password):
"""
Execute reset password action
"""
self.action_list_action('reset_password', False)
self.fill_password_dialog(password)
def fill_password_dialog(self, password, current=None):
"""
Fill password dialog
"""
self.assert_dialog()
fields = [
('password', 'password', password),
('password', 'password2', password),
]
if current:
fields.append(('password', 'current_password', current))
self.fill_fields(fields)
self.dialog_button_click('confirm')
self.wait_for_request(n=3)
self.assert_no_error_dialog()
@screenshot
def test_grace_login_limit(self):
"""
Verify existence of grace login limit field and its
value based on pwpolicy value
Related: https://pagure.io/freeipa/issue/9211
"""
self.init_app()
self.add_record(group.ENTITY, [group.DATA])
# add record DATA8 already with passwordgracelimit
self.add_record(pwpolicy.ENTITY, [pwpolicy.DATA8])
self.navigate_to_record(group.PKEY)
# fill with values from DATA8, passwordgracelimit has value 42
self.fill_fields(pwpolicy.DATA8['mod'])
try:
# click save if needed
self.button_click('save')
except AssertionError:
# autosave active
pass
# add record itest-user
self.add_record(user.ENTITY, user.DATA)
# add itest-user to itest-group
self.navigate_to_entity(group.ENTITY)
self.navigate_to_record(group.PKEY)
self.add_associations([user.PKEY])
self.navigate_to_record(user.PKEY, entity=user.ENTITY)
self.facet_button_click('refresh')
self.wait(2)
field = 'passwordgracelimit'
# password grace limit is currently on the 10th place
expected_value = pwpolicy.DATA8['mod'][9][2]
current_value = self.get_field_value(field, element="input")
try:
assert current_value == expected_value
finally:
# cleanup
self.delete(user.ENTITY, [user.DATA])
self.delete(group.ENTITY, [group.DATA])
self.delete(pwpolicy.ENTITY, [pwpolicy.DATA8])
@screenshot
def test_login_without_username(self):
"""
Try to login with no username provided
"""
self.init_app(login='', password='xxx123')
alert_e = self.find('.alert[data-name="username"]',
By.CSS_SELECTOR)
assert 'Username: Required field' in alert_e.text, 'Alert expected'
assert self.login_screen_visible()
@screenshot
def test_disable_delete_admin(self):
"""
Test disabling/deleting admin is not allowed
"""
self.init_app()
self.navigate_to_entity(user.ENTITY)
# try to disable admin user
self.select_record('admin')
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_last_error_dialog(ERR_ADMIN_DISABLE, details=True)
self.dialog_button_click('ok')
self.assert_record('admin')
# try to delete admin user. Later we are
# confirming by keyboard to test also ticket 4097
self.select_record('admin')
self.facet_button_click('remove')
self.dialog_button_click('ok')
self.assert_last_error_dialog(ERR_ADMIN_DEL, details=True)
actions = ActionChains(self.driver)
actions.send_keys(Keys.TAB)
actions.send_keys(Keys.ENTER).perform()
self.wait(0.5)
self.assert_record('admin')
@screenshot
def test_add_user_special(self):
"""
Test various add user special cases
"""
self.init_app()
# Test invalid characters (#@*?) in login
self.navigate_to_entity(user.ENTITY)
self.facet_button_click('add')
self.fill_textbox('uid', 'itest-user#')
self.assert_field_validation(ERR_INCLUDE)
self.fill_textbox('uid', 'itest-user@')
self.assert_field_validation(ERR_INCLUDE)
self.fill_textbox('uid', 'itest-user*')
self.assert_field_validation(ERR_INCLUDE)
self.fill_textbox('uid', 'itest-user?')
self.assert_field_validation(ERR_INCLUDE)
self.dialog_button_click('cancel')
# Add an user with special chars
self.basic_crud(user.ENTITY, user.DATA_SPECIAL_CHARS)
# Add an user with long login (should FAIL)
self.add_record(user.ENTITY, user.DATA_LONG_LOGIN, negative=True)
self.assert_last_error_dialog(expected_err=LONG_LOGIN)
self.close_all_dialogs()
# Test password mismatch
self.add_record(user.ENTITY, user.DATA_PASSWD_MISMATCH, negative=True)
pass_e = self.find('.widget[name="userpassword2"]', By.CSS_SELECTOR)
self.assert_field_validation(ERR_MISMATCH, parent=pass_e)
self.dialog_button_click('cancel')
self.assert_record(user.DATA_PASSWD_MISMATCH.get('pkey'),
negative=True)
# test add and edit record
self.add_record(user.ENTITY, user.DATA2, dialog_btn='add_and_edit')
self.action_list_action('delete_active_user')
# click add and cancel
self.add_record(user.ENTITY, user.DATA, dialog_btn='cancel')
# add leading space before password (should SUCCEED)
self.navigate_to_entity(user.ENTITY)
self.facet_button_click('add')
self.fill_fields(user.DATA_PASSWD_LEAD_SPACE['add'])
self.dialog_button_click('add')
# add trailing space before password (should SUCCEED)
self.navigate_to_entity(user.ENTITY)
self.facet_button_click('add')
self.fill_fields(user.DATA_PASSWD_TRAIL_SPACE['add'])
self.dialog_button_click('add')
# add user using enter
self.add_record(user.ENTITY, user.DATA2, negative=True)
actions = ActionChains(self.driver)
actions.send_keys(Keys.ENTER).perform()
self.wait()
self.assert_notification(assert_text=USR_ADDED)
self.assert_record(user.PKEY2)
self.close_notifications()
# delete user using enter
self.select_record(user.PKEY2)
self.facet_button_click('remove')
actions.send_keys(Keys.ENTER).perform()
self.wait(0.5)
self.assert_notification(assert_text='1 item(s) deleted')
self.assert_record(user.PKEY2, negative=True)
@screenshot
def test_add_delete_undo_reset_multivalue(self):
"""
Test add and delete multivalue with reset and undo
"""
self.init_app()
first_mail = self.create_email_addr(user.DATA.get('pkey'))
self.add_record(user.ENTITY, user.DATA)
self.wait()
self.close_notifications()
self.navigate_to_record(user.DATA.get('pkey'))
# add a new mail (without save) and reset
self.add_multivalued('mail', 'temp@ipa.test')
self.assert_undo_button('mail')
self.facet_button_click('revert')
self.assert_undo_button('mail', visible=False)
# click at delete on the first mail and reset
self.del_multivalued('mail', first_mail)
self.assert_undo_button('mail')
self.facet_button_click('revert')
self.assert_undo_button('mail', visible=False)
# edit the first mail and reset
self.edit_multivalued('mail', first_mail, 'temp@ipa.test')
self.assert_undo_button('mail')
self.facet_button_click('revert')
self.assert_undo_button('mail', visible=False)
# add a new mail and undo
self.add_multivalued('mail', 'temp@ipa.test')
self.assert_undo_button('mail')
self.undo_multivalued('mail', 'temp@ipa.test')
self.assert_undo_button('mail', visible=False)
# edit the first mail and undo
self.edit_multivalued('mail', first_mail, 'temp@ipa.test')
self.assert_undo_button('mail')
self.undo_multivalued('mail', 'temp@ipa.test')
self.assert_undo_button('mail', visible=False)
# cleanup
self.delete(user.ENTITY, [user.DATA])
@screenshot
def test_user_misc(self):
"""
Test various miscellaneous test cases under one roof to save init time
"""
self.init_app()
# add already existing user (should fail) / also test ticket 4098
self.add_record(user.ENTITY, user.DATA)
self.add_record(user.ENTITY, user.DATA, negative=True,
pre_delete=False)
self.assert_last_error_dialog(USR_EXIST.format(user.PKEY))
actions = ActionChains(self.driver)
actions.send_keys(Keys.TAB)
actions.send_keys(Keys.ENTER).perform()
self.wait(0.5)
self.dialog_button_click('cancel')
# add user without login name
self.add_record(user.ENTITY, user.DATA_NO_LOGIN)
self.assert_record('nsurname10')
# try to add same user without login name again (should fail)
self.add_record(user.ENTITY, user.DATA_NO_LOGIN, negative=True,
pre_delete=False)
self.assert_last_error_dialog(USR_EXIST.format('nsurname10'))
self.close_all_dialogs()
# try to modify user`s UID to -1 (should fail)
self.navigate_to_record(user.PKEY)
self.mod_record(
user.ENTITY, {'mod': [('textbox', 'uidnumber', '-1')]},
negative=True)
uid_e = self.find('.widget[name="uidnumber"]', By.CSS_SELECTOR)
self.assert_field_validation('Minimum value is 1', parent=uid_e)
self.facet_button_click('revert')
# edit user`s "First name" to value with leading space (should fail)
self.fill_input('givenname', ' leading_space')
self.facet_button_click('save')
self.assert_last_error_dialog(INV_FIRSTNAME)
self.dialog_button_click('cancel')
# edit user`s "First name" to value with trailing space (should fail)
self.fill_input('givenname', 'trailing_space ')
self.facet_button_click('save')
self.assert_last_error_dialog(INV_FIRSTNAME)
self.dialog_button_click('cancel')
# try with blank "First name" (should fail)
gn_input_s = "input[type='text'][name='givenname']"
gn_input_el = self.find(gn_input_s, By.CSS_SELECTOR, strict=True)
gn_input_el.clear()
gn_input_el.send_keys(Keys.BACKSPACE)
self.facet_button_click('save')
gn_e = self.find('.widget[name="givenname"]', By.CSS_SELECTOR)
self.assert_field_validation(FIELD_REQ, parent=gn_e)
self.close_notifications()
# search user / multiple users
self.navigate_to_entity(user.ENTITY)
self.wait(0.5)
self.find_record('user', user.DATA)
self.add_record(user.ENTITY, user.DATA2)
self.find_record('user', user.DATA2)
# search for both users (just 'itest-user' will do)
self.find_record('user', user.DATA)
self.assert_record(user.PKEY2)
# cleanup
self.delete_record([user.PKEY, user.PKEY2, user.PKEY_NO_LOGIN,
'nsurname10'])
@screenshot
def test_menu_click_minimized_window(self):
"""
Test if menu is clickable when there is notification
in minimized browser window.
related: https://pagure.io/freeipa/issue/8120
"""
self.init_app()
self.driver.set_window_size(570, 600)
self.add_record(user.ENTITY, user.DATA2, negative=True)
self.assert_notification(assert_text=USR_ADDED)
menu_button = self.find('.navbar-toggle', By.CSS_SELECTOR)
menu_button.click()
self.assert_record(user.PKEY2)
self.close_notifications()
self.driver.maximize_window()
# cleanup
self.delete(user.ENTITY, [user.DATA2])
@screenshot
def test_enabled_by_default(self):
"""
Test if valid user created in both ca and
caless env is enabled by default.
https://pagure.io/freeipa/issue/8203
"""
self.init_app()
# check if the user is enabled
self.add_record(user.ENTITY, user.DATA, navigate=False)
self.assert_record_value(expected="Enabled",
pkeys=user.PKEY,
column="nsaccountlock")
self.navigate_to_record(user.PKEY)
self.assert_action_list_action("disable", visible=True, enabled=True)
self.assert_action_list_action("reset_password",
visible=True, enabled=True)
# add OTP authentication type and verify the change is persistent
self.add_user_auth_type("otp", save=True)
self.assert_user_auth_type("otp", enabled=True)
@pytest.mark.tier1
class test_user_no_private_group(UI_driver):
@screenshot
def test_noprivate_nonposix(self):
"""
User without private group and without specified GID
"""
self.init_app()
with pytest.raises(AssertionError) as e:
self.add_record(user.ENTITY, user.DATA3)
assert (str(e.value) == 'Unexpected error: Default group for new '
'users is not POSIX')
@screenshot
def test_noprivate_posix(self):
"""
User without private group and specified existing posix GID
"""
self.init_app()
self.add_record(group.ENTITY, group.DATA6)
self.add_record(user.ENTITY, user.DATA4)
self.delete(user.ENTITY, [user.DATA4])
self.delete(group.ENTITY, [group.DATA6])
@screenshot
def test_noprivate_gidnumber(self):
"""
User without private group and specified unused GID
"""
self.init_app()
self.add_record(user.ENTITY, user.DATA4, combobox_input='gidnumber')
self.delete(user.ENTITY, [user.DATA4])
@pytest.mark.tier1
class TestLifeCycles(UI_driver):
@screenshot
def test_life_cycles(self):
"""
Test user life-cycles
"""
self.init_app()
# create "itest-user" and send him to preserved
self.add_record(user.ENTITY, user.DATA)
self.delete_record(user.PKEY, confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
self.assert_notification(assert_text='1 item(s) deleted')
# try to add the same user again (should fail)
self.add_record(user.ENTITY, user.DATA, negative=True)
self.assert_last_error_dialog(USR_EXIST.format(user.PKEY))
self.close_all_dialogs()
self.wait()
# restore "itest-user" user
self.switch_to_facet('search_preserved')
self.select_record(user.PKEY)
self.button_click('undel')
self.dialog_button_click('ok')
self.assert_no_error_dialog()
self.assert_notification(assert_text='1 user(s) restored')
self.wait()
# add already existing user "itest-user" to stage and try to activate
# the latter (should fail)
self.add_record('stageuser', user.DATA)
self.select_record(user.PKEY)
self.button_click('activate')
self.dialog_button_click('ok')
err_msg = ACTIVE_ERR.format(user.PKEY)
self.assert_last_error_dialog(err_msg, details=True)
self.dialog_button_click('ok')
# delete "itest-user" staged user
self.delete_record(user.PKEY)
self.assert_record(user.PKEY, negative=True)
# add "itest-user2" and send him to staged (through preserved)
self.close_all_dialogs()
self.add_record(user.ENTITY, user.DATA2)
self.delete_record(user.PKEY2, confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
self.switch_to_facet('search_preserved')
self.select_record(user.PKEY2)
self.button_click('batch_stage')
self.dialog_button_click('ok')
self.assert_no_error_dialog()
self.wait(2)
# fix assert after https://pagure.io/freeipa/issue/7477 is closed
self.assert_notification(assert_text='1 users(s) staged')
# add new "itest-user2" - one is already staged (should pass)
self.add_record(user.ENTITY, user.DATA2)
self.assert_record(user.PKEY2)
# send active "itest-user2" to preserved
self.delete_record(user.PKEY2, confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
# try to activate staged "itest-user2" while one is already preserved
# (should fail)
self.navigate_to_entity('stageuser')
self.select_record(user.PKEY2)
self.button_click('activate')
self.dialog_button_click('ok')
self.assert_last_error_dialog(ENTRY_EXIST, details=True)
self.dialog_button_click('ok')
# delete preserved "itest-user2" and activate the staged one
# (should pass)
self.switch_to_facet('search_preserved')
self.delete_record(user.PKEY2)
self.navigate_to_entity('stageuser')
self.select_record(user.PKEY2)
self.button_click('activate')
self.wait()
self.dialog_button_click('ok')
self.assert_notification(assert_text='1 user(s) activated')
# send multiple records to preserved
self.navigate_to_entity('stageuser')
self.navigate_to_entity(user.ENTITY)
self.delete_record([user.PKEY, user.PKEY2],
confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
self.assert_notification(assert_text='2 item(s) deleted')
# restore multiple records
self.switch_to_facet('search_preserved')
self.select_multiple_records([user.DATA, user.DATA2])
self.button_click('undel')
self.dialog_button_click('ok')
self.assert_no_error_dialog()
self.assert_notification(assert_text='2 user(s) restored')
self.wait()
# send multiple users to staged (through preserved)
self.navigate_to_entity(user.ENTITY)
self.delete_record([user.PKEY, user.PKEY2],
confirm_btn=None)
self.check_option('preserve', value='true')
self.dialog_button_click('ok')
self.switch_to_facet('search_preserved')
self.select_multiple_records([user.DATA, user.DATA2])
self.button_click('batch_stage')
self.dialog_button_click('ok')
self.assert_no_error_dialog()
self.wait(2)
self.assert_notification(assert_text='2 users(s) staged')
# activate multiple users from stage
self.navigate_to_entity('stageuser')
self.select_multiple_records([user.DATA, user.DATA2])
self.button_click('activate')
self.dialog_button_click('ok')
self.assert_notification(assert_text='2 user(s) activated')
# try to disable record from user page
self.navigate_to_entity(user.ENTITY)
self.select_record(user.PKEY)
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_record_value('Disabled', user.PKEY,
'nsaccountlock')
# try to disable same record again (should fail)
self.select_record(user.PKEY)
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_last_error_dialog(DISABLED, details=True)
self.dialog_button_click('ok')
# enable the user again
self.select_record(user.PKEY)
self.facet_button_click('enable')
self.dialog_button_click('ok')
self.assert_record_value('Enabled', user.PKEY,
'nsaccountlock')
# same for multiple users (disable, disable again, enable)
self.select_multiple_records([user.DATA, user.DATA2])
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_record_value('Disabled', [user.PKEY, user.PKEY2],
'nsaccountlock')
self.select_multiple_records([user.DATA, user.DATA2])
self.facet_button_click('disable')
self.dialog_button_click('ok')
self.assert_last_error_dialog(DISABLED, details=True)
self.dialog_button_click('ok')
self.select_multiple_records([user.DATA, user.DATA2])
self.facet_button_click('enable')
self.dialog_button_click('ok')
self.assert_record_value('Enabled', [user.PKEY, user.PKEY2],
'nsaccountlock')
# cleanup and check for ticket 4245 (select all should not remain
# checked after delete action). Two "ok" buttons at the end are needed
# for delete confirmation and acknowledging that "admin" cannot be
# deleted.
self.navigate_to_entity(user.ENTITY)
select_all_btn = self.find('input[title="Select All"]',
By.CSS_SELECTOR)
select_all_btn.click()
self.facet_button_click('remove')
self.dialog_button_click('ok')
self.dialog_button_click('ok')
self.assert_value_checked('admin', 'uid', negative=True)
@pytest.mark.tier1
class TestSSHkeys(UI_driver):
@screenshot
def test_ssh_keys(self):
self.init_app()
# add and undo SSH key
self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False,
navigate=True)
self.assert_num_ssh_keys(1)
self.undo_ssh_keys()
self.assert_num_ssh_keys(0)
# add and undo 2 SSH keys (using undo all)
ssh_keys = [user.SSH_RSA, user.SSH_DSA]
self.add_sshkey_to_record(ssh_keys, 'admin', save=False)
self.assert_num_ssh_keys(2)
self.undo_ssh_keys(btn_name='undo_all')
self.assert_num_ssh_keys(0)
# add SSH key and refresh
self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False)
self.assert_num_ssh_keys(1)
self.facet_button_click('refresh')
self.assert_num_ssh_keys(0)
# add SSH key and revert
self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False)
self.assert_num_ssh_keys(1)
self.facet_button_click('revert')
self.assert_num_ssh_keys(0)
# add SSH key, move elsewhere and cancel.
self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False)
self.assert_num_ssh_keys(1)
self.switch_to_facet('memberof_group')
self.dialog_button_click('cancel')
self.assert_num_ssh_keys(1)
self.undo_ssh_keys()
# add SSH key, move elsewhere and click reset button.
self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False)
self.assert_num_ssh_keys(1)
self.switch_to_facet('memberof_group')
self.wait_for_request()
self.dialog_button_click('revert')
self.wait()
self.switch_to_facet('details')
self.assert_num_ssh_keys(0)
# add SSH key, move elsewhere and click save button.
self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False)
self.assert_num_ssh_keys(1)
self.switch_to_facet('memberof_group')
self.wait()
self.dialog_button_click('save')
self.wait_for_request(n=4)
self.switch_to_facet('details')
self.assert_num_ssh_keys(1)
self.delete_record_sshkeys('admin')
# add, save and delete RSA and DSA keys
keys = [user.SSH_RSA, user.SSH_DSA]
self.add_sshkey_to_record(keys, 'admin')
self.assert_num_ssh_keys(2)
self.delete_record_sshkeys('admin')
self.assert_num_ssh_keys(0)
# add RSA SSH keys with trailing space and "=" sign at the end
keys = [user.SSH_RSA+" ", user.SSH_RSA2+"="]
self.add_sshkey_to_record(keys, 'admin')
self.assert_num_ssh_keys(2)
self.delete_record_sshkeys('admin')
self.assert_num_ssh_keys(0)
# lets try to add empty SSH key (should fail)
self.add_sshkey_to_record('', 'admin')
self.assert_last_error_dialog(EMPTY_MOD)
self.dialog_button_click('cancel')
self.undo_ssh_keys()
# try to add invalid SSH key
self.add_sshkey_to_record('invalid_key', 'admin')
self.assert_last_error_dialog(INVALID_SSH_KEY)
self.dialog_button_click('cancel')
self.undo_ssh_keys()
# add duplicate SSH keys
self.add_sshkey_to_record(user.SSH_RSA, 'admin')
self.add_sshkey_to_record(user.SSH_RSA, 'admin', save=False)
self.facet_button_click('save')
self.assert_last_error_dialog(EMPTY_MOD)
self.dialog_button_click('cancel')
# test SSH key edit when user lacks write rights for related attribute
# see ticket 3800 (we use DATA_SPECIAL_CHARS just for convenience)
self.add_record(user.ENTITY, [user.DATA2, user.DATA_SPECIAL_CHARS])
self.add_sshkey_to_record(user.SSH_RSA, user.PKEY2, navigate=True)
self.logout()
self.init_app(user.PKEY_SPECIAL_CHARS, user.PASSWD_SCECIAL_CHARS)
self.navigate_to_record(user.PKEY2, entity=user.ENTITY)
show_ssh_key_btn = self.find('div.widget .btn[name="ipasshpubkey-0"]',
By.CSS_SELECTOR)
show_ssh_key_btn.click()
ssh_key_e = self.find('textarea', By.CSS_SELECTOR, self.get_dialog())
assert ssh_key_e.get_attribute('readonly') == 'true'
self.dialog_button_click('cancel')
self.logout()
self.init_app()
# cleanup
self.delete(user.ENTITY, [user.DATA2, user.DATA_SPECIAL_CHARS])
self.delete_record_sshkeys('admin', navigate=True)